MS-100 EK
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).You configure a pilot for co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection. Does this meet the goal? A. Yes B. No
Correct Answer: A
You have a Microsoft 365 subscription. You configure a data loss prevention (DLP) policy. You discover that users are incorrectly marking content as false positive and bypassing the DLP policy. You need to prevent the users from bypassing the DLP policy. What should you configure? A. actions B. exceptions C. incident reports D. user overrides
Correct Answer: D References:https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint policy is modified in the future. Solution: From the Security & Compliance admin center, you create a threat management policy. Does this meet the goal? A. Yes B. No
Correct Answer: A
Your company has a Microsoft 365 subscription. You need to identify all the users in the subscription who are licensed for Microsoft Oce 365 through a group membership. The solution must include the name of the group used to assign the license. What should you use? A. the Licenses blade in the Azure portal B. Reports in the Microsoft 365 admin center C. Active users in the Microsoft 365 admin center D. Report in Security & Compliance
A. the Licenses blade in the Azure portal
You have a Microsoft 365 subscription. A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department.You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible.How frequently can you share the reports? A. hourly B. monthly C. weekly D. daily
Correct Answer: C
You have a Microsoft 365 subscription. A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department. You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible. How frequently can you share the reports? A. hourly B. monthly C. weekly D. daily
Correct Answer: C
Your company has a Microsoft 365 E3 subscription. All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD).You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users. What should you use? A. Subscription Activation B. Windows Update C. Windows Autopilot D. an in-place upgrade
Correct Answer: CReferences:https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot
Your company has 10,000 users who access all applications from an on-premises data center. You plan to create a Microsoft 365 subscription and to migrate data to the cloud. You plan to implement directory synchronization. User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully. You discover that several user accounts fail to sync to Azure AD. You need to identify which user accounts failed to sync. You must resolve the issue as quickly as possible. What should you do? A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts. B. Run idfix.exe, and then click Complete. C. From Windows PowerShell, run the Start-AdSyncCycle ""PolicyType Delta command. D. Run idfix.exe, and then click Edit.
Correct Answer: D
Your on-premises network contains five file servers. The file servers host shares that contain user data.You plan to migrate the user data to a Microsoft 365 subscription.You need to recommend a solution to import the user data into Microsoft OneDrive. What should you include in the recommendation? A. Configure the settings of the OneDrive client on your Windows 10 device. B. Configure the Sync settings in the OneDrive admin center. C. Run the SharePoint Hybrid Configuration Wizard. D. Run the SharePoint Migration Tool.
Correct Answer: DReferences:https://docs.microsoft.com/en-us/sharepointmigration/introducing-the-sharepoint-migration-tool
Your company uses on-premises Windows Server File Classification Infrastructure 9FCI). Some documents on the on-premises file servers are classifies as Confidential. You migrate the files from the on-premises file servers to Microsoft SharePoint Online. You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification. What should you do first? A. From the SharePoint admin center, create a managed property. B. From the SharePoint admin center, configure hybrid search. C. From the Security & Compliance Center PowerShell, run the cmdlet. New-DlpComplianceRule D. From the Security & Compliance Center PowerShell, run the cmdlet. New-DataClassification
A is the correct answer: Before you can use a Windows Server FCI property or other property in a DLP policy, you need to create a managed property in the SharePoint admin center. Here's why. In SharePoint Online and OneDrive for Business, the search index is built up by crawling the content on your sites. The crawler picks up content and metadata from the documents in the form of crawled properties. The search schema helps the crawler decide what content and metadata to pick up. Examples of metadata are the author and the title of a document. However, to get the content and metadata from the documents into the search index, the crawled properties must be mapped to managed properties. Only managed properties are kept in the index. For example, a crawled property related to author is mapped to a managed property related to author. https://docs.microsoft.com/en-us/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-worldwide
Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers. Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You plan to implement pass-through authentication. You need to prepare the environment for the planned implementation of pass-through authentication. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Modify the email address attribute for each user account. B. From the Azure portal, add a custom domain name. C. From Active Directory Domains and Trusts, add a UPN suffix. D. Modify the User logon name for each user account. E. From the Azure portal, configure an authentication method. F. From a domain controller, install an Authentication Agent.
