[13-Mar-2020 Update] Exam MS-100 VCE Dumps and MS-100 PDF Dumps from PassLeader

Valid MS-100 Dumps shared by PassLeader for Helping Passing MS-100 Exam! PassLeader now offer the newest MS-100 VCE dumps and MS-100 PDF dumps, the PassLeader MS-100 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader MS-100 dumps with VCE and PDF here: https://www.passleader.com/ms-100.html (248 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader MS-100 dumps from Cloud Storage: https://drive.google.com/open?id=113hPFkj6VGzLeH3Y491UBbKqwrKldJuu

NEW QUESTION 231
Case Study – Fabrikam, Inc.
……
You need to recommend which DNS record must be created before adding a domain name for the project. You need to recommend which DNS record must be created before you begin the project. Which DNS record should you recommend?

A. alias (CNAME)
B. text (TXT)
C. host (AAAA)
D. pointer (PTR)

Answer: B
Explanation:
When you add a custom domain to Office 365, you need to verify that you own the domain. You can do this by adding either an MX record or a TXT record to the DNS for that domain.
https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide

NEW QUESTION 232
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1. You enable Azure AD Identity Protection. You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1?

A. Reports Reader
B. Security Administrator
C. Owner
D. Compliance Administrator

Answer: B
Explanation:
Either one of the following three roles can review the list in Azure AD Identity Protection of users flagged for risk:
– Security Administrator
– Global Administrator
– Security Reader
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins

NEW QUESTION 233
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do?

A. From Azure Cloud Shell, run the Get-AzureADUser and Set-AzureADUser cmdlets.
B. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.
C. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
D. From Azure Cloud Shell, run the Get-MsolDUser and Set-MSOluser cmdlets.

Answer: C
Explanation:
The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active Directory. You can use Windows PowerShell on a domain controller and run the Get-ADUser cmdlet to get the required users and pipe the results into Set-ADUser cmdlet to modify the city attribute.
Incorrect:
Not A and D: These answers suggest modifying the city attribute of the users in the Azure Active Directory which is incorrect.
Not B: This answer has the correct cmdlets but they need to be run on a domain controller, not in the Azure cloud shell.
https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-aduser?view=win10-ps

NEW QUESTION 234
You network contains an on-premises Active Directory domain named contoso.com. The domain contains a Microsoft Exchange Server 2019 organization. You plan to sync the domain to Azure Active Directory (Azure AD) and to enable device writeback and group writeback. You need to identify which group types will sync from Azure AD. Which two group types should you identify? (Each correct answer presents part of the solution. Choose two.)

A. an Office 365 group that uses the Assigned membership type
B. a security group that uses the Dynamic Device membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a security group that uses the Assigned membership type
E. a security group that uses the Dynamic User membership type

Answer: AC
Explanation:
Group writeback in Azure AD Connect synchronizes Office 365 groups only from Azure Active Directory back to the on-premise Active Directory.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-preview

NEW QUESTION 235
Your network is configured as a Windows Active Directory (AD) domain. You are implementing a Microsoft 365 subscription. You create an Azure Active Directory (Azure AD) tenant and run an Azure AD Connect Express Installation. You need to configure access to an on-premises application for users signing in through Azure AD. What do you need to install on your on-premises network?

A. Network Policy Server (NPS)
B. Azure Application Proxy connector
C. Web Application Proxy (WAP) server
D. Active Directory Federation Services (AD FS) infrastructure

Answer: B
Explanation:
You need to install an Azure Application Proxy connector. An Azure Proxy connector provides the onpremises endpoint connection between your on-premises application and Application Proxy running on Azure. This allows for single sign-on (SSO) access to on-premises applications for users authenticated by Azure AD.
Incorrect:
Not A: You should not install NPS. It is not required to support access to on-premises applications, but you would need an NPS to configure RADIUS authentication for a hybrid network.
Not C: You should not install a WAP server. A WAP server does provide external access to web applications published on-premises but does not provide Azure AD integration.
Not D: You should not deploy an AD FS infrastructure. It is not required in this scenario and does nothing to bring you closer to a solution.

NEW QUESTION 236
Your network is configured as an Active Directory Domain Services (AD DS) domain. Domain users are in organizational units (OUs) by department. You run a pilot test with Azure Active Directory (Azure AD) synchronization to include a small subset of users. You create a group named ADDPilot and add the pilot users to the group. You install Azure AD Connect and configure filtering based on the ADDPilot group and the Operations 〇U. You need to disable group filtering and configure filtering based on select OUs. You want to avoid changes to users that are already synchronized. What should you do first?

A. Run the Azure AD Connect installer.
B. Delete the ADDPilot group.
C. Uninstall Azure AD Connect.
D. Disable the built-in scheduler.

Answer: D
Explanation:
You should disable the built-in scheduler. You can do this by running: Set-ADSyncScheduler -SyncCycleEnabled $False. You should do this to prevent synchronization from running while you are in the process of changing the filtering configuration. When you finish configuring filtering, you should use the Synchronization Service Manager to restart synchronization.
Incorrect:
Not A: You should not run the Azure AD Connect installer first. You will use the Azure AD Connect installer to make the configuration changes. After you have initially installed Azure AD Connect, restarting the installer lets you edit the configuration.
Not B: You should not delete the ADDPilot group. There is no need to delete this group. You are disabling group filtering, so the group will no longer be used for that purpose, but leaving the group in place would not cause any problems or conflicts.
Not C: You should not uninstall Azure AD Connect. There is no need to do this, and this action would require more effort. You would need to reinstall Azure AD Connect and would still need to configure filtering.

