MS-100試験無料問題集「Microsoft 365 Identity and Services 認定」
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirement.
Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.
Does that meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirement.
Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.
Does that meet the goal?
正解:A
解答を投票する
Your company has an Azure AD tenant named contoso.com and a Microsoft 365 subscription.
All users use Windows 10 devices to access Microsoft Office 365 apps.
All the devices are in a workgroup.
You plan to implement passwordless sign-in to contoso.com.
You need to recommend changes to the infrastructure for the planned implementation.
What should you include in the recommendation?
All users use Windows 10 devices to access Microsoft Office 365 apps.
All the devices are in a workgroup.
You plan to implement passwordless sign-in to contoso.com.
You need to recommend changes to the infrastructure for the planned implementation.
What should you include in the recommendation?
正解:B
解答を投票する
You need to ensure that Admin4 can use SSPR.
Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
Topic 4, Contoso
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
Existing Environment
Microsoft 365
Contoso identifies the following business goals:
* Utilize core functionality of apps whenever possible.
* Reduce app development costs.
* Minimize training costs for end users.
Microsoft SharePoint/Microsoft Exchange
Contoso has a Microsoft 365 subscription that uses a domain named contoso.com. Each user is assigned a Microsoft 365 Enterprise E5 licence.
Problem Statement
Contoso moves all email accounts to Microsoft 365.
Contoso migrates the SharePoint Server 2013 intranet sites of the research department to SharePoint Online.
Requirements
Business Goals
Contoso identifies the following issues:
* Users in the sales department report that prepanng quotations is time-consuming as it requires manually copying and pasting data from multiple sources.
* Users in the HR department must use multiple apps to manage the hiring process.
* The solution to claim expenses requires multiple manual steps.
Planned Changes
Contoso identifies the following business goals:
* Utilize core functionality of apps whenever possible.
* Reduce app development costs.
* Minimize training costs for end users.
Technical Requirements
Contoso plans to implement the following changes;
* Redesign the SharePoint Online sites of the research department to provide users with an expenence that is consistent with the Microsoft 365 portal. The research department has a third-party project management solution that uses the Microsoft identity platform in Azure AD.
* Create an email workflow solution for expense claims. Users will submit their expense claims and the system will email an approval request to their manager.
* Implement a bring your own device (BYOD) model that supports Windows 10, macOS, and Android devices.
* Develop a custom Microsoft 365 app named SalesApp for the sales department.
* Develop a custom Microsoft 365 app named HRApp for the HR department
Security Requirement
Contoso identifies the following technical requirements for app development:
* The expense claims solution must provide managers with claim information and the ability to manage the claim by using Microsoft Outlook. Outlook on the web, or Outlook for iOS and Android.
* HRApp must include a bot named HRBot that will answer HR questions. Users must be able to access the bot by mentioning HRBot in a Microsoft Teams channel or private chat.
* HRApp must enable users to query a third-party HR system by using a tab from within a Microsoft Teams channel.
* HRApp must include a messaging extension that enables users to search jobs by job title or job ID.
* SalesApp must be integrated with Microsoft Word and must combine images and text from multiple sources to create a quotation as a DOCX file.
* The distribution of SalesApp must be automatic and require minimal user interaction.
* Solutions for SharePoint Online and Microsoft Office must follow the current Office user interface (Ul) design.
* Development tools and solutions must support Windows and non-Windows devices.
* Development effort must be minimized.
HRApp Manifest
All solutions must support the Microsoft identity platform in Azure AD.
Intranet components must not share access tokens.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint policy is modified in the future.
Solution: From the SharePoint admin center, you modify the sharing settings.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint policy is modified in the future.
Solution: From the SharePoint admin center, you modify the sharing settings.
Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.
Azure AD Connect has the following settings:
* Password Hash Sync Enabled
* Pass-through authentication: Enabled
You need to identify which users will be able to authenticate by using Azure AD if connectivity between on-premises Active Directory and the internet is lost. Which users should you identify?
Azure AD Connect has the following settings:
* Password Hash Sync Enabled
* Pass-through authentication: Enabled
You need to identify which users will be able to authenticate by using Azure AD if connectivity between on-premises Active Directory and the internet is lost. Which users should you identify?
