Skip Navigation Links
 

Microsoft - MS-100: Microsoft 365 Identity and Services

Sample Questions

Question: 278
Measured Skill: Manage User Identity and Roles (35-40%)

Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.



The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.



User2 fails to authenticate to Azure AD when signing in as user2@fabrikam.com.

You need to ensure that User2 can access the resources in Azure AD.

Solution: From the Azure Active Directory admin center, you assign User2 the Security reader role. You instruct User2 to sign in as user2@contoso.com.

Does this meet the goal?

AYes
B No

Correct answer: B

Explanation:

The company has an Active Directory Domain Services (AD DS) domain named contoso.com. However, user2 has an alternative user principal name suffix named fabrikam.com that differs from the domain name.

Azure AD Connect synchronizes the user principal name and password of your users so that users can sign in to Microsoft 365 services with the same credentials that they use locally . However, Azure AD Connect only syncs users with domains that have been verified by Microsoft 365.

We need to add and verify the alternate user principal name suffix in Azure AD as a custom domain. This will ensure that @fabrikam.com users are synchronized. Alternatively, the user principal name suffix can be changed to @contoso.com to ensure that the user is synchronized. However, he would then have to use the name User2@contoso.com to log on to Microsoft 365 services.

Note: If the user principal name suffix contains a non-routable domain, for example .local (user2@contoso.local), the synchronized user in Azure AD is assigned an .onmicrosoft.com domain (user2@contoso.onmicrosoft.com).

Reference: Prepare a non-routable domain for directory synchronization

Question: 279
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.



You configure the Office software download settings as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can use Microsoft Word Online to edit documents when he signs in to https://www.office.com: Yes
User2 can install Office 365 apps on his device when he signs in to https://www.office.com: Yes
User3 can install Microsoft Word on his device when he signs in to https://www.office.com: Yes
B User1 can use Microsoft Word Online to edit documents when he signs in to https://www.office.com: Yes
User2 can install Office 365 apps on his device when he signs in to https://www.office.com: Yes
User3 can install Microsoft Word on his device when he signs in to https://www.office.com: No
C User1 can use Microsoft Word Online to edit documents when he signs in to https://www.office.com: Yes
User2 can install Office 365 apps on his device when he signs in to https://www.office.com: No
User3 can install Microsoft Word on his device when he signs in to https://www.office.com: Yes
D User1 can use Microsoft Word Online to edit documents when he signs in to https://www.office.com: No
User2 can install Office 365 apps on his device when he signs in to https://www.office.com: Yes
User3 can install Microsoft Word on his device when he signs in to https://www.office.com: No
E User1 can use Microsoft Word Online to edit documents when he signs in to https://www.office.com: No
User2 can install Office 365 apps on his device when he signs in to https://www.office.com: Yes
User3 can install Microsoft Word on his device when he signs in to https://www.office.com: Yes
F User1 can use Microsoft Word Online to edit documents when he signs in to https://www.office.com: No
User2 can install Office 365 apps on his device when he signs in to https://www.office.com: No
User3 can install Microsoft Word on his device when he signs in to https://www.office.com: No

Correct answer: D

Explanation:

User1 does not have an Office 365 license. He cannot install the Office 365 apps on his Windows 10 computer, nor can he use the online versions of the Office applications.

User1 can install Skype for Business Basic for Office 365. Other Office 365 Apps are not available to him, since he has no license assigned.

User2 has an Office 365 E5 license which allows him to install Office 365 apps on up to five Windows or MAC devices.

User3 has an Office 365 E5 license which allows him to install Office 365 apps on up to five Windows or MAC devices. User3 can install Microsoft Word as part of the Microsoft Office 365 suite. He cannot install Microsoft Word only. User3 cannot install Microsoft Word on his Android device but he can install the Microsoft Word App from the Android store.

Question: 280
Measured Skill: Design and Implement Microsoft 365 Services (25-30%)

You have a Microsoft 365 subscription that contains the users shown in the following table.



You plan to use Exchange Online to manage email for a DNS domain.

An administrator adds the DNS domain to the subscription. The DNS domain has a status of incomplete setup.

You need to identify which user can complete the setup of the DNS domain. The solution must use the principle of least privilege.

