Microsoft 365 MS-100 Exam Dumps and Certification Test Engine [Q72-Q91]

(PDF) Microsoft 365 MS-100 Exam and Certification Test Engine

Use MS-100 Exam Dumps (2021 PDF Dumps) To Have Reliable MS-100 Test Engine

Microsoft MS-100: Exam Details

The Microsoft MS-100 exam will measure the skills of the applicants in designing and implementing Microsoft 365 services; planning the Office 365 applications and workloads; managing authentication & access; managing the identity of users as well as their roles. After passing this test, the students have to pass Microsoft MS-101 to complete the requirements for obtaining the expert-level certification. The MS-100 exam can be taken in English and Japanese, and the fee for registering for this test is $165. To schedule the date and time for the exam, the individuals have to visit the official website. As for the structure of this test, the exam questions may come in different formats, including case studies, multiple choice, single answer, short answer, active screen, and build list. It may contain around 40-60 questions that should be answered within 120 minutes.

Exam MS-100: Microsoft 365 Identity and Services

Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, Power Platform, and supporting technologies.

Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least one Microsoft 365 workload (Exchange, SharePoint, Teams), and Windows as a Service. Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.

Part of the requirements for: Microsoft 365 Certified: Enterprise Administrator Expert

Download exam skills outline

 

NEW QUESTION 72
You create a Microsoft 365 Enterprise subscription.
You assign licenses for all products to all users.
You need to ensure that all Microsoft Office 365 ProPlus installations occur from a network share. The solution must prevent the users from installing Office 365 ProPlus from the Internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Create an XML download file.
• B. From your computer, run setup.exe /download downloadconfig.xml.
• C. From each client computer, run setup.exe /configure installconfig.xml.
• D. From the Microsoft 365 admin center, configure the Software download settings.
• E. From the Microsoft 365 admin center, deactivate the Office 365 licenses for all the users.

Answer: A,C,D

Explanation:
Explanation
You can use the Office Deployment Tool (ODT) to download the installation files for Office 365 ProPlus from a local source on your network instead of from the Office Content Delivery Network (CDN).
The first step is to create the configuration file. You can download an XML template file and modify that.
The next step to install Office 365 ProPlus is to run the ODT executable in configure mode with a reference to the configuration file you just saved. In the following example, the configuration file is named installconfig.xml. setup.exe /configure installconfig.xml After running the command, you should see the Office installation start.
To prevent the users from installing Office 365 ProPlus from the Internet, you need to configure the Software download settings (disallow downloads) in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/deployoffice/overview-of-the-office-2016-deployment-tool#download-the-insta

 

NEW QUESTION 73
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
* Users passwords must be 10 characters or more.
Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
This solution does not meet the following requirement:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
This is because with pass-through authentication, the authentication is performed by the on-premise Active Directory.
This solution does not meet the following requirement:
* Users passwords must be 10 characters or more.
To meet this requirement, you would need to configure the Default Domain Policy in the on-premise Active Directory.
Azure Password Protection can prevent users from using passwords from a 'banned password' list but it cannot be configured to require that passwords must be 10 characters or more.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

 

NEW QUESTION 74
Your network contains an Active Directory domain named contoso.com. The domain contains 1000 Windows
8.1 devices.
You plan to deploy a custom Windows 10 Enterprise image to the Windows 8.1 devices.
You need to recommend a Windows 10 deployment method.
What should you recommend?

• A. Windows Autopilot
• B. Wipe and load refresh
• C. a provisioning package
• D. an in-place upgrade

Answer: B

Explanation:
Section: [none]
Explanation:
To deploy a custom image, you must use the wipe and load refresh method. You cannot deploy a custom image by using an in-place upgrade, Windows Autopilot or a provisioning package.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios

 

NEW QUESTION 75
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Device Management admin center, you a trusted location and compliance policy.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Explanation
Explanation:
You need to configure a conditional access policy, not a compliance policy.
Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.
Reference:
https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online- and-OneDrive-for/ba-p/46678

 

NEW QUESTION 76
You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. On an server, install Azure AD Connect Health for AD FS.
• B. On a domain controller install Azure AD Connect Health for AD DS.
• C. From all the AD FS servers, run audltpol.exe.
• D. From the Azure AO Connect server, run the Register-AzureADCConnectHealthSyncAgent cmdlet.
• E. From all the domain controllers, run the set-AdminAuditLogConfig cmdlet and specify the -LogiLevel parameter.

