Microsoft MS-100 Dumps - Microsoft 365 Identity and Services PDF Sample Questions

discount banner
Exam Code:
MS-100
Exam Name:
Microsoft 365 Identity and Services
428 Questions
Last Update Date : 15 April, 2024
PDF + Test Engine
$55 $71.5
Test Engine Only Demo
$45 $58.5
PDF Only Demo
$35 $45.5

Microsoft MS-100 This Week Result

0

They can't be wrong

0

Score in Real Exam at Testing Centre

0

Questions came word by word from this dumps

MS-100 Complete Exam Detail

Detail Information
Total Time 120 minutes
Exam Fee $165 USD (Price may vary by country/region)
Passing Marks 700 out of 1000
Available Languages English, Japanese, Chinese (Simplified), Korean, Spanish, German, French, Portuguese (Brazil)
Exam Code MS-100
Exam Title Microsoft 365 Identity and Services
Exam Format Multiple choice, scenario-based
Skills Measured - Design and implement Microsoft 365 services
- Manage user identity and roles
- Manage access and authentication
- Plan Office 365 workloads and applications
- Implement modern device services
- Implement Microsoft 365 security and threat management
Prerequisites Familiarity with Microsoft 365 workloads and networking fundamentals

MS-100 COMPLETE EXAM TOPICS BREAKDOWN

Exam Topic Weightage (%)
Design and implement Microsoft 365 services 25
Manage user identity and roles 25
Manage access and authentication 15
Plan Office 365 workloads and applications 25
Implement modern device services 10
Implement Microsoft 365 security and threat management 25

Best Microsoft MS-100 Dumps - pass your exam In First Attempt

Our MS-100 dumps are better than all other cheap MS-100 study material.

Only best way to pass your Microsoft MS-100 is that if you will get reliable exam study materials. We ensure you that realexamdumps is one of the most authentic website for Microsoft Microsoft 365 exam question answers. Pass your MS-100 Microsoft 365 Identity and Services with full confidence. You can get free Microsoft 365 Identity and Services demo from realexamdumps. We ensure 100% your success in MS-100 Exam with the help of Microsoft Dumps. you will feel proud to become a part of realexamdumps family.

Our success rate from past 5 year very impressive. Our customers are able to build their carrier in IT field.

Owl
Search

45000+ Exams

Buy

Desire Exam

Download

Exam

and pass your exam...

Related Exam

Realexamdumps Providing most updated Microsoft 365 Question Answers. Here are a few exams:


Sample Questions

Realexamdumps Providing most updated Microsoft 365 Question Answers. Here are a few sample questions:

Microsoft MS-100 Sample Question 1

You create a Microsoft 365 Enterprise subscription.

You assign licenses for all products to all users.

You need to ensure that all Microsoft Office 365 ProPlus installations occur from a network share. The solution must prevent the users from installing Office 365 ProPlus from the Internet.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.


Options:

A. From your computer, run setup.exe /download downloadconfig.xml.
B. Create an XML download file.
C. From the Microsoft 365 admin center, deactivate the Office 365 licenses for all the users.
D. From each client computer, run setup.exe /configure installconfig.xml.
E. From the Microsoft 365 admin center, configure the Software download settings.

Answer: B, D, E Explanation: Explanation: You can use the Office Deployment Tool (ODT) to download the installation files for Office 365 ProPlus from a local source on your network instead of from the Office Content Delivery Network (CDN).The first step is to create the configuration file. You can download an XML template file and modify that.The next step to install Office 365 ProPlus is to run the ODT executable in configure mode with a reference to the configuration file you just saved. In the following example, the configuration file is named installconfig.xml. setup.exe /configure installconfig.xmlAfter running the command, you should see the Office installation start.To prevent the users from installing Office 365 ProPlus from the Internet, you need to configure the Software download settings (disallow downloads) in the Microsoft 365 admin center.Reference: [Reference:, https://docs.microsoft.com/en-us/deployoffice/overview-of-the-office-2016-deployment-tool#download-the-installation-files-for-office-365-proplus-from-a-local-source, ]

Microsoft MS-100 Sample Question 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are

connected to your on-premises network.

Solution: From the Microsoft 365 admin center, you configure the Organization profile settings.

Does this meet the goal?


Options:

A. Yes
B. No

Answer: B Explanation: Explanation: Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.References:https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Onlineand-OneDrive-for/ba-p/46679

Microsoft MS-100 Sample Question 3

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

admin@LODSe426243.onmicrosoft.com

Microsoft 365 Password: 3&YWyjse-6-d

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10887751

You plan to allow the users in your organization to invite external users as guest users to your Microsoft 365 tenant.