BCD
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365.You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: ✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. ✑ Users passwords must be 10 characters or more. Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory. Does this meet the goal? A. Yes B. No
Correct Answer: A
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use Message center in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No
Correct Answer: A
You have a Microsoft 365 Enterprise E5 subscription. You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department. What should you do? A. Create an activity policy. B. Create a sign-in risk policy. C. Crease a session policy. D. Create an app permission policy.
Correct Answer: A
You have a Microsoft 365 subscription. You recently configured a Microsoft SharePoint Online tenant in the subscription. You plan to create an alert policy. You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes. What should you do first? A. Enable Microsoft Office 365 Cloud App Security. B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP). C. Enable Microsoft Office 365 Analytics. Reveal Solution Discussion 5
Correct Answer: B
Your company has a Microsoft 365 subscription. All identities are managed in the cloud.The company purchases a new domain name.You need to ensure that all new mailboxes use the new domain as their primary email address.What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. From Microsoft Exchange Online PowerShell, run the command. Update-EmailAddressPolicy policy B. From the Exchange admin center, click mail flow, and then configure the email address policies. C. From the Microsoft 365 admin center, click Setup, and then configure the domains. D. From Microsoft Exchange Online PowerShell, run the command. Set-EmailAddressPolicy policy E. From the Azure Active Directory admin center, configure the custom domain names.
Correct Answer: CE From Discussion.
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user namedUser1.You enable Azure AD Identity Protection. You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1? A. Security reader B. Compliance administrator C. Reports reader D. Global administrator
Correct Answer: A
You have a Microsoft 365 tenant.You have a line-of-business application named App1 that users access by using the My Apps portal.After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.What should you do? A. From Microsoft Cloud App Security, modify the impossible travel alert policy. B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy. C. From the Azure Active Directory admin center, modify the conditional access policy. D. From Microsoft Cloud App Security, create an app discovery policy.
Correct Answer: A
Your company has a Microsoft 365 subscription.You need to identify all the users in the subscription who are licensed for Microsoft Office 365 through a group membership. The solution must include the name of the group used to assign the license.What should you use? A. the Licenses blade in the Azure portal B. Reports in the Microsoft 365 admin center C. Active users in the Microsoft 365 admin center D. Report in Security & Compliance
Correct Answer: A
Your company has a hybrid deployment of Microsoft 365.Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed. You need to verify whether all the Authentication Agents are used for authentication. What should you do? A. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page. B. From Performance Monitor, use the #PTA authentications counter. C. From the Azure portal, use the Diagnostics settings on the Monitor blade. D. From Performance Monitor, use the Kerberos authentications counter.
Correct Answer: A
Question #21Topic 2 Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1. You suspect that an imposter is signing in to Azure AD by using the credentials of User1. You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours. To which three roles should you add Admin1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Security administrator B. Password administrator C. User administrator D. Compliance administrator E. Reports reader F. Security reader
Correct Answer: AEF
You have a Microsoft 365 subscription. You have a user named User1. You need to ensure that User1 can place a hold on all mailbox content. What permission should you assign to User1? A. the User management administrator role from the Microsoft 365 admin center B. the eDiscovery Manager role from the Security & Compliance admin center C. the Information Protection administrator role from the Azure Active Directory admin center D. the Compliance Management role from the Exchange admin center
Correct Answer: B References:https://docs.microsoft.com/en-us/Exchange/permissions/feature-permissions/policy-and-compliance-permissions?view=exchserver-2019
Your company has a Microsoft 365 subscription.You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center.A month later, you attempt to run an import job for the PST files.You discover that the PST files were deleted from Microsoft 365.What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal. Select the BEST answer. A. The PST files were corrupted and deleted by Microsoft 365 security features. B. PST files are deleted automatically from Microsoft 365 after 30 days. C. The size of the PST files exceeded a storage quota and caused the files to be deleted. D. Another administrator deleted the PST files.
Correct Answer: B References:https://docs.microsoft.com/en-us/office365/securitycompliance/faqimporting-pst-files-to-office-365
You have a Microsoft 365 subscription.You need to prevent phishing email messages from being delivered to your organization.What should you do? A. From the Exchange admin center, create an anti-malware policy. B. From Security & Compliance, create a DLP policy. C. From Security & Compliance, create a new threat management policy. D. From the Exchange admin center, create a spam filter policy.