Answer: A,D

Explanation:
To audit AD FS user authentication, you need to install Azure AD Connect Health for AD FS. The agent should be installed on an AD FS server. After the installation, you need to register the agent by running the Register-AzureADConnectHealthSyncAgent cmdlet.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs

 

NEW QUESTION 77
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created before adding a domain name for the project.
Which DNS record should you recommend?

• A. host (AAAA)
• B. text (TXT)
• C. pointer (PTR)
• D. alias (CNAME)

Answer: B

Explanation:
When you add a custom domain to Office 365, you need to verify that you own the domain. You can do this by adding either an MX record or a TXT record to the DNS for that domain.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Text (TXT)
2. Mail exchanger (MX)
Other incorrect answer options you may see on the exam include the following:
1. Host Information (HINFO)
2. Host (A)
3. Name Server (NS)
Reference:
https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns- hosting-provider?view=o365-worldwide Manage User Identity and Roles Question Set 1

 

NEW QUESTION 78
You have a Microsoft 365 subscription.
A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department.
You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible.
How frequently can you share the reports?

• A. hourly
• B. weekly
• C. daily
• D. monthly

Answer: B

Explanation:
From the Dashboard in the Security and Compliance center, you can view various reports including the DLP Incidents report. From there you can configure a schedule to email the reports. In the schedule configuration, there are two choices for the frequency: Weekly or Monthly. Therefore, to ensure that the reports are sent as frequently as possible, you need to select Weekly.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-a-schedule-for-a-report

 

NEW QUESTION 79
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: [email protected]
Microsoft 365 Password: m3t^We$Z7&xy
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11440873

You need to prevent all the users in your organization from sending an out of office reply to external users.
To answer, sign in to the Microsoft 365 portal.

Answer:

Explanation:
See explanation below.
Explanation
You need to modify the default remote domain. When you add a remote domain, you specify the domain name and the settings apply to that domain. The default remote domain applies to all other domains. Therefore, we need to disable Out of Office replies for external users in the settings of the default remote domain.
1. Go to the Exchange Admin Center.
2. Click Mail Flow in the left navigation pane.
3. Click on Remote Domains.
4. Select the default remote domain and click the Edit icon (pencil icon).
5. In the 'Out of Office automatic reply types' section, select 'None'.
6. Click Save to save to changes to the default remote domain.

 

NEW QUESTION 80
Your network contains an Active Directory forest named contoso.local.
You purchase a Microsoft 365 subscription.
You plan to move to Microsoft and to implement a hybrid deployment solution for the next 12 months.
You need to prepare for the planned move to Microsoft 365.
What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.

• A. Purchase a third-party X.509 certificate.
• B. Purchase a custom domain name.
• C. Create an external forest trust.
• D. Rename the Active Directory forest.

Answer: B

 

NEW QUESTION 81
You have three devices enrolled in Microsoft Intune as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Device 1:
No because Device1 is in group3 which has Policy1 assigned which requires BitLocker.
Device 2:
No because Device2 is in group3 which has Policy1 assigned which requires BitLocker. Device2 is also in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Device3:
Yes because Device3 is in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Reference:
https://blogs.technet.microsoft.com/cbernier/2017/07/11/windows-10-intune-windows-bitlocker-management-ye

 

NEW QUESTION 82
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
Your company has a web application named App1.
The company plans to publish App1 by using a URL of https://app1.contoso.com.
You need to register App1 to your Microsoft Office 365 tenant.

