If you have taken the Microsoft MCSE exam before 2020, you must know that the most popular MCSE exams at that time were 70-333, 70-334, 70-339, and 70-345. It has now been replaced by Microsoft 365.
Microsoft 365 has the following types of Certification Types:
MCSE (elimination)
Fundamentals
Role-based
Specialty
In the past, you only had to choose one of these (70-333, 70-334, 70-339, 70-345) to guarantee you an MCSE certification.
Today an MCSE certified candidate shares the good news for his Microsoft 365 Certified: Enterprise Administrator Expert exam in 2022.
He used the Lead4Pass MS-100 dumps updated on April 14th: https://www.leads4pass.com/ms-100.html, and successfully obtained the Exam MS-100: Microsoft 365 Identity and Services certification.
MS-100 exam questions are verified to match real test room questions and are valid for the real MS-100 exam.
If you have taken the MCSE exam and now want to take the Microsoft 365 Certified: Enterprise Administrator Expert exam, choose the MS-100 and ms-101 exams for your exam Microsoft 365 Certified: Enterprise Administrator Expert certification.
Check MS-100 Free Dumps To Find How Valid our MD-101 exam questions Are.
Question 1:
You need to add the custom domain names to Office 365 to support the planned changes as quickly as possible. What should you create to verify the domain names successfully?
A. three alias (CNAME) records
B. one text (TXT) record
C. one alias (CNAME) record
D. three text (TXT) records
Correct Answer: D
Contoso plans to provide email addresses for all the users in the following domains:
1.
East.adatum.com
2.
Contoso.adatum.com
3.
Humongousinsurance.com
To verify three domain names, you need to add three TXT records.
Reference:
https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide
Question 2:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the Compliance Management role.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports.
The Compliance Management role can schedule the email delivery of security and compliance reports.
Reference:
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Question 3:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Organization Management role.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Administrator role can view reports but not schedule the email delivery of security and compliance reports. The View-Only Organization Management role cannot schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Question 4:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the Help Desk role.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports but not schedule the email delivery of security and compliance reports. The Help Desk role cannot schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Question 5:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Records Management role. From the Exchange admin center, you assign User2 the Help Desk role.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Question 6:
To which Azure AD role should you add User4 to meet the security requirement?
A. Password administrator
B. Global administrator
C. Security administrator
D. Privileged role administrator
Correct Answer: B
User4 must be able to reset the User3 password.
User3 is assigned the Customer Lockbox Access Approver role. Only global admins can reset the passwords of people assigned to this role as it\’s considered a privileged role.
Reference:
Question 7:
You need to meet the security requirement for Group1. What should you do?
A. Configure all users to sign in by using multi-factor authentication.
B. Modify the properties of Group1.
C. Assign Group1 a management role.
D. Modify the Password reset properties of the Azure AD tenant.
Correct Answer: D
The members of Group1 must be required to answer a security question before changing their password.
If SSPR (Self Service Password Reset) is enabled, you must select at least one of the following options for the authentication methods. Sometimes you hear these options referred to as “gates.”
1.
Mobile app notification
2.
Mobile app code
3.
4.
Mobile phone
5.
Office phone
6.
Security questions
You can specify the required authentication methods in the Password reset properties of the Azure AD tenant. In this case, you should set the required authentication method to be ‘Security questions’.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
Question 8:
You need to meet the security requirement for the vendors. What should you do?
A. From the Azure portal, add an identity provider.
B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName parameter.
C. From the Azure portal, create guest accounts.
D. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserType parameter.
Correct Answer: C
Vendors must be able to authenticate by using their Microsoft accounts when accessing Contoso resources.
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user\’s account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest
user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator
Question 9:
You need to assign User2 the required roles to meet the security requirements and the technical requirements. To which two roles should you assign User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. the Exchange View-only Organization Management role
B. the Microsoft 365 Records Management role
C. the Exchange Online Help Desk role
D. the Microsoft 365 Security Reader role
E. the Exchange Online Compliance Management role
Correct Answer: DE
User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports but not schedule the email delivery of security and compliance reports.
The Exchange Online Compliance Management role can schedule the email delivery of security and compliance reports.
