Latest MS-100 Exam Questions Answers - MS-100 Dumps PDF DumpsforSure
                      
 
Microsoft
 
MS-100
Microsoft 365 Identit y and Services
  
https://www.dumpsforsure.com/microsoft/ms-100-dumps.html
 
Question: 1 
   
You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly 
as possible. 
What should you create to verify the domain names successfully? 
 
A. three alias (CNAME) record 
B. one text (TXT) record 
C. one alias (CNAME) record 
D. three text (TXT) record 
 
Answer: D     
 
Explanation: 
Contoso plans to provide email addresses for all the users in the following domains: 
• East.adatum.com 
• Contoso.adatum.com 
• Humongousinsurance.com 
To verify three domain names, you need to add three TXT records. 
Reference: 
https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide 
 
Question: 2 
   
HOTSPOT 
You need to meet the technical requirements for the user licenses. 
Which two properties should you configure for each user? To answer, select the appropriate 
properties in the answer area. 
NOTE: Each correct selection is worth one point. 
 
 
 
Answer:  
 
 
 
 
Explanation: 
All new users must be assigned Office 365 licenses automatically. 
To enable Microsoft 365 license assignment, the users must have a username. This is also the UPN. 
The users must also have a Usage Location. 
 
Question: 3 
 
You need to meet the security requirement for Group1. 
What should you do? 
 
A. Configure all users to sign in by using multi-factor authentication. 
B. Modify the properties of Group1. 
C. Assign Group1 a management role. 
D. Modify the Password reset properties of the Azure AD tenant. 
 
Answer: D     
 
References: 
Explanation: 
• The members of Group1 must be required to answer a security question before changing their 
password. 
If SSPR (Self Service Password Reset) is enabled, you must select at least one of the following options 
for the authentication methods. Sometimes you hear these options referred to as "gates." 
Mobile app notification 
 
Mobile app code 
Email 
Mobile phone 
Office phone 
Security questions 
You can specify the required authentication methods in the Password reset properties of the Azure 
AD tenant. In this case, you should set the required authentication method to be ‘Security 
questions’. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks 
 
Question: 4 
   
To which Azure AD role should you add User4 to meet the security requirement? 
 
A. Password administrator 
B. Global administrator 
C. Security administrator 
D. Privileged role administrator 
 
Answer: B     
 
Explanation: 
User4 must be able to reset User3 password. 
User3 is assigned the Customer Lockbox Access Approver role. Only global admins can reset the 
passwords of people assigned to this role as it’s considered a privileged role. 
Reference: 
https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Customer-Lockbox- 
Approver-Role-Now-Available/ba-p/223393 
 
Question: 5 
   
HOTSPOT 
You need to meet the security requirements for User3. The solution must meet the technical 
requirements. 
What should you do? To answer, select the appropriate options in the answer area. 
NOTE: Each correct selection is worth one point. 
 
 
 
Answer:  
 
 
 
Explanation: 
Explanation: 
• User3 must be able to manage Office 365 connectors. 
• The principle of least privilege must be used whenever possible. 
Office 365 connectors are configured in the Exchange Admin Center. 
You need to assign User3 the Organization Management role to enable User3 to manage Office 365 
connectors. 
A Global Admin could manage Office 365 connectors but the Organization Management role has less 
privilege. 
Reference: 
https://docs.microsoft.com/en-us/office365/SecurityCompliance/eop/feature-permissions-in-eop 
 
Question: 6 
 
 
You need to meet the security requirement for the vendors. 
What should you do? 
 
A. From the Azure portal, add an identity provider. 
B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the –UserPrincipalName 
parameter. 
C. From the Azure portal, create guest accounts. 
D. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the –UserType parameter. 
 
Answer: C     
 
Explanation: 
Vendors must be able to authenticate by using their Microsoft account when accessing Contoso 
resources. 
You can invite guest users to the directory, to a group, or to an application. After you invite a user 
through any of these methods, the invited user's account is added to Azure Active Directory (Azure 
AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. 
An invitation of a user does not expire. 
The invitation will include a link to create a Microsoft account. The user can then authenticate using 
their Microsoft account. In this question, the vendors already have Microsoft accounts so they can 
authenticate using them. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator 
 
Question: 7 
   
You need to assign User2 the required roles to meet the security requirements and the technical 
requirements. 
To which two roles should you assign User2? Each correct answer presents part of the solution. 
NOTE: Each correct selection is worth one point. 
 