NEW QUESTION 237
Your company has its main office in Los Angeles and a branch office in Bakersfield. Both offices are part of the same Windows Active Directory (AD) domain and are configured as separate sites. The network includes both company-owned and personal devices. Your company implements a Microsoft 365 tenant and is rolling out support for cloud-based applications to replace on-premises applications. You configure a hybrid identity with federated authentication. You deploy Intune and enroll company-owned devices. You enable Azure multi-factor authentication (MFA). As part of your initial rollout, you need to restrict access to SharePoint Online (SPO) to company-managed devices located in the Los Angeles office. Which feature should you use?

A. Intune device configuration profile
B. Intune device compliance policy
C. Azure AD app passwords
D. Azure AD Conditional Access

Answer: D
Explanation:
You should use Azure AD Conditional Access. This lets you configure MFA support and access based on the criteria you specify, such as network location and if a device is a managed device. This will let you implement the necessary access restrictions.
Incorrect:
Not A: You should not use Intune device configuration profile. This is not related to limited access. You use a configuration profile to add and configure features and settings on managed devices.
Not B: You should not use Intune device compliance policy. Compliance policies, unless they are implemented with conditional access, do not provide any control over app access. Without conditional access, compliance policies let you detect and report non-compliant devices.
Not C: You should not use Azure AD app passwords. App passwords are used to support Office 2010 (and older) apps and non-browser apps when you use Azure MFA.

NEW QUESTION 238
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do?

A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
B. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.
C. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets.
D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.

Answer: A
Explanation:
The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active Directory. You can modify certain attributes of multiple user accounts simultaneously by selecting them in Active Directory Administrative Center or Active Directory Users and Computers, right clicking then selecting Properties. The other three options all suggest modifying the city attribute of the users in the Azure Active Directory which is incorrect.
https://blogs.technet.microsoft.com/canitpro/2015/11/25/step-by-step-managing-multiple-user-accounts-via-active-directory-admin-center/

NEW QUESTION 239
Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
– Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
– User passwords must be 10 characters or more.
Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
This solution does not meet the following requirement:
– Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. This is because with pass-through authentication, the authentication is performed by the on-premise Active Directory.
– User passwords must be 10 characters or more. Configuring the Default Domain Policy in the on-premise Active Directory meets the requirement.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

NEW QUESTION 240
You have a Microsoft 365 Enterprise E5 subscription. You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department. What should you do?

A. Create an activity policy.
B. Create a new app registration.
C. Create a sign-in risk policy.
D. Create a session policy.

Answer: C
Explanation:
You can configure a sign-in risk policy that applies to the Finance department users. The policy can be configured to “Allow access” but with multi-factor authentication as a requirement.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy

NEW QUESTION 241
SIMULATION
……

Answer:
You need to add gmail.com as a denied domain in the “External collaboration settings”:
1. Go to the Azure Active Directory admin center.
2. Select Users then select “User settings”.
3. Under External Users, select the “Manage external collaboration settings”.
4. Under “Collaboration restrictions”, select the “Deny invitations to the specified domains” option.
5. Under, Target Domains, type in the domain name “gmail.com”.
6. Click the Save button at the top of the screen to save your changes.
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list

NEW QUESTION 242
SIMULATION
……

Answer:
You need to register App1 in Azure Active Directory:
1. Go to the Azure Active Directory admin center.
2. Select Azure Active Directory.
3. Select “App registrations”.
4. Click the “New registration” link.
5. Enter the name App1.
6. Click the Register button.
7. To add the URL to App1, select App1 in the list of registered apps.
8. In the properties page of App1, select Branding.
9. Enter the URL https://app1.contoso.com in the “Home page URL” box.
10. Click Save to save the changes.
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

NEW QUESTION 243
SIMULATION
……

Answer:
You need to create a guest account for the external user:
1. Go to the Azure Active Directory admin center.
2. Select Users.
3. Click the “New guest user” link.
4. Select the “Invite user” option.
5. Give the account a name and enter fabrikamuser@fabrikam.com in the email address field.
6. Click the “Invite” button.
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal

NEW QUESTION 244
Case Study – Fabrikam, Inc.
……
Which migration solution should you recommend for Project1?

A. From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
B. From the Exchange admin center, start a migration and select Cutover migration.
C. From the Exchange admin center, start a migration and select Staged migration.
D. From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.

Answer: A
Explanation:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365. Fabrikam does NOT plan to implement identity federation. All users must be able to exchange email messages successfully during Project1 by using their current email address. During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange. A new way to migrate mailboxes in a hybrid Exchange configuration is to use the Microsoft 365 data migration service. The data migration service can migrate Exchange, SharePoint and OneDrive. Therefore, we need to start a data migration and click Exchange as the service to be migrated.
https://docs.microsoft.com/en-us/fasttrack/O365-data-migration
https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes

NEW QUESTION 245
……


Get the newest PassLeader MS-100 VCE dumps here: https://www.passleader.com/ms-100.html (248 Q&As Dumps)

And, DOWNLOAD the newest PassLeader MS-100 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=113hPFkj6VGzLeH3Y491UBbKqwrKldJuu