• Home
  • Articles
  • 2021 Realistic Verified MS-100 exam dumps Q&As - MS-100 Free Update [Q50-Q68]

2021 Realistic Verified MS-100 exam dumps Q&As - MS-100 Free Update [Q50-Q68]

Share

2021 Realistic Verified MS-100 exam dumps Q&As - MS-100 Free Update 

Use Real MS-100 Dumps - 100% Free MS-100 Exam Dumps

NEW QUESTION 50
You have a Microsoft 365 subscription. You have a user named User1.
You need to ensure that User1 can place a hold on all mailbox content.
What permission should you assign to User1?

  • A. the Compliance Management role from the Exchange admin center
  • B. the Information Protection administrator role from the Azure Active Directory admin center
  • C. the eDiscovery Manager role from the Security & Compliance admin center
  • D. the User management administrator role from the Microsoft 365 admin center

Answer: C

Explanation:
Section: [none]
Explanation:
To create a query-based In-Place Hold, a user requires both the Mailbox Search and Legal Hold roles to be assigned directly or via membership in a role group that has both roles assigned. To create an In-Place Hold without using a query, which places all mailbox items on hold, you must have the Legal Hold role assigned. The Discovery Management role group is assigned both roles.
Reference:
https://docs.microsoft.com/en-us/Exchange/permissions/feature-permissions/policy-and-compliance- permissions?view=exchserver-2019

 

NEW QUESTION 51
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
User1 is the owner of Group1, User2 is the owner of Group2.
You create an access review that contains the following configurations:
* Users to review, Member of a group
* Scope Everyone
* Group: Group1 and Group2
* Review Group owners
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

 

NEW QUESTION 52
Your network contains an Active Directory domain named contoso.com. The domain contains 1000 Windows
8.1 devices.
You plan to deploy a custom Windows 10 Enterprise image to the Windows 8.1 devices.
You need to recommend a Windows 10 deployment method.
What should you recommend?

  • A. Windows Autopilot
  • B. a provisioning package
  • C. Wipe and load refresh
  • D. an in-place upgrade

Answer: D

Explanation:
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/windows10-infrastructure

 

NEW QUESTION 53
Your company has a hybrid deployment of Azure Active Directory (Azure AD).
You purchase a Microsoft 365 subscription.
Your company has a hybrid deployment of Azure Active Directory (Azure AD).
You purchase a Microsoft 365 subscription.
You plan to migrate the Home folder of each user to Microsoft 365 during several weeks. Each user has a device that runs Windows 10.
You need to recommend a solution to migrate the Home folder of five administrative users as quickly as possible.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Each user has a device that runs Windows 10.
You need to recommend a solution to migrate the Home folder of five administrative users as quickly as possible.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

 

NEW QUESTION 54
You implement Microsoft Azure Advanced Threat Protection (Azure ATP).
You have an Azure ATP sensor configured as shown in the following exhibit.
Updates

How long after the Azure ATP cloud service is updated will the sensor update?

  • A. 7 days
  • B. 12 hours
  • C. 1 hour
  • D. 48 hours
  • E. 72 hours

Answer: E

Explanation:
Section: [none]
Explanation:
The exhibit shows that the sensor is configure for Delayed update.
Given the rapid speed of ongoing Azure ATP development and release updates, you may decide to define a subset group of your sensors as a delayed update ring, allowing for a gradual sensor update process. Azure ATP enables you to choose how your sensors are updated and set each sensor as a Delayed update candidate.
Sensors not selected for delayed update are updated automatically, each time the Azure ATP service is updated. Sensors set to Delayed update are updated on a delay of 72 hours, following the official release of each service update.
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/sensor-update

 

NEW QUESTION 55
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
* Users must be able to authenticate during business hours only.
* Authentication requests must be processed successfully if a single server fails.
* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that uses password hash synchronization and seamless SSO.
The solution contains two servers that have an Authentication Agent installed.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
Topic 2, Contoso, Ltd
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The offices have the users and devices shown in the following table.

Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You recently configured the forest to sync to the Azure AD tenant.
You add and then verify adatum.com as an additional domain name.
All servers run Windows Server 2016.
All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.
All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.
Contoso has the users shown in the following table.

Contoso has the groups shown in the following table.

Microsoft Office 365 licenses are assigned only to Group2.
The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.
Requirements
Planned Changes
Contoso plans to provide email addresses for all the users in the following domains:
* East.adatum.com
* Contoso.adatum.com
* Humongousinsurance.com
Technical Requirements
Contoso identifies the following technical requirements:
* All new users must be assigned Office 365 licenses automatically.
* The principle of least privilege must be used whenever possible.
Security Requirements
Contoso identifies the following security requirements:
* Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
* User2 must be able to view reports and schedule the email delivery of security and compliance reports.
* The members of Group1 must be required to answer a security question before changing their password.
* User3 must be able to manage Office 365 connectors.
* User4 must be able to reset User3 password.

 

NEW QUESTION 56
You create the Microsoft 365 tenant.
You implement Azure AD Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 57
You create a Microsoft 365 subscription.
You plan to deploy Microsoft Office 365 ProPlus applications to all the client computers at your company.
You prepare the following XML file for the planned deployment.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016-deployment-tool#updates-element
https://docs.microsoft.com/en-us/deployoffice/overview-of-update-channels-for-office-365-proplus

 

NEW QUESTION 58
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
* Contoso.com
* East.contoso.com
An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.
You deploy a new domain named west.contoso.com to the forest.
You need to ensure that west.contoso.com syncs to the Azure AD tenant.
Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to staging mode.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Section: [none]

 

NEW QUESTION 59
Your company has offices in several cities and 100.000 users.
The network contains an Active Directory domain contoso.com.
You purchase Microsoft 365 and plan to deploy several Microsoft 365 services.
You are evaluating the implementation of pass-through authentication and seamless SSO. Azure AD Connect will NOT be in staging mode.
You need to identify the redundancy limits for the planned implementation.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 60
In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit.