Reference:
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Question 10:
You need to meet the security requirement for the vendors. What should you do?
A. From the Azure portal, modify the authentication methods.
B. From Azure Cloud Shell, run the New-AzureADMSInvitation and specify the -InvitedIserEmailAddress cmdlet.
C. From Azure Cloud Shell, run the Set-MsolUserPrincipalNameand specify the -tenant parameter.
D. From the Azure portal, add an identity provider.
Correct Answer: B
Vendors must be able to authenticate by using their Microsoft accounts when accessing Contoso resources.
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user\’s account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest
user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
In this solution, we are creating guest account invitations by using the New-AzureADMSInvitationcmdlet and specifying the –InvitedUserEmailAddressparameter.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1.
From the Azure portal, create guest accounts.
2.
From Azure Cloud Shell, run the New-AzureADMSInvitationcmdlet and specify the –InvitedUserEmailAddress parameter. Other incorrect answer options you may see on the exam include the following:
1.
From the Azure portal, modify the authentication methods.
2.
From the Azure portal, add an identity provider.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator
Question 11:
You need to meet the security requirement for the vendors. What should you do?
A. From Azure Cloud Shell, run the Set-MsolUserPrincipalName and specify the -tenantID parameter.
B. From Azure Cloud Shell, run the Set-AzureADUserExtension cmdlet.
C. Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the-UserPrincipalName parameter.
D. From Azure Cloud Shell, run the New-AzureADMSInvitation cmdlet and specify the -InvitedUserEmailAddress parameter.
Correct Answer: D
Vendors must be able to authenticate by using their Microsoft accounts when accessing Contoso resources.
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user\’s account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest
user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
In this solution, we are creating guest account invitations by using the New-AzureADMSInvitation cmdlet and specifying the -InvitedUserEmailAddress parameter.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1.
From the Azure portal, create guest accounts.
2.
From Azure Cloud Shell, run the New-AzureADMSInvitation cmdlet and specify the ?€andquot; InvitedUserEmailAddress parameter.
Other incorrect answer options you may see on the exam include the following:
1.
From the Azure portal, modify the authentication methods.
2.
From the Azure portal, add an identity provider.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator https://docs.microsoft.com/enus/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0
Question 12:
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
A. mail exchanger (MX)
B. alias (CNAME)
C. host (A)
D. host (AAA)
Correct Answer: A
When you add a custom domain to Office 365, you need to verify that you own the domain. You can do this by adding either an MX record or a TXT record to the DNS for that domain.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
Text (TXT)
A mail exchanger (MX)
Other incorrect answer options you may see on the exam include the following:
Host (AAAA)
Pointer (PTR)
Name Server (NS)
Reference:
Question 13:
You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From the Azure Active Directory admin center, configure the application URL settings.
B. From the Azure Active Directory admin center, add an enterprise application.
C. On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
D. On an on-premises server, install the Hybrid Configuration wizard.
E. From the Azure Active Directory admin center, configure the Software download settings.
Correct Answer: ABC
An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
In this question, we need to add an enterprise application in Azure and configure a Microsoft AAD Application Proxy connector to connect to the on-premises web application (App1).
Question 14:
You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.
Which authentication strategy should you implement for the pilot projects?
A. password hash synchronization and seamless SSO
B. pass-through authentication
C. password hash synchronization
D. pass-through authentication and seamless SSO
Correct Answer: A
1.
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
2.
Project2: After the successful completion of Project1, Microsoft Teams and Skype for Business will be enabled in Microsoft 365 for the sales department users.
3.
After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
4.
Fabrikam does NOT plan to implement an identity federation.
5.
After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable password hash synchronization to enable the users to continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable SSO to enable all users to be signed in to on-premises and cloud-based applications automatically.
References: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
Question 15:
Which role should you assign to User1?
A. Security Administrator
B. Records Management
C. Security Reader
D. Hygiene Management
Correct Answer: C
A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
Users with the Security Reader role have global read-only access on security-related features, including all information in Microsoft 365 security center, Azure Active Directory, Identity Protection, Privileged Identity Management, as well as the ability to read Azure Active Directory sign-in reports and audit logs, and in Office 365 Security and Compliance Center.
……
