Skip Navigation Links
 

Microsoft - MS-100: Microsoft 365 Identity and Services

Sample Questions

Question: 290
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You add an app named App1 to the enterprise applications in contoso.com.

You need to configure self-service app access for App1.

What should you do first?

AAssign App1 to users and groups.
B Add an owner to App1.
C Configure the provisioning mode for App1.
D Configure an SSO method for App1.

Correct answer: D

Explanation:

Before your users can self-discover applications from their access panel, you need to enable Self-service application access to any applications that you wish to allow users to self-discover and request access to.

This feature is a great way for you to save time and money as an IT group, and is highly recommended as part of a modern applications deployment with Azure Active Directory.

Using this feature, you can:

  • Let users self-discover applications from the Application Access Panel without bothering the IT group.

  • Add those users to a pre-configured group so you can see who has requested access, remove access, and manage the roles assigned to them.

  • Optionally allow a business approver to approve application access requests so the IT group doesn’t have to.

  • Optionally configure up to 10 individuals who may approve access to this application.

  • Optionally allow a business approver to set the passwords those users can use to sign in to the application, right from the business approver’s Application Access Panel.

  • Optionally automatically assign self-service assigned users to an application role directly.

Before you can enable self-service for App1, you need to configure an SSO method for the app.



Question: 291
Measured Skill: Manage User Identity and Roles (35-40%)

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.



You configure Azure AD Connect to sync contoso.com to Azure Active Directory.

Which objects will sync to Azure AD?

AGroup1, User1, and User2
B Group1 and User1 only
C User1 and User2 only
D Group1 only

Correct answer: A

Explanation:

Important points to be aware of when synchronizing groups from Active Directory to Azure AD:

  • Azure AD Connect excludes built-in security groups from directory synchronization.

  • Azure AD Connect does not support synchronizing Primary Group memberships to Azure AD.

  • Azure AD Connect does not support synchronizing Dynamic Distribution Group memberships to Azure AD.

  • To synchronize an Active Directory group to Azure AD as a mail-enabled group:

    • If the group's proxyAddress attribute is empty, its mail attribute must have a value

    • If the group's proxyAddress attribute is non-empty, it must contain at least one SMTP proxy address value. Here are some examples:

      • An Active Directory group whose proxyAddress attribute has value {"X500:/0=contoso.com/ou=users/cn=testgroup"} will not be mail-enabled in Azure AD. It does not have an SMTP address.

      • An Active Directory group whose proxyAddress attribute has values {"X500:/0=contoso.com/ou=users/cn=testgroup","SMTP:johndoe@contoso.com"} will be mail-enabled in Azure AD.

      • An Active Directory group whose proxyAddress attribute has values {"X500:/0=contoso.com/ou=users/cn=testgroup", "smtp:johndoe@contoso.com"} will also be mail-enabled in Azure AD.

Disabled accounts are synchronized as well to Azure AD. Disabled accounts are common to represent resources in Exchange, for example conference rooms.

Reference: Azure AD Connect sync: Understanding Users, Groups, and Contacts

Question: 292
Measured Skill: Manage Access and Authentication (20-25%)

You have a Microsoft 365 E5 subscription.

You need to ensure that users are prompted for multi-factor authentication (MFA) when they attempt to access Microsoft SharePoint Online resources. Users must NOT be prompted for MFA when they attempt to access other Microsoft 365 services.

What should you do?

AFrom the Microsoft Endpoint Manager admin center, create an app protection policy.
B From the multi-factor authentication page, configure the users settings.
C From the Azure Active Directory admin center, create a conditional access policy.
D From the Cloud App Security admin center, create an app access policy.

Correct answer: C

Explanation:

We should configure a conditional access policy that requires multi-factor authentication (MFA) for all users accessing SharePoint Online.



Reference: Configuring Azure Active Directory Conditional Access

Question: 293
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You manage multiple devices by using Microsoft Endpoint Manager. The devices run on the following operating systems:
  • Android 8.0, Android 8.1.0, and Android 9
  • iOS 12 and iOS 13
  • MacOS 10.14
  • Windows 10
You need to deploy Microsoft 365 apps to the devices.

From the Microsoft Endpoint Manager admin center, what is the minimum number of apps you should create?

A1
B 3
C 4
D 7

Correct answer: C

Explanation:

We need to add the Microsoft 365 apps for each operating system family and create a separate assignment to devices or users for each Microsoft 365 apps version.

Reference: Add apps to Microsoft Intune

Question: 294
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.



You have an on-premises web app named AppA. Group1 has permissions to access AppA.

You configure an Azure Active Directory (Azure AD) Application Proxy.

You add an Application Proxy entry for AppA as shown the following exhibit.



You assign the AppA enterprise application in Azure to Group2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can access AppA by using the external URL: Yes
User2 can access AppA in the My Apps portal: Yes
User3 can access AppA by using the external URL: Yes
B User1 can access AppA by using the external URL: Yes
User2 can access AppA in the My Apps portal: Yes
User3 can access AppA by using the external URL: No
C User1 can access AppA by using the external URL: Yes
User2 can access AppA in the My Apps portal: No
User3 can access AppA by using the external URL: Yes
D User1 can access AppA by using the external URL: No
User2 can access AppA in the My Apps portal: Yes
User3 can access AppA by using the external URL: No
E User1 can access AppA by using the external URL: No
User2 can access AppA in the My Apps portal: No
User3 can access AppA by using the external URL: Yes
F User1 can access AppA by using the external URL: No
User2 can access AppA in the My Apps portal: No
User3 can access AppA by using the external URL: No

Correct answer: D

Explanation:

User1 is a member of Group2. The enterprise app is assigned to Group2. However, the authentication method is "Passthrough" so the authentication will be passed to the on-premises web app. Only Group1 has access to the web app. Therefore, User1 will not be able to access the web app.

User2 is a member of Group1 and Group2. The enterprise app is assigned to Group2. The authentication method is "Passthrough" so the authentication will be passed to the on-premises web app. Group1 has access to the web app. Therefore, User2 will be able to access the web app from the MyApps portal.

User3 is a member of Group1. Group1 has access to the web app so User3 could access the app on-premises. However, the enterprise app is assigned to Group2 which User3 is not a member of. Therefore, User3 will not be able to access the external URL of the web app.

Note: Assigning AppA as an Azure enterprise application to Group2, makes AppA available to the members of Group2 from the MyApps portal.





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com