You need to prevent the organization’s users from inviting guests who have an email address that uses a suffix of @gmail.com.


Options:

Answer: Answer: See explanation below. Explanation: Explanation: You need to add gmail.com as a denied domain in the ‘External collaboration settings’.1. Go to the Azure Active Directory admin center.2. Select Users then select ‘User settings’.3. Under External Users, select the ‘Manage external collaboration settings’.4. Under ‘Collaboration restrictions’, select the ‘Deny invitations to the specified domains’ option.5. Under, Target Domains, type in the domain name ‘gmail.com’6. Click the Save button at the top of the screen to save your changes.References:https://docs.microsoft.com/en-us/azure/active-dire ctory/b2b/allow-deny-lisu

Microsoft MS-100 Sample Question 4

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that

contains a user named User1.

You suspect that an imposter is signing in to Azure AD by using the credentials of User1.

You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past

24 hours.

To which three roles should you add Admin1? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.


Options:

A. Security administrator
B. Password administrator
C. User administrator
D. Compliance administrator
E. Reports reader
F. Security reader

Answer: A, E, F Explanation: Explanation: Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles can view thesign in details.Reference: [Reference:, https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins, , ]

Microsoft MS-100 Sample Question 5

You need to assign User2 the required roles to meet the security requirements and the technical requirements.

To which two roles should you assign User2? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.


Options:

A. the Exchange View-only Organization Management role
B. the Microsoft 365 Records Management role
C. the Exchange Online Help Desk role
D. the Microsoft 365 Security Reader role
E. the Exchange Online Compliance Management role

Answer: D, E Explanation: Explanation: User2 must be able to view reports and schedule the email delivery of security and compliance reports.The Security Reader role can view reports but not schedule the email delivery of security and compliance reports.The Exchange Online Compliance Management role can schedule the email delivery of security and compliance reports.Reference: [Reference:, https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo, ]

Microsoft MS-100 Sample Question 6

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You add an app named App1 to the enterprise applications in contoso.com.

You need to configure self-service for App1.

What should you do first?


Options:

A. Assign App1 to users and groups.
B. Add an owner to App1.
C. Configure the provisioning mode for App1.
D. Configure an SSO method for App1.

Answer: C Explanation: Explanation: The provisioning mode (manual or automatic) needs to be configured for an app before you can enable self-service application access.References:https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-accest

Microsoft MS-100 Sample Question 7

You need to meet the security requirement for Group1.

What should you do?


Options:

A. Configure all users to sign in by using multi-factor authentication.
B. Modify the properties of Group1.
C. Assign Group1 a management role.
D. Modify the Password reset properties of the Azure AD tenant.

Answer: D Explanation: Explanation: References:The members of Group1 must be required to answer a security question before changing their password.If SSPR (Self Service Password Reset) is enabled, you must select at least one of the following options for the authentication methods. Sometimes you hear these options referred to as "gates."Mobile app notificationMobile app codeEmailMobile phoneOffice phoneSecurity questionsYou can specify the required authentication methods in the Password reset properties of the Azure AD tenant. In this case, you should set the required authentication method to be ‘Security questions’.Reference: [Reference:, https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks, , ]

Microsoft MS-100 Sample Question 8

You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly as possible.

What should you create to verify the domain names successfully?


Options:

A. three alias (CNAME) record
B. one text (TXT) record
C. one alias (CNAME) record
D. three text (TXT) record

Answer: D Explanation: Explanation: Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTo verify three domain names, you need to add three TXT records.Reference: [Reference:, https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide, ]

Microsoft MS-100 Sample Question 9

Note This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to assign User2 the required roles to meet the security requirements.

Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Management role.

Does this meet the goal?


Options:

A. Yes
B. NO

Answer: B Explanation: Explanation: User2 must be able to view reports and schedule the email delivery of security and compliance reports.The Security Administrator role can view reports but not schedule the email delivery of security and compliance reports.The View-Only Organization Management role cannot schedule the email delivery of security and compliance reports.Reference: [Reference:, https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo, ]

Microsoft MS-100 Sample Question 10

You need to configure just in time access to meet the technical requirements.

What should you use?


Options:

A. access reviews
B. entitlement management
C. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
D. Azure Active Directory (Azure AD) Identity Protection

Answer: C Explanation: Reference: [Reference:, https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure, , , ]

Microsoft MS-100 Sample Question 11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.

You need to assign User2 the required roles to meet the security requirement.

Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.

Does that meet the goal?


Options:

A. Yes
B. NO

Answer: C

Microsoft MS-100 Sample Question 12

Which migration solution should you recommend for Project1?


