Microsoft MS-100 Exam Practice Test Instant Access

Question 1

Your network contains an Active Directory forest named adatum.local. The forest contains 500 users and uses adatum.com as a UPN suffix.

You deploy a Microsoft 365 tenant.

You implement directory synchronization and sync only 50 support users.

You discover that five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com.

You need to ensure that all synchronized identities retain the UPN set in their on-premises user account.

What should you do?

AFrom the Microsoft 365 admin center, add adatum.com as a custom domain name.

BFrom Windows PowerShell, run the Set-ADDomain --AllowedDNSSuffixes adatum.com command.

CFrom Active Directory Users and Computers, modify the UPN suffix of the five user accounts.

DFrom the Microsoft 365 admin center, add adatum.local as a custom domain name.

Answer : C

The question states that only five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com. Therefore the other 45 users have the correct UPN suffix. This tells us that the adatum.com domain has already been added to Office 365 as a custom domain.

The forest is named adatum.local and uses adatum.com as a UPN suffix. User accounts in the domain will have adatum.local as their default UPN suffix. To use adatum.com as the UPN suffix, each user account will need to be configured to use adatum.com as the UPN suffix.

Any synchronized user account that has adatum.local as a UPN suffix will be configured to use a UPN suffix of onmicrosoft.com because adatum.local cannot be added to Office 365 as a custom domain.

Therefore, the reason that the five synchronized users have usernames with a UPN suffix of onmicrosoft.com is because their accounts were not configured to use the UPN suffix of contoso.com.

https://docs.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization

Question 2

You are Developing a human resources application that will show users where they are in their company's organization chart. You are adding a new feature that will display the name of a user's manager inside the application. You need to create a REST query to retrieve the information. The solution must minimize me amount of data retrieved. Which Query should you use?

Ahttps://graph.microsoft.com/v1.0/users/{UserPrincipalName}/Mnager>$select-displayname

Bhttps://graph.microsoft.com/v1.0/users/{UserPrincipalName}/people?$fliter=jobTitle eq 'manager'$select=displayName

Chttps://graph.microsoft.comv1.0/users/{UserPrincipalName}/manager

Dhttps://graph.microsoft.com/v1.0/users/{UserPrincipalName}/contact?$filter= jobTitle eq 'manager'

Answer : A

Question 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You discover that some external users accessed content on a Microsoft SharePoint site. You modify the

SharePoint sharing policy to prevent sharing outside your organization.

You need to be notified if the SharePoint policy is modified in the future.

Solution: From the SharePoint site, you create an alert.

Does this meet the goal?

AYes

BNo

Answer : B

You need to create a threat management policy in the Security & Compliance admin center.

Question 4

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid deployment of Microsoft 365 that contains the objects shown in the following table.

Azure AD Connect has the following settings:

Password Hash Sync: Enabled

Password writeback: Enabled

Group writeback: Enabled

You need to add User2 to Group 2.

Solution: From Azure PowerShell, you run the Set-AzureADGroup cmdlet.

Does this meet the goal?

AYes

BNo

Answer : B

The Set-AzureADGroup cmdlet updates a group in Azure Active Directory (AD) but User2 and Group2 are objects in Windows Server AD.

Question 5

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

admin@M365x981607.onmicrosoft.com

Microsoft 365 Password: *yfLo7Ir2&y-

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10811525

You need to prevent the users in your organization from establishing voice calls from Microsoft Skype for Business to external Skype users.

ASee explanation below

Answer : A

You need to configure the External Communications settings in the Skype for Business admin center.

1. You need to go to the Skype for Business admin center. If you see a Skype for Business admin center in the admin center list in the Microsoft portal, open it and skip to step 4.

2. If you don't see a Skype for Business admin center in the admin center list in the Microsoft portal, open the Teams admin center.

3. In the Teams admin center, choose Skype > Legacy Portal.

4. In the Skype for Business admin center, select Organization.

5. Select External communications.

6. Untick the 'Let people use Skype for Business to communicate with Skype users outside your organization' checkbox.

7. Click Save to save the changes.

Question 6

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses.

Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services.

You need to determine whether a user named User1 is licensed for Exchange Online only.

Solution: You run the Get-MsolAccountSku cmdlet.

Does this meet the goal?

AYes

BNo

Answer : B

The Get-MsolAccountSku cmdlet returns all the SKUs that the company owns. It does not tell you which licenses are assigned to users.

https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolaccountsku?view=azureadps-1.0

Question 7

You need to configure just in time access to meet the technical requirements.

What should you use?

Aaccess reviews

Bentitlement management

CAzure Active Directory (Azure AD) Privileged Identity Management (PIM)

DAzure Active Directory (Azure AD) Identity Protection

Answer : C

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

joergsi 5 months, 1 week ago

Privileged access management

The effectiveness of an information protection strategy depends on how secure the administrative accounts used to manage that strategy are. If accounts that can be used to configure and manage an information protection strategy are not properly secured, then the information protection strategy itself can be easily compromised.

Privileged access management enables you to configure policies that apply

=> just-in-time administrative principles to sensitive administrative roles.

For example, if someone needs temporary access to configure an information protection policy, that person would need to go through an approval process to obtain the necessary set of rights instead of having an Azure Active Directory (Azure AD) account with those rights permanently assigned.

Thomas, Orin. Exam Ref MS-100 Microsoft 365 Identity and Services (S.10). Pearson Education. Kindle-Version.

Microsoft 365 Identity and Services MS-100 Exam Practice Test