Skip Navigation Links
 

Microsoft - MS-100: Microsoft 365 Identity and Services

Sample Questions

Question: 483
Measured Skill: Manage User Identity and Roles (35-40%)

You have a Microsoft 365 E5 subscription.

You need to implement Identity Protection. The solution must meet the following requirements:
  • Identify when a user's credentials are compromised and shared on the dark web.
  • Provide users that have compromised credentials with the ability to self-remediate.
What should you do?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ATo identify when users have compromised credentials, configure: A user risk policy
To enable self-remediation, select: Generate a temporary password
B To identify when users have compromised credentials, configure: A registration policy
To enable self-remediation, select: Generate a temporary password
C To identify when users have compromised credentials, configure: A sign-in policy
To enable self-remediation, select: Require multi-factor authentication
D To identify when users have compromised credentials, configure: Multi-factor authentication (MFA)
To enable self-remediation, select: Require multi-factor authentication
E To identify when users have compromised credentials, configure: A sign-in policy
To enable self-remediation, select: Require password change
F To identify when users have compromised credentials, configure: A user risk policy
To enable self-remediation, select: Require password change

Correct answer: F

Explanation:

Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure Active Directory, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users. Microsoft analyses trillions of signals per day to identify and protect customers from threats. 

In Azure Active Directory (Azure AD) Identity Protection you can set up two kinds of risk policies to automate the response to risks and allow users to self-remediate when risk is detected:

  • Sign-in risk policy
  • User risk policy

The leaked credentials risk detection is nonpremium user risk detection. This risk detection type indicates that the user's valid credentials have been leaked. When cybercriminals compromise valid passwords of legitimate users, they often share those credentials. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they're checked against Azure AD users' current valid credentials to find valid matches.

Microsoft finds leaked credentials in various places, including:

  • Public paste sites such as pastebin.com and paste.ca where bad actors typically post such material. This location is most bad actors' first stop on their hunt to find stolen credentials.
  • Law enforcement agencies.
  • Other groups at Microsoft doing dark web research.

Organizations can choose to block access when risk is detected. Blocking sometimes stops legitimate users from doing what they need to. A better solution is to allow self-remediation using Azure AD multifactor authentication (MFA) and secure self-service password reset (SSPR).

Microsoft recommends the below risk policy configurations to protect your organization:

  • User risk policy
    • Require a secure password reset when user risk level is High. Azure AD MFA is required before the user can create a new password with SSPR to remediate their risk.
  • Sign-in risk policy
    • Require Azure AD MFA when sign-in risk level is Medium or High, allowing users to prove it's them by using one of their registered authentication methods, remediating the sign-in risk.

Warning: Users must register for Azure AD MFA and SSPR before they face a situation requiring remediation. Users not registered are blocked and require administrator intervention.

References:

What is Identity Protection?

What is risk?

Configure and enable risk policies



Question: 484
Measured Skill: Manage Access and Authentication (20-25%)

You have a Microsoft 365 E5 subscription.

You plan to implement Microsoft 365 usage analytics reports in Microsoft Power BI.

You need to ensure that the Microsoft 365 usage analytics template app can access Microsoft 365 usage data.

Which Authentication method should you select for Power BI?

AAnonymous
B OAuth2
C Web API
D Basic

Correct answer: B

Explanation:

To get started with Microsoft 365 usage analytics you must first make the data available in the Microsoft 365 admin center, then select Reports > Usage and initiate the template app in Power BI.

Start the template app

To start the template app, you have to be either a global administrator, report reader, Exchange administrator, Skype for Business administrator, or SharePoint administrator.

  1. Copy the tenant ID and select Go to Power BI.

  2. When you get to Power BI, sign in. Then Select Apps -> Get apps from the navigation menu.

  3. In the Apps tab, type Microsoft 365 in the search box and then select Microsoft 365 usage analytics > Get it now.

  4. Once the app is installed. Select the tile to open it.

  5. Select Explore app to view the app with sample data. Choose Connect to connect the app to your organization’s data.

  6. Choose Connect, on the Connect to Microsoft 365 usage analytics screen, then type in the tenant ID (without dashes) you copied in step (1), and select Next.

  7. On the next screen, select OAuth2 as the Authentication method > Sign in. If you choose any other authentication method, the connection to the template app will fail.

  8. After the template app is instantiated the Microsoft 365 usage analytics dashboard will be available in Power BI on the web. The initial loading of the dashboard will take between 2 to 30 minutes.

Reference: Enable Microsoft 365 usage analytics



Question: 485
Measured Skill: Design and Implement Microsoft 365 Services (25-30%)

You have a Microsoft 365 subscription.