Options:

A. From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
B. From the Exchange admin center, start a migration and select Cutover migration.
C. From the Exchange admin center, start a migration and select Staged migration.
D. From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.

Answer: A Explanation: Explanation: Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Fabrikam does NOT plan to implement identity federation.All users must be able to exchange email messages successfully during Project1 by using their current email address.During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.A new way to migrate mailboxes in a hybrid Exchange configuration is to use the Microsoft 365 data migration service. The data migration service can migrate Exchange, SharePoint and OneDrive. Therefore, we need to start a data migration and click Exchange as the service to be migrated.Reference: [Reference:, https://docs.microsoft.com/en-us/fasttrack/O365-data-migration, , https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes, ]

Microsoft MS-100 Sample Question 13

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.

* User passwords must be 10 characters or more.

Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.

Does this meet the goal?


Options:

A. Yes
B. No

Answer: B Explanation: Reference: [Reference:, https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization, , ]

Microsoft MS-100 Sample Question 14

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy several Microsoft Office 365 services.

You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:

* Users must be able to authenticate during business hours only.

* Authentication requests must be processed successfully if a single server fails.

* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.

* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that uses password hash synchronization and seamless SSO. The solution contains two servers that have an Authentication Agent installed.

Does this meet the goal?


Options:

A. Yes
B. No

Answer: B Explanation: Reference: [Reference:, https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn, , ]

Microsoft MS-100 Sample Question 15

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy several Microsoft Office 365 services.

You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:

* Users must be able to authenticate during business hours only.

* Authentication requests must be processed successfully if a single server fails.

* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.

* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that contains a pass-through authentication model. The solution contains two servers that have an Authentication Agent installed and password hash synchronization configured.

Does this meet the goal?


Options:

A. Yes
B. No

Answer: B Explanation: Explanation: This solution meets the following goals:Users must be able to authenticate during business hours only.Authentication requests must be processed successfully if a single server fails.When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.However, the following goal is not met:Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.You would need to configure Single-sign on (SSO) to meet the last requirement.Reference: [Reference:, https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn, , , ]

Microsoft MS-100 Sample Question 16

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy several Microsoft Office 365 services.

You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:

* Users must be able to authenticate during business hours only.

* Authentication requests must be processed successfully if a single server fails.

* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.

* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that contains a pass-through authentication model. You install an Authentication Agent on three servers and configure seamless SSO.

Does this meet the goal?


Options:

A. Yes
B. No

Answer: A Explanation: Explanation: This solution meets all the requirements:Users must be able to authenticate during business hours only. (This can be configured by using Logon Hours in Active Directory. Pass-through authentication passes authentication to the on-premise Active Directory)Authentication requests must be processed successfully if a single server fails. (We have Authentication Agents running on three servers)When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in. (This can be configured in Active Directory. Pass-through authentication passes authentication to the on-premise Active Directory)Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically. (This goal is met by seamless SSO)Reference: [Reference:, https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn, ]

Microsoft MS-100 Sample Question 17

You need to meet the application requirement for App1.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.


Options:

A. From the Azure Active Directory admin center, configure the application URL settings.
B. From the Azure Active Directory admin center, add an enterprise application.
C. On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
D. On an on-premises server, install the Hybrid Configuration wizard.
E. From the Microsoft 365 admin center, configure the Software download settings.

Answer: A, B, C Explanation: Explanation: An on-premises web application named App1 must allow users to complete their expense reports online.Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.In this question, we need to add an enterprise application in Azure and configure a Microsoft AAD Application Proxy connector to connect to the on-premises web application (App1).Reference: [Reference:, https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-works, , ]

Microsoft MS-100 Sample Question 18

Which role should you assign to User1?


Options:

A. Security Administrator
B. Records Management
C. Security Reader
D. Hygiene Management

Answer: C Explanation: Explanation: A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Users with the Security Reader role have global read-only access on security-related features, including all information in Microsoft 365 security center, Azure Active Directory, Identity Protection, Privileged Identity Management, as well as the ability to read Azure Active Directory sign-in reports and audit logs, and in Office 365 Security & Compliance Center.Reference: [Reference:, https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles, ]

Microsoft MS-100 Sample Question 19

You need to recommend which DNS record must be created before adding a domain name for the project.

You need to recommend which DNS record must be created before you begin the project.

Which DNS record should you recommend?


Options:

A. alias (CNAME)
B. host information (HINFO)
C. host (A)
D. mail exchanger (MX)

Answer: D Explanation: Explanation: When you add a custom domain to Office 365, you need to verify that you own the domain. You can do this by adding either an MX record or a TXT record to the DNS for that domain.Reference: [Reference:, https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide, , ]


and so much more...