Correct Answer: C References:https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies
You have a Microsoft 365 subscription. You plan to enable Microsoft Azure Information Protection. You need to ensure that only the members of a group named PilotUsers can protect content. What should you do? A. Run the Add-AadrmRoleBaseAdministrator cmdlet. B. Create an Azure Information Protection policy. C. Configure the protection activation status for Azure Information Protection. D. Run the Set-AadrmOnboardingControlPolicy cmdlet.
Correct Answer: D If you don't want all users to be able to protect documents and emails immediately by using Azure Rights Management, you can configure user onboarding controls by using theSet-AadrmOnboardingControlPolicyReferences:https://docs.microsoft.com/en-us/azure/information-protection/activate-service
Your company has three main offices and one branch office. The branch office is used for research. The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication. You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office. What should you include in the recommendation? A. Microsoft Azure Active Directory (Azure AD) conditional access. B. Microsoft Azure Active Directory (Azure AD) password protection. C. a device compliance policy D. a Microsoft Intune device configuration profile
Correct Answer: A
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do? A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings. B. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option. C. From Azure Cloud Shell, run the Get-AzureADUser and Set-AzureADUser cmdlets. D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.
Correct Answer: A
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers. You purchase Microsoft 365 and plan to implement several Microsoft 365 services. You need to identify an authentication strategy for the planned Microsoft 365 deployment. The solution must meet the following requirements:✑ Ensure that users can access Microsoft 365 by using their on-premises credentials. ✑ Use the existing server infrastructure only. ✑ Store all user passwords on-premises only. ✑ Be highly available. Which authentication strategy should you identify? A. pass-through authentication and seamless SSO B. pass-through authentication and seamless SSO with password hash synchronization C. password hash synchronization and seamless SSO D. federation
Correct Answer: A
Your company has 10 offices. The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet. You discover that one of the offices has the following: Computers that have several preinstalled applications✑ Computers that use nonstandard computer names✑ Computers that have Windows 10 preinstalled✑ Computers that are in a workgroup You must configure the computers to meet the following corporate requirements:✑ All the computers must be joined to the domain.✑ All the computers must have computer names that use a prefix of CONTOSO.✑ All the computers must only have approved corporate applications installed. You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time. A. a provisioning package B. wipe and load refresh C. Windows Autopilot D. an in-place upgrade
Correct Answer: A By using a Provisioning, IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device. Incorrect Answers:C: With Windows Autopilot the user can set up pre-configure devices without the need consult their IT administrator.D: Use the In-Place Upgrade option when you want to keep all (or at least most) existing applications.References:https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants. You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users. You need to recommend a solution for the planned directory synchronization. What should you include in the recommendation? A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering. B. Deploy one server that runs Azure AD Connect, and then specify two sync groups. C. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering. D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domain-based filtering.
Correct Answer: A References:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad-tenants
Your company has an on-premises Microsoft Exchange Server 2013 organization. The company has 100 users. The company purchases Microsoft 365 and plans to move its entire infrastructure to the cloud. The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD).You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online. What should you recommend? A. cutover migration B. IMAP migration C. remote move migration D. staged migration
Correct Answer: A References:https://docs.microsoft.com/en-us/exchange/mailbox-migration/cutover-migration-to-office-365
You have a Microsoft 365 subscription.You suspect that several Microsoft Office 365 applications or services were recently updated.You need to identify which applications or services were recently updated.What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. From the Microsoft 365 admin center, review the Message center blade. B. From the Office 365 Admin mobile app, review the messages. C. From the Microsoft 365 admin center, review the Products blade. D. From the Microsoft 365 admin center, review the Service health blade.
Correct Answer: AB
You have a Microsoft 365 subscription. Your company deploys an Active Directory Federation Services (AD FS) solution. You need to configure the environment to audit AD FS user authentication. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. From all the AD FS servers, run auditpol.exe. B. From all the domain controllers, run the Set-AdminAuditLogConfig cmdlet and specify the ""LogLevel parameter. C. On a domain controller, install Azure AD Connect Health for AD DS. D. From the Azure AD Connect server, run the cmdlet. Register-AzureADConnectHealthSyncAgent E. On an AD FS server, install Azure AD Connect Health for AD FS.
