Abreast Of The Times MS-100 Q&A 2021

NEW QUESTION 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest. You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
Users passwords must be 10 characters or more.
Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 2

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.

You need to identify which users can perform the following administrative tasks:
Reset the password of User4.
Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles

NEW QUESTION 3

Your company has a Microsoft 365 subscription.
Your plan to add 100 newly hired temporary users to the subscription next week. You create the user accounts for the new users.
You need to assign licenses to the new users. Which command should you run?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 4

Note This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Management role.
Does this meet the goal?

• A. Yes
• B. NO

Answer: B

NEW QUESTION 5

Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following exhibit.

An on-premises Active Directory user account named Allan Yoo is synchronized to Azure AD. You view Allan’s account from Microsoft 365 and notice that his username is set to Allan@contoso.onmicrosoft.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6

Your company recently purchased a Microsoft 365 subscription.
You enable Microsoft Azure Multi-Factor Authentication (Ml A) for all 500 users in the Azure Active Directory (Azure AD) tenant.
You need to generate a report that lists all the users who completed the Azure MFA registration process. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet.
• B. From Azure Cloud Shell, run the Get-MsolUser cmdlet
• C. From the Azure Active Directory admin center, use the MFA Server blade.
• D. From the Azure Active Directory admin center, use the Risky sign-ins blade.

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

NEW QUESTION 7

Your network contains an Active Directory domain named contoso.com. All users authenticate by using a third-party authentication solution.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services. You need to recommend an identity strategy that meets the following requirements:
Provides seamless SSO
Minimizes the number of additional servers required to support the solution
Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)
Ensures that all the users authenticate to Microsoft 365 by using their on-premises user account You are evaluating the implementation of federation.
Which two requirements are met by using federation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. minimizes the number of additional servers required to support the solution
• B. provides seamless SSO
• C. stores the passwords of all the users in Azure AD
• D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account.

Answer: BD

NEW QUESTION 8

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You add an app named App1 to the enterprise applications in contoso.com.
You need to configure self-service for App1. What should you do first?

• A. Assign App1 to users and groups.
• B. Add an owner to App1.
• C. Configure the provisioning mode for App1.
• D. Configure an SSO method for App1.

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access

NEW QUESTION 9

You need to meet the security requirement for the vendors. What should you do?

• A. From the Azure portal, add an identity provider.
• B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the –UserPrincipalName parameter.
• C. From the Azure portal, create guest accounts.
• D. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the –UserType parameter.

Answer: C

NEW QUESTION 10

You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users nagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?

• A. Security reader
• B. Compliance administrator
• C. Reports reader
• D. Global administrator

Answer: A

NEW QUESTION 12

You have several Microsoft SharePoint document libraries in your on-premises environment. You have a Microsoft 365 tenant that has directory synchronization implemented.
You plan to move all the document libraries to SharePoint Online.
You need to recommend a migration strategy for the document libraries.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/sharepointmigration/how-to-use-the-sharepoint-migration-tool

NEW QUESTION 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the Compliance Management role.
Does this meet the goal?

• A. Yes
• B. NO

Answer: A

NEW QUESTION 14

You recently migrated your on-premises email solution to Microsoft Exchange Online and are evaluating which licenses to purchase.
You want the members of two groups named IT and Managers to be able to use the features shown in the following table.

The IT group contains 50 users. The Managers group contains 200 users.
You need to recommend which licenses must be purchased for the planned solution. The solution must minimize licensing costs.
Which licenses should you recommend?

• A. 250 Microsoft 365 E3 only
• B. 50 Microsoft 365 E 3 and 200 Microsoft 365 E5
• C. 250 Microsoft 365 E5 only
• D. 200 Microsoft 365 E3 and 50 Microsoft 365 E5

Answer: D

NEW QUESTION 15

Note: This question it part of a series of questions that present the same scenario. Cacti question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 36S tenant.
You suspect that several Office 365 features were recently updated.
You need to view a last of the features that were recently updated in the tenant. Solution: You use Message center in the Microsoft 365 admin center.
Does this meet the goal?

• A. Yes
• B. NO

Answer: A

NEW QUESTION 16

Your company has 10,000 users who access all applications from an on-premises data center. You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User account and group accounts must sync to Microsoft Azure Directory (Azure AD) successfully. You discover that several user accounts fail to sync to Azure AD.
You need to identify which user accounts failed to sync. You must resolve the issue as quickly as possible. What should you do?

• A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts.
• B. Run idfix.exe, and then click Complete.
• C. From Windows PowerShell, run the Start-AdSyncSyncCycle –PolicyType Delta command.
• D. Run idfix.exe, and then click Edit.

Answer: D

NEW QUESTION 17

You have a Microsoft 365 Enterprise subscription.
You create a password policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

NEW QUESTION 18

You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

• A. Create on activity policy.
• B. Create a Sign- in risk policy.
• C. Create a session policy.
• D. Create an app permission policy.

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy

NEW QUESTION 19

You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com contains the users shown in the following table.

Contoso.com is configured as shown in the following exhibit.

You need to ensure that guest users can be created in the tenant. Which setting should you modify?

• A. Guests can invite.
• B. Guest users permissions are limited.
• C. Members can invite.
• D. Admins and users in the guest inviter role can invite.
• E. Deny invitations to the specified domains

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions

NEW QUESTION 20

Your company has a Microsoft 365 subscription.
You need to identify all the users in the subscription who are licensed for Microsoft Office 365 through a group membership. The solution must include the name of the group used to assign the license.
What should you use?

• A. the Licenses blade in the Azure portal
• B. Reports in the Microsoft 365 admin center
• C. Active users in the Microsoft 365 admin center
• D. Report in Security & Compliance

Answer: A

NEW QUESTION 21

You have an on premises web application that is published by using a URL of https://app.contoso.local. You purchase a Microsoft 36S subscription.
Several external users must be able to connect to the web application
You need to recommend a solution for external access to the application. The solution must support multi-factor authentication.
Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From an on-premises server, install a connector, and then publish the app.
• B. From the Azure Active Directory admin center, enable an Application Proxy.
• C. From the Azure Active Directory admin center, treate a conditional access policy.
• D. From an on premises server, install an Authentication Agent.
• E. Republish the web-application by using http//app.contoso.com

Answer: AB

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-applic

NEW QUESTION 22

Note: This question it part of a series of questions that present the same scenario. Cacti question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 36S tenant.
You suspect that several Office 365 features were recently updated.
You need to view a last of the features that were recently updated in the tenant. Solution: You use Dashboard in Security & Compliance.
Does this meet the goal?

• A. Yes
• B. NO

Answer: B

NEW QUESTION 23
......