Practice MS-100 Questions With Certification guide Q&A from Training Expert Test4Engine
Free Microsoft MS-100 Test Practice Test Questions Exam Dumps
How You Can Level-up Your Career Further?
Passing the Microsoft MS-100 exam helps one become an Enterprise expert. Hierarchy-wise, this is the highest certification that one can earn related to Microsoft 365. However, you can explore other areas of expertise like Azure and Windows to level-up the career.
Microsoft has a lot to offer. Just pass this exam and have endless opportunities afterward.
What Are The Pre-requisite for The Exam?
As we have already told that MS-100 leads to an expert-level certification, one must know about great prior expertise required. The vendor suggests owning any of the below-mentioned certificates before taking up the Microsoft MS-100 test:
- Microsoft 365 Certified: Teams Administrator Associate
- Microsoft 365 Certified: Messaging Administrator Associate
- Microsoft 365 Certified: Security Administrator Associate
- Microsoft 365 Certified: Modern Desktop Administrator Associate
- MCSE: Productivity Solutions Expert
NEW QUESTION 179
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to identify an authentication strategy for the planned Microsoft 365 deployment. The solution must meet the following requirements:
* Ensure that users can access Microsoft 365 by using their on-premises credentials.
* Use the existing server infrastructure only.
* Store all user passwords on-premises only.
* Be highly available.
Which authentication strategy should you identify?
- A. federation
- B. password hash synchronization and seamless SSO
- C. pass-through authentication and seamless SSO with password hash synchronization
- D. pass-through authentication and seamless SSO
Answer: D
Explanation:
Explanation
Azure AD Pass-through Authentication. Provides a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers. The servers validate the users directly with your on-premises Active Directory, which ensures that the password validation doesn't happen in the cloud.
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn
NEW QUESTION 180
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You purchase a domain named contoso.com from a registrar and add all the required DNS records.
You create a user account named User1. User1 is configured to sign in as [email protected].
You need to configure User1 to sign in as [email protected].
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide
NEW QUESTION 181
You have a Microsoft 365 subscription that contains a guest user named User1. User1 is assigned the User administrator role.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Default permissions for guests are restrictive by default. Guests can be added to administrator roles, which grant them full read and write permissions contained in the role. There is one additional restriction available, the ability for guests to invite other guests. Setting Guests can invite to No prevents guests from inviting other guests.
User1 is assigned the User Administrator role. Therefore, User1 can open the Azure portal, view users, create new users, and create new guest users.
In the exhibit, the 'Guest user permissions are limited' is set to no. This means that guest users have the same permissions as members. However, the 'Guests can invite' setting is set to No. Therefore, other guest users (all guest users except User1) can open the Azure portal and view users in the same way as member users can.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
NEW QUESTION 182
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains
1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for
10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States.
You plan to onboard all the devices to Windows Defender ATP data in Europe.
What should you do first?
- A. Onboard a new device
- B. Delete the workspace
- C. Create a workspace
- D. Offboard the test devices
Answer: D
Explanation:
Section: [none]
Explanation:
When onboarding Windows Defender ATP for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored.
The only way to change the location is to offboard the test devices then onboard them again with the new location.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/data-storage- privacy#do-i-have-the-flexibility-to-select-where-to-store-my-data
NEW QUESTION 183
You have a Microsoft 365 E5 subscription.
All users are assigned a license to Microsoft 365 Apps for enterprise.
The users report that they do not have the option to install Microsoft 365 apps on their device as shown in the following exhibit.
You need to ensure that the users can install Microsoft 365 apps from the Office 365 portal.
What should you do?
- A. From the Microsoft Endpoint Manager admin center, create a Microsoft 365 Apps app and assign the app to the users.
- B. From the Microsoft 365 admin center, modify the Services & add-ins settings.
- C. From the Microsoft Endpoint Manager admin center, create a Microsoft 365 Apps app and assign the app to the devices.
- D. From the Microsoft 365 admin center, modify the user license settings.
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION 184
You have a Microsoft 365 subscription that uses a default domain named litwareinc.com. The subscription has a Microsoft SharePoint site collection named Collection1.
From the Azure Active Directory admin center, you configure the External collaboration settings as shown in the External Collaboration Settings exhibit. (Click the External Collaboration Settings tab.)
