Microsoft Microsoft Certifications MS-100 Questions & Answers

• Question 281:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.

  You need to be notified if the SharePoint policy is modified in the future.

  Solution: From the Security and Compliance admin center, you create a threat management policy.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  We can create a threat management policy to alert us when the sharing policy is changed.

  Create a new Alert policy > under Category select Threat Management > under `Activity is' scroll down to the `Site administration activities' and select `Changed a sharing policy'.

• Question 282:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.

  You need to be notified if the SharePoint policy is modified in the future.

  Solution: From the SharePoint admin center, you modify the sharing settings.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  You need to create a threat management policy in the Security and Compliance admin center.

• Question 283:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.

  You need to be notified if the SharePoint policy is modified in the future.

  Solution: From the SharePoint site, you create an alert.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  You need to create a threat management policy in the Security and Compliance admin center.

• Question 284:

  Your company has a hybrid deployment of Microsoft 365.

  Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed.

  You need to verify whether all the Authentication Agents are used for authentication.

  What should you do?

  A. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page.

  B. From Performance Monitor, use the #PTA authentications counter.

  C. From the Azure portal, use the Diagnostics settings on the Monitor blade.

  D. From Performance Monitor, use the Kerberos authentications counter.

  Correct Answer: A

  On the Troubleshoot page, you can view how many agents are configured. If you click on the agents link, you can view the status of each agent. Each agent will have a status of Active or Inactive.

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-pass-through-authentication

• Question 285:

  You have a Microsoft 365 subscription that contains the domains shown in the following exhibit.

  

  Which domain name suffixes can you use when you create users?

  A. only Sub1.Contoso1919.onmicrosoft.com

  B. only Contoso1919.onmicrosoft.com and Sub2.Contoso1919.onmicrosoft.com

  C. only Contoso1919.onmicrosoft.com, Sub1.Contoso1919.onmicrosoft.com, and Sub2.Contoso1919.onmicrosoft.com

  D. all the domains in the subscription

  Correct Answer: C

• Question 286:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:

  Contoso.com

  East.contoso.com

  An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.

  You deploy a new domain named west.contoso.com to the forest.

  You need to ensure that west.contoso.com syncs to the Azure AD tenant.

  Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to staging mode.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  When Azure AD Connect is set to staging mode, this action makes the server active for import and synchronization, but it does not run any exports. A server in staging mode is not running password sync or password writeback, even if you selected these features during installation.

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server

• Question 287:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:

  Contoso.com

  East.contoso.com

  An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.

  You deploy a new domain named west.contoso.com to the forest.

  You need to ensure that west.contoso.com syncs to the Azure AD tenant.

  Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to active mode.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  You can only have one the AD Connect per tenant and one is already located in the root domain. Instead, run the wizard and add the new child domain to sync.

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

• Question 288:

  You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

  Corporate policy states that user passwords must not include the word Contoso.

  What should you do to implement the corporate policy?

  A. From the Azure Active Directory admin center, configure the Password protection settings.

  B. From the Microsoft 365 admin center, configure the Password policy settings.

  C. From Azure AD Identity Protection, configure a sign-in risk policy.

  D. From the Azure Active Directory admin center, create a conditional access policy.

  Correct Answer: A

  The Password protection settings allows you to specify a banned password list of phrases that users cannot use as part of their passwords.

  References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-configure https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad#custom-banned-password-list

• Question 289:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:

  1.

  Contoso.com

  2.

  East.contoso.com

  An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.

  You deploy a new domain named west.contoso.com to the forest.

  You need to ensure that west.contoso.com syncs to the Azure AD tenant.

  Solution: You create an Azure DNS zone for west.contoso.com. On the on-premises DNS servers, you create a conditional forwarder for west.contoso.com.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 290:

  Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com. Your company recently purchased a Microsoft 365 subscription.

  You deploy a federated identity solution to the environment.

  You use the following command to configure contoso.com for federation.

  Convert-MsolDomaintoFederated -DomainName contoso.com

  In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.

  You need to configure the adatum.com Active Directory domain for federated authentication.

  Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. From Windows PowerShell, run the Convert-MsolDomaintoFederated -DomainName contoso.com -SupportMultipleDomain command.

  B. From Windows PowerShell, run the New-MsolFederatedDomain -SupportMultipleDomain -DomainName contoso.com command.

  C. From Windows PowerShell, run the New-MsolFederatedDomain -DomainName adatum.com command.

  D. From Windows PowerShell, run the Update-MSOLFederatedDomain-DomainName contoso.com -SupportMultipleDomain command.

  E. From the federation server, remove the Microsoft Office 365 relying party trust.

  Correct Answer: AE

  When the Convert-MsolDomaintoFederated -DomainName contoso.com command was run, a relying party trust was created.

  Adding a second domain (adatum.com in this case) will only work if the SupportMultipleDomain switch was used when the initial federation was configured by running the Convert-MsolDomaintoFederated -DomainName contoso.com

  command.

  Therefore, we need to start again by removing the relying party trust then running the Convert-MsolDomaintoFederated command again with the SupportMultipleDomain switch.