A. the Exchange View-only Organization Management role 
B. the Microsoft 365 Records Management role 
C. the Exchange Online Help Desk role 
D. the Microsoft 365 Security Reader role 
E. the Exchange Online Compliance Management role 
 
Answer: DE     
 
Explanation: 
• User2 must be able to view reports and schedule the email delivery of security and compliance 
reports. 
The Security Reader role can view reports but not schedule the email delivery of security and 
compliance reports. 
The Exchange Online Compliance Management role can schedule the email delivery of security and 
 
compliance reports. 
Reference: 
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo 
 
Question: 8 
 
DRAG DROP 
You need to prepare the environment for Project1. 
You create the Microsoft 365 tenant. 
Which three actions should you perform in sequence next? To answer, move the appropriate actions 
from the list of actions to the answer area and arrange them in the correct order. 
 
 
Answer:  
 
 
 
Explanation: 
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared 
documents to the subscription. 
All users must be able to exchange email messages successfully during Project1 by using their current 
 
email address. 
After the planned migration to Microsoft 365, all users must continue to authenticate to their 
mailbox and to SharePoint sites by using their UPN. 
This configuration requires a hybrid Exchange configuration during the pilot phase. This means that 
you will have mailboxes hosted in Exchange Online and mailboxes hosted in Exchange on-premise. 
The first steps to configure Exchange hybrid are to Create the Azure AD tenant, add the 
Fabrikam.com domain as a custom domain, then configure directory synchronization to replicate the 
on-prem Active Directory user accounts to Azure Active Directory. 
Reference: 
https://docs.microsoft.com/en-us/exchange/exchange-hybrid 
 
Question: 9 
 
DRAG DROP 
You have a Microsoft 365 subscription. 
You have the devices shown in the following table. 
 
You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The 
solution must avoid installing software on the devices whenever possible. 
Which onboarding method should you use for each operating system? To answer, drag the 
appropriate methods to the correct operating systems. Each method may be used once, more than 
once, or not at all. You may need to drag the split bar between panes or scroll to view content. 
NOTE: Each correct selection is worth one point. 
 
 
Answer:  
 
 
 
 
Explanation: 
References: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defenderatp/ 
onboard-downlevel-windows-defender-advanced-threat-protection 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defenderatp/ 
configure-endpoints-windows-defender-advanced-threat-protection 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender 
atp/configure-server-endpoints-windows-defender-advanced-threat-protection 
Box 1: 
To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to: 
Configure and update System Center Endpoint Protection clients. 
Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender 
ATP 
Box 2: 
For Windows 10 clients, the following deployment tools and methods are supported: 
Group Policy 
System Center Configuration Manager 
Mobile Device Management (including Microsoft Intune) 
Local script 
Box 3: 
Windows Server 2016 can be onboarded by using Azure Security Centre. When you add servers in 
the Security Centre, the Microsoft Monitoring Agent is installed on the servers. 
 
Question: 10 
 
HOTSPOT 
You need to meet the application requirements for the Office 365 ProPlus applications. 
You create an XML files that contains the following settings. 
 
 
Use the drop-down menus to select the answer choice that completes each statement based on the 
information presented in the graphic. 
NOTE: Each correct selection is worth one point. 
 
 
Answer:  
 
 
 
Explanation: 
Box 1: 
Office 365 ProPlus feature updates will be installed twice a year in March and September. 
The Channel element in the configuration file is set to ‘Targeted’. This means Semi-Annual Targeted. 
To help your organization prepare for a Semi-Annual Channel release, Microsoft provides Semi- 
Annual Channel (Targeted). The primary purpose of this update channel is to give pilot users and 
application compatibility testers in your organization a chance to work with the upcoming Semi- 
Annual Channel release 
Box 2: 
Microsoft Office 365 ProPlus applications must be installed from a network share only. 
The AllowCDNFallback value is currently set to true. The purpose of this setting is to enable Office 
365 to be downloaded from Microsoft’s Content Delivery Network if the network share is 
unavailable. The AllowCDNFallback value should be set to false to meet the technical requirement. 
 
Reference: 
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016- 
deployment-tool#updates-element 
https://docs.microsoft.com/en-us/deployoffice/overview-of-update-channels-for-office-365-proplus 
https://www.dumpsforsure.com/microsoft/ms-100-dumps.html