Skip Navigation Links
 

Microsoft - MS-100: Microsoft 365 Identity and Services

Sample Questions

Question: 104
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

Your organization has an on-premises Microsoft Exchange Server 2016 organization. The Exchange organization is in the company's main office in Melbourne. The main office has a low-bandwidth connection to the Internet.

The organization contains 250 mailboxes.

You purchase a Microsoft 365 subscription and plan to migrate to Exchange Online next month. In 12 months, you plan to increase the bandwidth available for the Internet connection.

You need to recommend the best migration strategy for the organization. The solution must minimize administrative effort.

What is the best recommendation to achieve the goal?

(More than one answer choice may achieve the goal. Select the BEST answer.)

ANetwork upload
B Cutover migration
C Hybrid migration
D Staged migration

Correct answer: C

Explanation:

There are many paths to migrate data from an on-premises email organization to Exchange Online in Office 365. When planning a migration to Exchange Online, a common question is about how to improve the performance of data migration and optimize migration velocity.

Frequently used migration methods:

IMAP Migration
You can use the Exchange Administration Center (EAC) or the Exchange Management Shell to migrate the contents of users' mailboxes from an IMAP messaging system to their Exchange Online mailboxes. This includes migrating your mailboxes from other hosted email services, such a Gmail or Yahoo Mail.
 
Cutover Migration
Using a cutover migration, you migrate all on-premises mailboxes to Exchange Online over a few days. You would use this migration type if you plan to move your entire email organization to Office 365 and manage user accounts in Office 365. You can migrate a maximum of 2,000 mailboxes from your on-premises Exchange organization to Exchange Online using a cutover migration. The mail contacts and distribution groups in your on-premises Exchange organization are also migrated.
 
Staged Migration
You use a staged migration if you plan to eventually migrate all your organization's mailboxes to Exchange Online. Using a staged migration, you migrate batches of on-premises mailboxes to Exchange Online over the course of a few weeks or months. Your goal would be to permanently move your email organization to Office 365.
 
Hybrid Deployment
A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange Server 2013 or 2010 organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.
 



Question: 105
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com.

All users have client computers that run Windows 10 Pro and are joined to Azure AD.

The company purchases a Microsoft 365 E3 subscription.

You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort.

You assign licenses from the Microsoft 365 admin center.

What should you do next?

AAdd a custom domain name to the subscription.
B Deploy Windows 10 Enterprise by using Windows Autopilot.
C Create provisioning package, and then deploy the package to all the computers.
D Instruct all the users to log off of their computer, and then to log in again.

Correct answer: B

Explanation:

Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.

Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users.

When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images as well as drivers for every model of device being used. Instead of re-imaging the device, that existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise, to support advanced features).

Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can help with device re-purposing scenarios, leveraging Windows Autopilot Reset to quickly prepare a device for a new user, as well as in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.

Question: 106
Measured Skill: Manage User Identity and Roles (35-40%)

You are an administrator for a company. Your company has a hybrid deployment of Microsoft 365.

An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD).

Azure AD Connect is configured as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 cannot change her password from any Microsoft portals.
If the password for User1 is changed in Active Directory, the password in Azure AD will be unchanged.
B User1 cannot change her password from any Microsoft portals.
If the password for User1 is changed in Active Directory, the password in Azure AD will be unchanged.
C User1 can change her password by using self-service password reset feature only.
If the password for User1 is changed in Active Directory, a new randomly generated password will be assigned to User1.
D User1 can change her password by using self-service password reset feature only.
If the password for User1 is changed in Active Directory, the password will be synchronized to Azure AD.
E User1 can change her password from the Office 365 admin center only.
If the password for User1 is changed in Active Directory, the password will be synchronized to Azure AD.
F User1 can change her password from the Office 365 admin center only.
If the password for User1 is changed in Active Directory, a new randomly generated password will be assigned to User1.

Correct answer: E

Explanation:

Password Hash Synchronization is enabled. Passwords are synchronized from Active Directory to Azure AD.

For accounts synced from an on-premises Active Directory, the following applies:

You can not reset the password of a synchronized on-premises user in Azure Portal if password writeback is disabled. If you try in Azure Portal an error message shows up.

Note: In Office 365 Admin Center, the Reset Password action for an on-premises AD synchronized user completes without error message. However, the password does not become active and the user must continue to use the synchronized password to log in.

Question: 107
Measured Skill: Manage Access and Authentication (20-25%)

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes a user named User1.