Answer:

Explanation:
See explanation below.
Explanation
You need to register App1 in Azure Active Directory.
1. Go to the Azure Active Directory admin center.
2. Select Azure Active Directory.
3. Select 'App registrations'.
4. Click the 'New registration' link.
5. Enter the name App1.
6. Click the Register button.
7. To add the URL to App1, select App1 in the list of registered apps.
8. In the properties page of App1, select Branding.
9. Enter the URL https://app1.contoso.com in the 'Home page URL' box.
10. Click Save to save the changes.
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

 

NEW QUESTION 83
You need to meet the application requirement for the Office 365 ProPlus applications.
You create a XML file that contains the following settings.

Use the drop-down menus to select the choice that complete each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 84
Your company uses Gmail as a corporate email solution.
You purchase a Microsoft 365 subscription and plan to move all email data to Microsoft Exchange Online.
You plan to perform the migration by using the Exchange admin center.
You need to recommend which type of migration to use and which type of data to migrate.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailbo

 

NEW QUESTION 85
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?

• A. Global administrator
• B. Owner
• C. Compliance administrator
• D. Security administrator

Answer: D

Explanation:
Section: [none]
Explanation:
Either one of the following three roles can review the list in Azure AD Identity Protection of users flagged for risk:
* Security Administrator
* Global Administrator
* Security Reader
Using the principle of least privilege, we should add User1 to the Security Administrator role.
Note:
There are several versions of this question in the exam. The question has three possible correct answers:
1. Security Reader
2. Security Administrator
Global Administrator
Other incorrect answer options you may see on the exam include the following:
1. Service Administrator.
2. Reports Reader
3. User Administrator
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins

 

NEW QUESTION 86
Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to identify which user accounts failed to sync. You must resolve the issue as quickly as possible.
What should you do?

• A. Run idfix.exe, and then click Complete.
• B. Run idfix.exe, and then click Edit.
• C. From Windows PowerShell, run the Start-AdSyncCycle -PolicyType Deltacommand.
• D. From Active Directory Administrative Center, search for all the users, and then modify the properties of
  the user accounts.

Answer: B

 

NEW QUESTION 87
Your company has a Microsoft 365 subscription.
Your plan to add 100 newly hired temporary users to the subscription next week.
You create the user accounts for the new users.
You need to assign licenses to the new users.
Which command should you run?
A:

B:

C:

D:

• A. Option B
• B. Option D
• C. Option C
• D. Option A

Answer: A

 

NEW QUESTION 88
You have a Microsoft 365 subscription.
You recently configured a Microsoft SharePoint Online tenant in the subscription.
You plan to create an alert policy.
You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.
What should you do first?

• A. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).
• B. Enable Microsoft Office 365 Analytics.
• C. Enable Microsoft Office 365 Cloud App Security.

Answer: A

Explanation:
Explanation:

 

NEW QUESTION 89
You have a Microsoft 365 tenant.
You have a line-of-business application named App1 that users access by using the My Apps portal.
After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.
You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.
What should you do?

• A. From Microsoft Cloud App Security, create an app discovery policy.
• B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
• C. From Microsoft Cloud App Security, modify the impossible travel alert policy.
• D. From the Azure Active Directory admin center, modify the conditional access policy.

Answer: B

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-anomaly-detection-policy

 

NEW QUESTION 90
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: [email protected]
Microsoft 365 Password: m3t^We$Z7&xy
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11440873

Your organization plans to start a new collaborative project that will contain email and chat communications, as well as regular meetings.
You need to create a team in Microsoft Teams for the planned project. The team must have the following configurations:
* Be named Project1.
* Have an owner named Lee Gu.
* Have a channel named Channel1.
To answer, sign in to the Microsoft 365 portal.

Answer:

Explanation:
See explanation below.
Explanation
You need to create a team. You can create a team in the Microsoft Teams Admin Center or in the Microsoft Teams app. However, to be able to specify the team owner when creating the team, you need to use the Teams Admin Center.
1. Go to the Microsoft Teams Admin Center.
2. In the left navigation pane, expand the Teams section and select 'Manage Teams'.
3. Click the '+ Add' link to add a new team.
4. Give the team the name Project1.
5. In the Team Owner field, remove your name which is there by default and add Lee Gu.
6. Click the 'Create a team' button to create the team.
7. In the teams list, select the Project1 team.
8. Click on 'Channels'.
9. Click the '+ Add' link to add a new channel.
10. Give the channel the name Channel1.
11. Click the Apply button to create the channel.