Correct Answer: AE
Your company has on-premises servers and a Microsoft Azure Active Directory (Azure AD) tenant.Several months ago, the Azure AD Connect Health agent was installed on all the servers.You review the health status of all the servers regularly.Recently, you attempted to view the health status of a server named Server1 and discovered that the server is NOT listed on the Azure Active Directory ConnectServers list.You suspect that another administrator removed Server1 from the list.You need to ensure that you can view the health status of Server1.What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. From Windows PowerShell, run the cmdlet. Register-AzureADConnectHealthSyncAgent B. From Azure Cloud shell, run the Connect-AzureAD cmdlet. C. From Server1, change the Azure AD Connect Health services Startup type to Automatic (Delayed Start). D. From Server1, change the Azure AD Connect Health services Startup type to Automatic. E. From Server1, reinstall the Azure AD Connect Health agent. Reveal Solution Discussion 3
Correct Answer: AE After deleting a service instance from Azure AD Connect Health service, if you want to start monitoring the same server again, uninstall, reinstall, and register the Health Agent on that server. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint policy is modified in the future. Solution: From the SharePoint site, you create an alert. Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365.You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.✑ Users passwords must be 10 characters or more. Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant. Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).You configure a pilot for co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: You create a device configuration profile from the Intune admin center. Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint policy is modified in the future. Solution: From the SharePoint admin center, you modify the sharing settings. Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant. You suspect that several Office 365 features were recently updated. You need to view a list of the features that were recently updated in the tenant. Solution: You use Monitoring and reports from the Compliance admin center. Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365.You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.✑ Users passwords must be 10 characters or more. Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant. Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You review the Security & Compliance report in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use the View service requests option in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No
Correct Answer: B
Question #3Topic 2 Your network contains an Active Directory forest named contoso.local. You have a Microsoft 365 subscription. You plan to implement a directory synchronization solution that will use password hash synchronization. From the Microsoft 365 admin center, you verify the contoso.com domain name. You need to prepare the environment for the planned directory synchronization solution. What should you do first? A. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record. B. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix. C. From the Microsoft 365 admin center, verify the contoso.local domain name. D. From Active Directory Users and Computers, modify the UPN suffix for all users.
Correct Answer: B
You have a Microsoft 365 subscription. All users have client computers that run Windows 10 and have Microsoft Office 365 ProPlus installed. Some users in the research department work for extended periods of time without an Internet connection. How many days can the research department users remain offline before they are prevented from editing Office documents? A. 10 B. 30 C. 90 D. 120
Correct Answer: B
Your company has a Microsoft 365 subscription. You upload several archive PST les to Microsoft 365 by using the Security & Compliance admin center. A month later, you attempt to run an import job for the PST les. You discover that the PST les were deleted from Microsoft 365. What is the most likely cause of the les being deleted? More than one answer choice may achieve the goal. Select the BEST answer. A. The PST les were corrupted and deleted by Microsoft 365 security features. B. PST les are deleted automatically from Microsoft 365 after 30 days. C. The size of the PST les exceeded a storage quota and caused the les to be deleted. D. Another administrator deleted the PST les
Correct Answer: B
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices. You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States. You plan to onboard all the devices to Windows Defender ATP data in Europe. What should you do first? A. Create a workspace B. Offboard the test devices C. Delete the workspace D. Onboard a new device
Correct Answer: B
Your network contains three Active Directory forests. You create a Microsoft Azure Active Directory (Azure AD) tenant. You plan to sync the on-premises Active Directory to Azure AD. You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails. What should you include in the recommendation? A. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode B. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode C. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode D. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
Correct Answer: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network. Solution: From the Microsoft 365 admin center, you configure the Organization profile settings. Does this meet the goal? A. Yes B. No
Correct Answer: B Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.References:https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online-and-OneDrive-for/ba-p/46678
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network. Solution: From the Device Management admin center, you a trusted location and compliance policy. Does this meet the goal? A. Yes B. No
Correct Answer: B Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.References:https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online-and-OneDrive-for/ba-p/46678
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).You configure a pilot for co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: You add Device1 to an Active Directory group. Does this meet the goal? A. Yes B. No
Correct Answer: B Device1 has the Configuration Manager client installed so you can manage Device1 by using Configuration Manager. To manage Device1 by using Microsoft Intune, the device has to be enrolled in Microsoft Intune. In the Co-management Pilot configuration, you configure a Configuration Manager Device Collection that determines which devices are auto enrolled in Microsoft Intune. You need to add Device1 to the Device Collection, not an Active Directory Group. Answer is B
Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users. Users on the network report that they are prompted for multi-factor authentication multiple times a day. You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices. What should you do? A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device. B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device. C. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD). D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).