You enable multi-factor authentication for contoso.com and configure the following two fraud alert settings:
  • Set Allow users to submit fraud alerts: On
  • Automatically block users who report fraud: On
You need to instruct the users in your organization to use the fraud reporting features correctly.

What should you tell the users to do?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AA user can report fraud on her account by: Typing a special code after receiving an alert call
If User1 reports fraud on his account, the account will be blocked automatically for: 90 days
B A user can report fraud on her account by: Typing a special code after receiving an alert call
If User1 reports fraud on his account, the account will be blocked automatically for: 7 days
C A user can report fraud on her account by: Sending an email message to an administrator
If User1 reports fraud on his account, the account will be blocked automatically for: 1 day
D A user can report fraud on her account by: Sending an email message to an administrator
If User1 reports fraud on his account, the account will be blocked automatically for: 90 days
E A user can report fraud on her account by: Using the Microsoft Authenticator app
If User1 reports fraud on his account, the account will be blocked automatically for: 6 hours
F A user can report fraud on her account by: Using the Microsoft Authenticator app
If User1 reports fraud on his account, the account will be blocked automatically for: 1 day

Correct answer: A

Explanation:

Users can report fraud attempts by using the mobile app or through their phone.

Turn on fraud alerts

  1. Sign in to the Azure portal as an administrator.
  2. Browse to Azure Active Directory > MFA > Fraud alert.
  3. Set the Allow users to submit fraud alerts setting to On.
  4. Select Save.

Configuration options

  • Block user when fraud is reported: If a user reports fraud, their account is blocked for 90 days or until an administrator unblocks their account. An administrator can review sign-ins by using the sign-in report, and take appropriate action to prevent future fraud. An administrator can then unblock the user's account.

  • Code to report fraud during initial greeting: When users receive a phone call to perform two-step verification, they normally press # to confirm their sign-in. To report fraud, the user enters a code before pressing #. This code is 0 by default, but you can customize it.

Reference: Configure Azure Multi-Factor Authentication settings

Question: 108
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You are configuring an enterprise application named TestApp in Microsoft Azure as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ATo ensure that when users acess TestApp, ... set Use Http-Only Cookie to Yes.
To protect TestApp from Cross-Site Scripting (XSS), set Use Http-Only Cookie to Yes.
B To ensure that when users acess TestApp, ... set Use Http-Only Cookie to Yes.
To protect TestApp from Cross-Site Scripting (XSS), set Translate URLs in Headers to No.
C To ensure that when users acess TestApp, ... set Translate URLs in Headers to No.
To protect TestApp from Cross-Site Scripting (XSS), set Use Http-Only Cookie to Yes.
D To ensure that when users acess TestApp, ... set Translate URLs in Headers to No.
To protect TestApp from Cross-Site Scripting (XSS), set Use Http-Only Cookie to Yes.
E To ensure that when users acess TestApp, ... set Translate URLs in Application Body to Yes.
To protect TestApp from Cross-Site Scripting (XSS), set Translate URLs in Headers to No.
F To ensure that when users acess TestApp, ... set Translate URLs in Application Body to Yes.
To protect TestApp from Cross-Site Scripting (XSS), set Use Http-Only Cookie to Yes.

Correct answer: F

Explanation:

Link translation is enabled for each application, so that you have control over the user experience at the per-app level. Turn on link translation for an app when you want the links from that app to be translated, not links to that app.

For example, suppose that you have three applications published through Application Proxy that all link to each other: Benefits, Expenses, and Travel. There's a fourth app, Feedback, that isn't published through Application Proxy.

When you enable link translation for the Benefits app, the links to Expenses and Travel are redirected to the external URLs for those apps, but the link to Feedback is not redirected because there is no external URL. Links from Expenses and Travel back to Benefits don't work, because link translation has not been enabled for those two apps.

Getting started with link translation is as easy as clicking a button:

  1. Sign in to the Azure portal as an administrator.

  2. Go to Azure Active Directory > Enterprise applications > All applications > select the app you want to manage > Application proxy.

  3. Turn Translate URLs in application body to Yes.

  4. Select Save to apply your changes.

Now, when your users access this application, the proxy will automatically scan for internal URLs that have been published through Application Proxy on your tenant.

Set use HTTP-Only Cookie to Yes allows Application Proxy to include the HTTPOnly flag in HTTP response headers. This flag provides additional security benefits, for example, it prevents client-side scripting (CSS) from copying or modifying the cookies.

References:

Redirect hardcoded links for apps published with Azure AD Application Proxy

Cookie settings for accessing on-premises applications in Azure Active Directory





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com