 

NEW QUESTION 91
......

Skills Outline (Exam Topics)

To increase your chances of passing Microsoft MS-100 at the first attempt, you need to have a good comprehension of the exam topics, which are the following:

• Managing User Identity Roles

  Here the examinees should know how to develop an identity approach (in particular, assess synchronization requirements; evaluate identity management requirements; assess authentication requirements); plan identity synchronization using Azure AD Connect (in particular, develop directory synchronization; execute directory synchronization using Azure endpoints, federation services directory services); handle identity synchronization with the help of Azure AD (in particular, check Azure AD Connect Health; handle manage Azure AD Connect synchronization; customize object filters; customize password sync; execute multi-forest AD Connect scenarios).

  Additionally, the candidates need to possess skills in handling Azure AD identities (including planning Azure AD identities; executing self-service password reboot for Azure AD; handling access reviews; handling product licenses, groups, users, passwords) as well as handling user roles (including planning user roles; allocating roles in workloads; customizing administrative accounts; customizing RBAC in Azure AD; assign admin rights; handle manage admin roles; plan compliance and security roles for Microsoft 365).

• Managing Authentication and Access

  This entails one’s skills in managing authentication (in particular, developing an authentication approach; customizing authentication; applying an authentication approach; handling and monitoring authentication); applying Multi-Factor Authentication (in particular, developing an MFA solution; customizing MFA for users and apps; administering MFA and reporting MFA utilization); customizing application access (in particular, customizing application registration within Azure AD; customizing Azure AD application proxy; uploading apps of enterprise in Azure AD); executing access for Microsoft 365 workloads outside users; developing guest accounts; developing solutions for outside access; handling the outside collaboration settings).

• Designing and Implementing Microsoft 365 Services

  Within this objective, the test takers need to demonstrate that they have the competency in managing domains (this includes adding and customizing extra domains; customizing user identities for a new domain name; developing configuration for a domain name; setting a major domain name; verifying a custom domain); planning Microsoft 365 implementation (this includes planning for Microsoft 365 on-premises infrastructure as well as planning identity authentication and solution); planning migration of data and users (this includes determining what data is to be migrated; defining mailboxes and users that are to be migrated; planning migration of on-prem groups and users; importing PST Files).

  In addition, the applicants should be proficient in setting up Microsoft 365 subscription and tenancy (customizing tenant and subscription roles as well as workload settings; assessing Microsoft 365 for an enterprise; planning and developing tenant; updating current subscriptions to Microsoft 365; monitoring license allocations) and handling Microsoft 365 tenant and subscription health (handling service health alerts; developing and handling service requests; developing inbound service health response plan; customizing and reviewing reports, such as OMS, BI, Microsoft 365 reporting; scheduling and assessing compliance and security reports; scheduling and assessing utilization metrics).

• Planning Office 365 Workloads and Applications

  This topic requires the students’ skills in planning for Office 365 workload deployment (including defining hybrid requirements; planning data flow and interconnection for each workload; planning for Microsoft 365 workload interconnection; plan migration approach for workloads; preparing workloads for upcoming migrations and deployments) as well as planning Microsoft 365 Apps deployment (including planning for Office for the web; planning for Microsoft 365 Apps for an enterprise; handling Office software downloads; planning Microsoft 365 Apps for enterprise deployment, etc.).

 

MS-100 Dumps Full Questions with Free PDF Questions to Pass: https://www.itexamreview.com/MS-100-exam-dumps.html

MS-100 PDF Recently Updated Questions Dumps to Improve Exam Score: https://drive.google.com/open?id=1wTu8-mVPIpZcSeAUIRg2OTTRu5xUu6U9