From the SharePoint admin center, you configure the sharing settings as shown in the SharePoint Sharing exhibit. (Click the SharePoint Sharing tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
In the first exhibit, "Allow invitations to be sent to any domain (most inclusive) is enabled". Also, everyone is allowed to 'invite'. The Target Domains setting will have no effect. This would only apply if one of the Allow/Deny invitations to the specified domain options were selected.
There is a restriction that blocks invitations being sent to contoso.com. However, this restriction does not apply to Fabrikam.com. Therefore, you can share the files in Collection1 to [email protected].
Box 2: Yes
As noted above, external sharing is enabled for any domain except contoso.com. The Target Domains setting in the first exhibit will have no effect. Therefore, you can share Collection1 to [email protected].
Box 3: Yes
As noted above, external sharing is enabled for any domain except contoso.com. Blocking sharing to contoso.com does not block sharing to us.contoso.com. Therefore, you can share Collection1 to [email protected].
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
NEW QUESTION 185
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1 You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users nagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
- A. Reports reader
- B. Security reader
- C. Compliance administrator
- D. Global administrator
Answer: B
Explanation:
The risky sign-ins reports are available to users in the following roles:
Security Administrator
Global Administrator
Security Reader
Of the three roles listed above, the Security Reader role has the least privilege.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins
NEW QUESTION 186
In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit. (Click the
You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?
- A. a group
- B. a condition
- C. an action
- D. an exception
Answer: D
Explanation:
Explanation
You need to add an exception. In the Advanced Settings of the DLP policy, you can add a rule to configure the Conditions and Actions. There is also an 'Add Exception' button. This gives you several options that you can select as the exception. One of the options is 'except when recipient domain is'. You need to select that option and enter the domain name contoso.com.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies#how-dlp-policies-w
NEW QUESTION 187
Your on-premises network contains an Active Directory domain that syncs with an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect. Your company purchases another company that has an on-premises Active Directory domain named lrtwareinc.com. You need to sync litwarein.com with contoso.com. What should you install in the litwarein.com domain?
- A. an active instance of Azure AD Connect
- B. an Azure AD application proxy connector
- C. an Azure AD Connect instance in staging mode
- D. an Azure AD Connect provisioning agent
Answer: A
NEW QUESTION 188
You have a Microsoft 365 subscription.
You have the devices shown in the following table.
You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-HYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection"advanced-threat-protection
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atpHYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection"/configure-endpoints-windows-defender-advanced-threat-protection
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defenHYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection"der-atp/configure-server-endpoints-windows-defender-advanced-threat-protection
NEW QUESTION 189
You have a Microsoft 365 subscription and a DNS domain. The domain is hosted by a third-party DNS service.
You plan to add the domain to the subscription.
You need to use Microsoft Exchange Online to send and receive emails for the domain.
Which type of DNS record should you add to the DNS zone of the domain for each task? To answer, drag the appropriate records to the correct tasks. Each record may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
NEW QUESTION 190
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
NEW QUESTION 191
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid deployment of Microsoft 365 that contains the objects shown in the following table.
Azure AD Connect has the following settings:
* Password Hash Sync: Enabled
* Password writeback: Enabled
* Group writeback: Enabled
You need to add User2 to Group 2.
Solution: You use the Azure Active Directory admin center.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Section: [none]
Explanation:
User2 and Group2 are objects in Windows Server Active Directory (AD)
NEW QUESTION 192
You have a Microsoft 365 subscription.
You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center
NEW QUESTION 193
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the users shown in the following table.
You create an Azure Active Directory (Azure AD) tenant named fabrikam.onmicrosoft.com.
You plan to sync the users in the forest to fabrikam.onmicrosoft.com by using Azure AD Connect.
Which username will be assigned to User1 and User2 in Azure AD after the synchronization? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 194
You are configuring an enterprise application named TestApp in Microsoft Azure as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-hard-coded-link-translation
NEW QUESTION 195
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use the View service requests option in the Microsoft 365 admin center.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Section: [none]
Explanation:
A service request is a support ticket. Therefore, the View service requests option in the Microsoft 365 admin center displays a list of support tickets. It does not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide
NEW QUESTION 196
......
Exam MS-100: Microsoft 365 Identity and Services
Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, Power Platform, and supporting technologies.
Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least one Microsoft 365 workload (Exchange, SharePoint, Teams), and Windows as a Service. Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.
Part of the requirements for: Microsoft 365 Certified: Enterprise Administrator Expert
Prepare Top Microsoft MS-100 Exam Audio Study Guide Practice Questions Edition: https://actualtests.test4engine.com/MS-100-real-exam-questions.html