Free MS-100 Sample Questions — Microsoft 365 Identity and Services

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1. You enable Azure AD Identity Protection. You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1?

• A. Security reader
• B. User administrator
• C. Owner
• D. Global administrator

You have an on-premises Microsoft Exchange Server organization that contains 100 mailboxes. You have a hybrid Microsoft 365 tenant. You run the Hybrid Configuration wizard and migrate the mailboxes to the tenant. You need to ensure that Microsoft 365 spam filtering is applied to incoming email. What should you do?

• A. Run the Hybrid Configuration wizard again
• B. Update the Sender Policy Framework (SPF) TXT record to point to the on-premises Exchange IP address
• C. Run the Azure Active Directory Connect wizard again
• D. Update the MX record to point to Exchange Online

You have recently created a Microsoft 365 Enterprise subscription and assigned all users licenses for all products. You want to configure all Microsoft Office 365 ProPlus installations to be done via a network share. You also want to make sure that users are prevented from using the Internet to install Office 365 ProPlus. Which of the following is the type of file that you should create? NOTE: Each correct selection is worth one point.

• A. An HTML download file
• B. An XML download file
• C. An HTTP download file
• D. An EXE download file

Your network contains an on-premises Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. The on-premises network contains a file server named Server1. Server1 has a share named Share1 that contains company documents. Your company purchases a Microsoft 365 subscription. You plan to migrate data from Share1 to Microsoft 365. Only data that was created or modified during the last three months will be migrated. You need to identify all the files in Share1 that were modified or created during the last 90 days. What should you use?

• A. Server Manager
• B. Microsoft SharePoint Migration Tool
• C. Resource Monitor
• D. Usage reports from the Microsoft 365 admin center

You need to configure Azure AD Connect to support the planned changes for the Montreal Users and Seattle Users OUs. What should you do?

• A. From PowerShell, run the Start-ADSyncCycle cmdlet
• B. From the Microsoft Azure Active Directory Connect wizard, select Manage federation
• C. From PowerShell, run the Add-ADSyncConnectorAttributeInclusion cmdlet
• D. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users. Two of the users are configured with the Global administrator, Password administrator roles respectively. A third user has both the Security administrator and the Guest inviter roles configured. The fourth user has no roles configured. Which of the following is the user that has the necessary permissions to alter the password protection policy? (Choose all that apply.)

• A. The user with the Global administrator role
• B. The user with the Password administrator role
• C. The user with the Security administrator and Guest inviter roles
• D. The user with no roles

You are evaluating the required processes for Project1. You need to recommend which DNS record must be created before adding a domain name for the project. Which DNS record should you recommend?

• A. alias (CNAME)
• B. host information (HINFO)
• C. host (AAA)
• D. mail exchanger (MX)

You have a Microsoft 365 tenant. You install the Microsoft Power Platform Center of Excellence (CoE) starter kit. What is required to populate data in the CoE solution?

• A. Azure Logic Apps with the prefix Flow
• B. Microsoft Power Automate flows with the prefix Sync
• C. Azure Functions with the prefix Sync
• D. Microsoft Power Automate flows with the prefix Nurture

Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled. You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON. A tenant user has submitted a fraud alert for his account. Which of the following is the length of time that the user's account will automatically be blocked for?

• A. 24 hours
• B. 90 days
• C. 1 month
• D. 1 week

Your network contains an Active Directory domain. You have an Azure Active Directory (Azure AD) tenant that has Security defaults enabled. Azure AD Connect is configured for directory synchronization. Password hash synchronization and pass-through authentication are disabled. You need to enable Azure AD Identity Protection to detect leaked credentials. What should you do first?

• A. From the Azure Active Directory admin center, disable Security defaults
• B. From Azure AD Connect, enable pass-through authentication
• C. From the Azure Active Directory admin center, configure verifiable credentials
• D. From Azure AD Connect, enable password hash synchronization

Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers. Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available. Solution: You configure the use of pass-through authentication and seamless SSO. Does the solution meet the goal?

• A. Yes
• B. No

Your company has a Microsoft 365 subscription. After implementing Active Directory Federation Services (AD FS), you are instructed to configure AD FS user authentication auditing. You are preparing to run the Register-AzureADConnectHealthSyncAgent cmdlet. Which of the following is the server that the cmdlet should be run from? NOTE: Each correct selection is worth one point.

• A. member server
• B. domain controller
• C. An Azure AD Connect server
• D. An AD FS server

You have an on-premises Microsoft Exchange Server organization that contains 500 mailboxes and a third-party email archive solution. You have a Microsoft 365 tenant that contains a user named User1. You plan to use the User1 account to perform a PST import of the archive mailboxes to the tenant. Which two roles does User1 require to perform the import? The solution must use the principle of least privilege. Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Mail Recipients
• B. Exchange admin
• C. Records Management
• D. Mailbox Import Export
• E. eDiscovery Manager

You need to meet the security requirement for the vendors. What should you do?

• A. From Azure Cloud Shell, run the Set-MsolUserPrincipalName and specify the ""tenantID parameter
• B. From Azure Cloud Shell, run the Set-AzureADUserExtension cmdlet
• C. Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the ""UserPrincipalName parameter
• D. From Azure Cloud Shell, run the New-AzureADMSInvitation cmdlet and specify the ""InvitedUserEmailAddress parameter

You have a Microsoft 365 tenant that contains a Microsoft Power Platform production environment named Environment1. Environment1 contains a database and a Microsoft Dynamics 365 app. A system backup of Environment1 is performed on June 1. How many days will the system backup of Environment1 be retained?

• A. 5
• B. 7
• C. 14
• D. 28

You have a Microsoft 365 Enterprise E5 subscription. You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department. What should you do?

• A. Create a sign-in risk policy
• B. Create a new app registration
• C. Assign an Enterprise Mobility + Security E5 license to the finance department users
• D. Configure the sign-in status for the user accounts of the finance department users

You have a Microsoft 365 subscription that contains several Microsoft SharePoint Online sites. You discover that users from your company can invite external users to access files on the SharePoint sites. You need to ensure that the company users can invite only authenticated guest users to the sites. What should you do?

• A. From the Microsoft 365 admin center, configure a partner relationship
• B. From SharePoint Online Management Shell, run the Set-SPOSite cmdlet
• C. From the Azure Active Directory admin center, configure a conditional access policy
• D. From the SharePoint admin center, configure the sharing settings

After your company acquires a Microsoft 365 subscription, they instruct you to move all email data from their corporate Gmail to Microsoft Exchange Online. The migration will be done via the Exchange admin center. Which of the following is TRUE with regards to the data included in the migration?

• A. All data will be migrated
• B. Only email data will be migrated
• C. Email and task data will be migrated
• D. Email and contact data will be migrated

Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants. You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users. You need to recommend a solution for the planned directory synchronization. What should you include in the recommendation?

• A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using attribute-based filtering
• B. Deploy one server that runs Azure AD Connect, and then specify two sync groups
• C. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using attribute-based filtering
• D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domain-based filtering

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1. You suspect that an imposter is signing in to Azure AD by using the credentials of User1. You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours. To which three roles should you add Admin1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Security administrator
• B. Password administrator
• C. User administrator
• D. Compliance administrator
• E. Reports reader
• F. Security reader