Correct Answer: B References:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
You have a Microsoft 365 Enterprise subscription.You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device.You need to view which users authenticated by using multi-factor authentication.What should you do? A. From the Microsoft 365 admin center, view the Security & Compliance reports. B. From the Azure Active Directory admin center, view the user sign-ins. C. From the Microsoft 365 admin center, view the Usage reports. D. From the Azure Active Directory admin center, view the audit logs.
Correct Answer: B References:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
Your company recently purchased a Microsoft 365 subscription. You enable Microsoft Azure Multi-Factor Authentication (MFA) for all 500 users in the Azure Active Directory (Azure AD) tenant. You need to generate a report that lists all the users who completed the Azure MFA registration process. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet. B. From Azure Cloud Shell, run the Get-MsolUser cmdlet. C. From the Azure Active Directory admin center, use the Multi-Factor Authentication "" Server Status blade. D. From the Azure Active Directory admin center, use Risky sign-ins blade.
Correct Answer: B References:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
You have a Microsoft 365 tenant that contains Microsoft Exchange Online.You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has a Microsoft 365 tenant. You need to ensure that the calendar of every user is available to the users in adatum.com immediately.What should you do? A. From the Exchange admin center, create a sharing policy. B. From the Exchange admin center, create a new organization relationship. C. From the Microsoft 365 admin center, modify the Organization profile settings. D. From the Microsoft 365 admin center, configure external site sharing.
Correct Answer: B References:https://docs.microsoft.com/en-us/exchange/sharing/organization-relationships/create-an-organization-relationship
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. In the tenant, you create a user named User1.You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege. To which role group should you add User1? A. Security Administrator B. Records Management C. Compliance Administrator D. eDiscovery Manager
Correct Answer: B References:https://docs.microsoft.com/en-us/office365/securitycompliance/file-plan-manager
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use Dashboard in Security & Compliance.Does this meet the goal? A. Yes B. No
Correct Answer: B Updates are pushed to users based on their preferred release target. This is found on the Organizational Profile.
You have an on-premises Microsoft SharePoint Server 2016 environment. You create a Microsoft 365 tenant. You need to migrate some of the SharePoint sites to SharePoint Online. The solution must meet the following requirements: ✑ Microsoft OneDrive sites must redirect users to online content. ✑ Users must be able to follow both on-premises and cloud-based sites. ✑ Users must have a single SharePoint profile for both on-premises and on the cloud. ✑ When users search for a document by using keywords, the results must include online and on-premises results. From the SharePoint Hybrid Configuration Wizard, you select the following features: ✑ Hybrid business to business (B2B) site s✑ Hybrid OneDrive ✑ Hybrid Search Which two requirements are met by using the SharePoint Hybrid Configuration Wizard features? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Users must have a single SharePoint profile for both on-premises and on the cloud. B. OneDrive sites must redirect users to online content. C. Users must be able to follow both on-premises and cloud-based sites. D. When users search for a document by using keywords, the results must include online and on-premises results.
Correct Answer: BD
Your network contains an Active Directory domain named contoso.com. All users authenticate by using a third-party authentication solution. You purchase Microsoft 365 and plan to implement several Microsoft 365 services. You need to recommend an identity strategy that meets the following requirements:✑ Provides seamless SSO✑ Minimizes the number of additional servers required to support the solution✑ Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)✑ Ensures that all the users authenticate to Microsoft 365 by using their on-premises user account You are evaluating the implementation of federation. Which two requirements are met by using federation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. minimizes the number of additional servers required to support the solution B. provides seamless SSO C. stores the passwords of all the users in Azure AD D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account.