Which user should you identify?

AUser1
B User2
C User3
D User4

Correct answer: A

Explanation:

To Add, modify or remove domains you must be a Global Administrator of a business or enterprise plan. These changes affect the whole tenant, Customized administrators or regular users won't be able to make these changes.

Reference: Add a domain to Microsoft 365

Question: 281
Measured Skill: Manage User Identity and Roles (35-40%)

Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
  • contoso.com
  • east.contoso.com
The forest contains the users shown in the following table.



The forest syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can authenticate to Azure AD by using a username of user1@contoso.com: Yes
User2 can authenticate to Azure AD by using a username of user2@contoso.com: Yes
User3 can authenticate to Azure AD by using a username of user3@contoso.com: Yes
B User1 can authenticate to Azure AD by using a username of user1@contoso.com: Yes
User2 can authenticate to Azure AD by using a username of user2@contoso.com: Yes
User3 can authenticate to Azure AD by using a username of user3@contoso.com: No
C User1 can authenticate to Azure AD by using a username of user1@contoso.com: Yes
User2 can authenticate to Azure AD by using a username of user2@contoso.com: No
User3 can authenticate to Azure AD by using a username of user3@contoso.com: No
D User1 can authenticate to Azure AD by using a username of user1@contoso.com: No
User2 can authenticate to Azure AD by using a username of user2@contoso.com: Yes
User3 can authenticate to Azure AD by using a username of user3@contoso.com: No
E User1 can authenticate to Azure AD by using a username of user1@contoso.com: No
User2 can authenticate to Azure AD by using a username of user2@contoso.com: No
User3 can authenticate to Azure AD by using a username of user3@contoso.com: Yes
F User1 can authenticate to Azure AD by using a username of user1@contoso.com: No
User2 can authenticate to Azure AD by using a username of user2@contoso.com: No
User3 can authenticate to Azure AD by using a username of user3@contoso.com: No

Correct answer: C

Explanation:

The company has an Active Directory forest with two domains. The fabrikam.com domain is an alternative user principal name suffix. Only one domain (contoso.com) is configured for synchronization.

Azure AD Connect synchronizes the user principal name and password of your users so that users can sign in to Microsoft 365 services with the same credentials that they use locally. However, Azure AD Connect only syncs users with domains that have been verified by Microsoft 365.

User2 can authenticate to Azure AD using his username. User2 and User3 do not have @contoso.com as their UPN suffix, therefore they cannot use it for sign-in.

Question: 282
Measured Skill:

You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.



From the Sign-ins blade of the Azure Active Directory admin center, for which users can User1 and User2 view the sign-ins?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can view the sign-ins for the following users: User1 only
User2 can view the sign-ins for the following users: User2 only
B User1 can view the sign-ins for the following users: User1, User2, and User3 only
User2 can view the sign-ins for the following users: User1, User2, and User3 only
C User1 can view the sign-ins for the following users: User1 only
User2 can view the sign-ins for the following users: User1, User2, and User3 only
D User1 can view the sign-ins for the following users: User1, User2, User3, and User4
User2 can view the sign-ins for the following users: User2 only
E User1 can view the sign-ins for the following users: User1 only
User2 can view the sign-ins for the following users: User1, User2, User3, and User4
F User1 can view the sign-ins for the following users: User1, User2, User3, and User4
User2 can view the sign-ins for the following users: User1, User2, User3, and User4

Correct answer: D

Explanation:

The reporting architecture in Azure Active Directory (Azure AD) consists of the following components:

  • Activity
    • Sign-ins – Information about the usage of managed applications and user sign-in activities.
    • Audit logs - Audit logs provide system activity information about users and group management, managed applications, and directory activities.
  • Security
    • Risky sign-ins - A risky sign-in is an indicator for a sign-in attempt by someone who isn't the legitimate owner of a user account.
    • Users flagged for risk - A risky user is an indicator for a user account that might have been compromised.

This article gives you an overview of the sign-ins report.

Who can access the data?

  • Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles
  • Global Administrators
  • Any user (non-admins) can access their own sign-ins

The sign-in activity report is available in all editions of Azure AD.

Reference: Sign-in activity reports in the Azure Active Directory portal





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com