You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?

  • A. an exception
  • B. an action
  • C. a group
  • D. a condition

Answer: A

Explanation:
You need to add an exception. In the Advanced Settings of the DLP policy, you can add a rule to configure the Conditions and Actions. There is also an 'Add Exception' button. This gives you several options that you can select as the exception. One of the options is 'except when recipient domain is'. You need to select that option and enter the domain name contoso.com.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies#how-dlp-policies- work

 

NEW QUESTION 61
You create a Microsoft 365 subscription.
You plan to deploy Microsoft Office 365 ProPlus applications to all the client computers at your company.
You prepare the following XML file for the planned deployment.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016-deployment-tool#updat
https://docs.microsoft.com/en-us/deployoffice/overview-of-update-channels-for-office-365-proplus

 

NEW QUESTION 62
You have a data loss prevention (DLP) policy.
You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM). The solution must minimize the number of false positives.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
https://docs.microsoft.com/en-us/office365/securitycompliance/what-the-sensitive-information-types-look-for#international-classification-of-diseases-icd-9-cm

 

NEW QUESTION 63
You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.

You plan to provide access to an on-premises app named App1 by using Azure AD Application Proxy. App1 will be managed by User4.
You need to identify which user can install the Application Proxy connector.
Which user should you identify?

  • A. User2
  • B. User3
  • C. User1
  • D. User4

Answer: A

Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises- application Testlet 2 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The offices have the users and devices shown in the following table.

Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You recently configured the forest to sync to the Azure AD tenant.
You add and then verify adatum.com as an additional domain name.
All servers run Windows Server 2016.
All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.
All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.
Contoso has the users shown in the following table.

Contoso has the groups shown in the following table.

Microsoft Office 365 licenses are assigned only to Group2.
The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.
Requirements
Planned Changes
Contoso plans to provide email addresses for all the users in the following domains:
* East.adatum.com
* Contoso.adatum.com
* Humongousinsurance.com
Technical Requirements
Contoso identifies the following technical requirements:
* All new users must be assigned Office 365 licenses automatically.
* The principle of least privilege must be used whenever possible.
Security Requirements
Contoso identifies the following security requirements:
* Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
* User2 must be able to view reports and schedule the email delivery of security and compliance reports.
* The members of Group1 must be required to answer a security question before changing their password.
* User3 must be able to manage Office 365 connectors.
* User4 must be able to reset User3 password.

 

NEW QUESTION 64
You have a Microsoft 365 subscription that uses an Azure Directory (Azure AD) tenant named Contoso.com.
The tenant contains the users shown in the following table.

You add another user named user5 to the User administrator role.
You need to identify which management tasks User5 can perform.
Which two tasks should you identify? Each correct answer presents a complete solution.

  • A. Delete User1, User2, and User4 only.
  • B. Reset the password of User2 and User4 only.
  • C. Reset the password of User4 only.
  • D. Delete User2 and User4 only.
  • E. Delete any user in Azure AD.
  • F. Reset the password of any user in Azure AD.

Answer: B,D

Explanation:
Explanation
Users with the User Administrator role can create users and manage all aspects of users with some restrictions (see below).
Only on users who are non-admins or in any of the following limited admin roles:
* Directory Readers
* Guest Inviter
* Helpdesk Administrator
* Message Center Reader
* Reports Reader
* User Administrator
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#availab

 

NEW QUESTION 65
You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

  • A. Create a new app registration.
  • B. Create a conditional access policy.
  • C. Create an activity policy.
  • D. Create a session policy.

Answer: B

Explanation:
Section: [none]
Explanation:
You can configure a conditional access policy that applies to the Finance department users. The policy can be configured to 'Allow access' but with multi-factor authentication as a requirement.
The reference below explains how to create a conditional access policy that requires MFA for all users. To apply the policy to finance users only, you would select Users and Group in the Include section instead of All Users and then specify the finance department group.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Create a sign-in risk policy.
2. Create a conditional access policy.
Other incorrect answer options you may see on the exam include the following:
1. Create an activity policy.
2. Create a session policy.
3. Create an app permission policy.
4. Configure the sign-in status for the user accounts of the finance department users.
5. Assign an Enterprise Mobility + Security E5 license to the finance department users.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all- users-mfa

 

NEW QUESTION 66
Your company has a Microsoft 365 subscription.
You need to identify which users performed the following privileged administration tasks:
Deleted a folder from the second-stage Recycle Bin if Microsoft SharePoint Opened a mailbox of which the user was not the owner Reset a user password What should you use?

  • A. Microsoft Azure Active Directory (Azure AD) audit logs
  • B. Microsoft Azure Active Directory (Azure AD) sign-ins
  • C. Security & Compliance audit log search
  • D. Security & Compliance content search

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-logs-overview

 

NEW QUESTION 67
You create the Microsoft 365 tenant.
You implement Azure AD Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 68
......

Pass MS-100 exam Updated 304 Questions: https://prep4sure.real4prep.com/MS-100-exam.html

Related Articles

more
Microsoft MS-100 Certification Practice Exam