Correct Answer: BD
You create a Microsoft 365 Enterprise subscription. You assign licenses for all products to all users.You need to ensure that all Microsoft Office 365 ProPlus installations occur from a network share. The solution must prevent the users from installing Office 365ProPlus from the Internet. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. From your computer, run setup.exe /download downloadconfig.xml. B. Create an XML download file. C. From the Microsoft 365 admin center, deactivate the Office 365 licenses for all the users. D. From each client computer, run setup.exe /configure installconfig.xml. E. From the Microsoft 365 admin center, configure the Software download settings.
Correct Answer: BDEReferences:https://docs.microsoft.com/en-us/deployoffice/overview-of-the-office-2016-deployment-tool#download-the-installation-files-for-office-365-proplus-from-a-local- source
Your network contains an on-premises Active Directory forest. You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy. You need to recommend an authentication strategy that meets the following requirements:✑ Allows users to sign in by using smart card-based certificates✑ Allows users to connect to on-premises and Microsoft 365 services by using SSO Which authentication strategy should you recommend? A. password hash synchronization and seamless SSO B. federation with Active Directory Federation Services (AD FS) C. pass-through authentication and seamless SSO
Correct Answer: BReferences:https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
Your company has a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. An external vendor has a Microsoft account that has a username of [email protected] plan to provide [email protected] with access to several resources in the subscription. You need to add the external user account to contoso.onmicrosoft.com. The solution must ensure that the external vendor can authenticate by using [email protected] should you do? A. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify ""UserPrincipalName [email protected]. B. From the Microsoft 365 admin center, add a contact, and then specify [email protected] as the email address. C. From the Azure portal, add a new guest user, and then specify [email protected] as the email address. D. From the Azure portal, add a custom domain name, and then create a new Azure AD user and use [email protected] as the username.
Correct Answer: C
Your network contains an Active Directory forest named adatum.local. The forest contains 500 users and uses adatum.com as a UPN suffix.You deploy a Microsoft 365 tenant.You implement directory synchronization and sync only 50 support users.You discover that five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com.You need to ensure that all synchronized identities retain the UPN set in their on-premises user account.What should you do? A. From the Microsoft 365 admin center, add adatum.com as a custom domain name. B. From Windows PowerShell, run the Set-ADDomain ""AllowedDNSSuffixes adatum.com command. C. From Active Directory Users and Computers, modify the UPN suffix of the five user accounts. D. From the Microsoft 365 admin center, add adatum.local as a custom domain name.
Correct Answer: C
A user receives the following message when attempting to sign in to https://myapps.microsoft.com: "Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin." Which configuration prevents the users from signing in? A. Security & Compliance supervision policies B. Security & Compliance data loss prevention (DLP) policies C. Microsoft Azure Active Directory (Azure AD) conditional access policies D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies
Correct Answer: C References:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Your company has an on-premises Microsoft Exchange Server 2016 organization and a Microsoft 365 Enterprise subscription.You plan to migrate mailboxes and groups to Exchange Online.You start a new migration batch.Users report slow performance when they use the on-premises Exchange Server organization.You discover that the migration is causing the slow performance.You need to reduce the impact of the mailbox migration on the end-users.What should you do? A. Create a mailbox rule. B. Configure back pressure. C. Modify the migration endpoint settings. D. Create a throttling policy.
Correct Answer: C You can reduce the maximum number of concurrent mailbox migrations.
You have a Microsoft Office 365 subscription that contains several Microsoft SharePoint Online sites. You discover that users from your company can invite external users to access files on the SharePoint sites. You need to ensure that the company users can invite only authenticated guest users to the sites. What should you do? A. From the Microsoft 365 admin center, configure a partner relationship. B. From SharePoint Online Management Shell, run the Set-SPOSite cmdlet. C. From the Azure Active Directory admin center, configure a conditional access policy. D. From the SharePoint admin center, configure the sharing settings.