You need to review metrics for the following:
  • The daily active users in Microsoft Teams.
  • Recent Microsoft service issues.
What should you use?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ADaily active users in Microsoft Teams: Microsoft Secure Score
Recent Microsoft service issues: Productivity Score
B Daily active users in Microsoft Teams: Productivity Score
Recent Microsoft service issues: Usage reports
C Daily active users in Microsoft Teams: Productivity Score
Recent Microsoft service issues: Service health
D Daily active users in Microsoft Teams: Service health
Recent Microsoft service issues: Microsoft Secure Score
E Daily active users in Microsoft Teams: Usage reports
Recent Microsoft service issues: Service health
F Daily active users in Microsoft Teams: Usage reports
Recent Microsoft service issues: Productivity Score

Correct answer: E

Explanation:

The Teams usage report in the Microsoft Teams admin center gives you an overview of the usage activity in Teams, including the number of active users and channels, so you can quickly see how many users across your organization are using Teams to communicate and collaborate. You can view usage information for teams, including the number of active users and channels, guests, and messages in each team.

The Teams reports show data for active users and active channels. The Active user item measures the number of unique users who perform an action in Teams during the specified date range.

You can view the health of your Microsoft services
, including Office on the web, Yammer, Microsoft Dynamics CRM, and mobile device management cloud services, on the Service health page in the Microsoft 365 admin center. If you are experiencing problems with a cloud service, you can check the service health to determine whether this is a known issue with a resolution in progress before you call support or spend time troubleshooting.

References:

Microsoft Teams usage report

How to check Microsoft 365 service health



Question: 486
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You are an administrator for a company. You manage a Microsoft Exchange Server 2019 hybrid deployment.

You have the on-premises mailboxes shown in the following table.



You add the mailbox permissions shown in the following table.



You plan to migrate the mailboxes to Exchange Online by using remote mailbox move requests. The mailboxes will be migrated according to the schedule shown in the following table.



Mailboxes migrated the same week will have their mailbox move requests included in the same batch and will be cut over simultaneously.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AThe mail forwarding settings of the User1 mailbox will be preserved automatically after the migration: Yes
The permissions granted to User4 for the User2 mailbox will be preserved automatically after the migration: Yes
The permissions granted to User3 for the User4 mailbox will be preserved automatically after the migration: Yes
B The mail forwarding settings of the User1 mailbox will be preserved automatically after the migration: Yes
The permissions granted to User4 for the User2 mailbox will be preserved automatically after the migration: Yes
The permissions granted to User3 for the User4 mailbox will be preserved automatically after the migration: No
C The mail forwarding settings of the User1 mailbox will be preserved automatically after the migration: No
The permissions granted to User4 for the User2 mailbox will be preserved automatically after the migration: Yes
The permissions granted to User3 for the User4 mailbox will be preserved automatically after the migration: No
D The mail forwarding settings of the User1 mailbox will be preserved automatically after the migration: No
The permissions granted to User4 for the User2 mailbox will be preserved automatically after the migration: Yes
The permissions granted to User3 for the User4 mailbox will be preserved automatically after the migration: Yes
E The mail forwarding settings of the User1 mailbox will be preserved automatically after the migration: No
The permissions granted to User4 for the User2 mailbox will be preserved automatically after the migration: No
The permissions granted to User3 for the User4 mailbox will be preserved automatically after the migration: Yes
F The mail forwarding settings of the User1 mailbox will be preserved automatically after the migration: No
The permissions granted to User4 for the User2 mailbox will be preserved automatically after the migration: No
The permissions granted to User3 for the User4 mailbox will be preserved automatically after the migration: No

Correct answer: E

Explanation:

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.

A hybrid deployment enables you to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.

On-premises mailbox permissions such as Send As, Full Access, Send on Behalf, and folder permissions, that are explicitly applied on the mailbox are migrated to Exchange Online. Inherited (non-explicit) mailbox permissions and permissions granted to objects that aren't mail enabled in Exchange Online are not migrated. You should ensure all permissions are explicitly granted and all objects are mail enabled prior to migration. Therefore, you have to plan for configuring these permissions in Office 365 if applicable for your organization. In the case of Send As permissions, if the user and the resource attempting to be sent as aren't moved at the same time, you'll need to explicitly add the Send As permission in Exchange Online using the Add-RecipientPermission cmdlet.

Mailboxes can be set up to automatically forward mail sent to them to another mailbox. While mailbox forwarding is supported in Exchange Online, the forwarding configuration isn't copied to Exchange Online when the mailbox is migrated there. Before you migrate a mailbox to Exchange Online, make sure you export the forwarding configuration for each mailbox. The forwarding configuration is stored in the DeliverToMailboxAndForward, ForwardingAddress, and ForwardingSmtpAddress properties on each mailbox.

Reference: Exchange Server hybrid deployments

Question: 487
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You have a Microsoft 365 tenant.

A partner company has an email domain named contoso.com.

You need to prevent out-of-office replies from being sent to contoso.com.

What should you create?

AA rule
B A connector
C A remote domain
D An organization relationship

Correct answer: C

Explanation:

We should create a remote domain for contoso.com and set the Out of Office automatic reply types option to None.





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2023 by cert2brain.com