Correct Answer: D
Your company has a Microsoft 365 subscription. You need to identify which users performed the following privileged administration tasks: ✑ Deleted a folder from the second-stage Recycle Bin if Microsoft SharePoint ✑ Opened a mailbox of which the user was not the owner ✑ Reset a user password What should you use? A. Microsoft Azure Active Directory (Azure AD) audit logs B. Microsoft Azure Active Directory (Azure AD) sign-ins C. Security & Compliance content search D. Security & Compliance audit log search
Correct Answer: D
Your company has a main office and 20 branch offices in North America and Europe. Each branch office connects to the main office by using a WAN link. All the offices connect to the Internet and resolve external host names by using the main office connections.You plan to deploy Microsoft 365 and to implement a direct Internet connection in each office.You need to recommend a change to the infrastructure to provide the quickest possible access to Microsoft 365 services.What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. For all the client computers in the branch offices, modify the MTU setting by using a Group Policy object (GPO). B. In each branch office, deploy a proxy server that has user authentication enabled. C. In each branch office, deploy a firewall that has packet inspection enabled. D. In each branch office, configure name resolution so that all external hosts are redirected to public DNS servers directly.
Correct Answer: D Because Office 365 runs on the Microsoft Global Network, which includes front end servers around the world, there will often be a front-end server close to the user's location. By providing local Internet egress and by configuring internal DNS servers to provide local name resolution for Office 365 endpoints, network traffic destined for Office 365 can connect to Office 365 front end servers as close as possible to the user Ref: https://docs.microsoft.com/en-us/office365/enterprise/office-365-network-connectivity-principles#BKMK_P2
Your network contains two Active Directory forests. Each forest contains two domains. All client computers run Windows 10 and are domain-joined.You plan to configure Hybrid Azure AD join for the computers.You create a Microsoft Azure Active Directory (Azure AD) tenant.You need to ensure that the computers can discover the Azure AD tenant. What should you create? A. a new computer account for each computer B. a new service connection point (SCP) for each domain C. a new trust relationship for each forest D. a new service connection point (SCP) for each forest
Correct Answer: D References:https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual
Your company has a Microsoft 365 E5 subscription. Users in the research department work with sensitive data. You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted. What should you do from the Security & Compliance admin center? A. Create a data loss prevention (DLP) policy that has a Content contains condition. B. Create a data loss prevention (DLP) policy that has a Content is shared condition. C. Modify the default safe links policy. D. Create a new safe links policy.
Correct Answer: D References:https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-atp-safe-links-policies#policies-that-apply-to-specific-email-recipients
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com. Your company recently purchased a Microsoft 365 subscription. You deploy a federated identity solution to the environment. You use the following command to configure contoso.com for federation.Convert-MsolDomaintoFederated ""DomainName contoso.com In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name. You need to configure the adatum.com Active Directory domain for federated authentication. Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. From Windows PowerShell, run the Convert-MsolDomaintoFederated command. ""DomainName contoso.com ""SupportMultipleDomain B. From Windows PowerShell, run the New-MsolFederatedDomain command. ""SupportMultipleDomain -DomainName contoso.com C. From Windows PowerShell, run the New-MsolFederatedDomain command. -DomainName adatum.com D. From Windows PowerShell, run the Update-MSOLFederatedDomain command. ""DomainName contoso.com ""SupportMultipleDomain E. From the federation server, remove the Microsoft Office 365 relying party trust.
Correct Answer: DE
Your network contains an on-premises Active Directory domain.Your company has a security policy that prevents additional software from being installed on domain controllers.You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).What should you do? More than once choice may achieve the goal. Select the BEST answer. A. Deploy an Azure ATP standalone sensor, and then configure port mirroring. B. Deploy an Azure ATP standalone sensor, and then configure detections. C. Deploy an Azure ATP sensor, and then configure detections. D. Deploy an Azure ATP sensor, and then configure port mirroring.
Correct Answer: DReferences:https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant. The network uses a firewall that contains a list of allowed outbound domains. You begin to implement directory synchronization. You discover that the firewall configuration contains only the following domain names in the list of allowed domains:✑ *.microsoft.com✑ *.office.com Directory synchronization fails. You need to ensure that directory synchronization completes successfully. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. From the firewall, allow the IP address range of the Azure data center for outbound communication. B. From Azure AD Connect, modify the Customize synchronization options task. C. Deploy an Azure AD Connect sync server in staging mode. D. From the firewall, create a list of allowed inbound domains. E. From the firewall, modify the list of allowed outbound domains.
Correct Answer: E
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network. Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy. Does this meet the goal? A. Yes B. No
Discussion Correct Answer: A Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.References:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online-and-OneDrive-for/ba-p/46678