正解:A
解答を投票する
A user receives the following message when attempting to sign in to https://myapps.microsoft.com:
"Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin." Which configuration prevents the users from signing in?
"Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin." Which configuration prevents the users from signing in?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization plans to open an office in New York, and then to add 100 users to the office. The city attribute for all new users will be New York.
You need to ensure that all the new users in the New York office are licensed for Microsoft Office 365 automatically.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization plans to open an office in New York, and then to add 100 users to the office. The city attribute for all new users will be New York.
You need to ensure that all the new users in the New York office are licensed for Microsoft Office 365 automatically.
正解:
See explanation below
Explanation:
You need create a dynamic group based on the city attribute. You then need to assign a license to the group. User accounts with the city attribute set to 'New York will automatically be added to the group. Anyone who is added to the group will automatically be assigned the license that is assigned to the group.
1. Go to the Azure Active Directory admin center.
2. Select Azure Active Directory then select Groups.
3. Click on the New Group link.
4. Give the group a name such as New York Users.
5. Select Users as the membership type.
6. Select 'Add dynamic query'.
7. Select 'City' in the Property drop-down box.
8. Select 'Equals' in the Operator drop-down box.
9. Enter 'New York' as the Value. You should see the following text in the Expression box: user.city -eq "New York"
10. Click Save to create the group.
11. In the Groups list, select the new group to open the properties page for the group.
12. Select 'Licenses'.
13. Select the '+ Assignments' link.
14. Tick the box to select the license.
15. Click the Save button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign
Explanation:
You need create a dynamic group based on the city attribute. You then need to assign a license to the group. User accounts with the city attribute set to 'New York will automatically be added to the group. Anyone who is added to the group will automatically be assigned the license that is assigned to the group.
1. Go to the Azure Active Directory admin center.
2. Select Azure Active Directory then select Groups.
3. Click on the New Group link.
4. Give the group a name such as New York Users.
5. Select Users as the membership type.
6. Select 'Add dynamic query'.
7. Select 'City' in the Property drop-down box.
8. Select 'Equals' in the Operator drop-down box.
9. Enter 'New York' as the Value. You should see the following text in the Expression box: user.city -eq "New York"
10. Click Save to create the group.
11. In the Groups list, select the new group to open the properties page for the group.
12. Select 'Licenses'.
13. Select the '+ Assignments' link.
14. Tick the box to select the license.
15. Click the Save button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign
You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoUstServKe.
The permissions for the TodoListSPA API are configured as shown in the TodoUstSPA exhibit (Click the TodoUstSPA tab) The permissions for the TodoUstService API are configured as shown m the TodoListService exhibit (Click the TodoUstService tab.) You need to ensure that TodoUstService can access a Microsoft OneDnve file of the signed-in user. The solution must use the principle of least privilege.
Which permission request should you configure?
The permissions for the TodoListSPA API are configured as shown in the TodoUstSPA exhibit (Click the TodoUstSPA tab) The permissions for the TodoUstService API are configured as shown m the TodoListService exhibit (Click the TodoUstService tab.) You need to ensure that TodoUstService can access a Microsoft OneDnve file of the signed-in user. The solution must use the principle of least privilege.
Which permission request should you configure?
正解:A
解答を投票する
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: [email protected]
Microsoft 365 Password: x?-ofP?fG70o
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11325860
You need to ensure that an external user named [email protected] can register an application in your Microsoft 365 tenant. The solution must use the principle of least privilege.
To answer, sign in to the Microsoft 365 portal.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: [email protected]
Microsoft 365 Password: x?-ofP?fG70o
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11325860
You need to ensure that an external user named [email protected] can register an application in your Microsoft 365 tenant. The solution must use the principle of least privilege.
To answer, sign in to the Microsoft 365 portal.
正解:
See explanation below
Explanation:
You need to create a guest account for the external user and assign the Application Developer role. As the user's domain is an external domain, you will need to 'invite' the user. The external user will need to accept the invitation to create the account.
1. Go to the Azure Active Directory Admin Center.
2. In the left navigation pane, select Users.
3. Click on the '+ New Guest User' link.
4. Ensure that the 'Invite user' option is selected.
5. Enter [email protected] in the email address field.
6. In the Roles section, 'user' will be selected by default. Click on 'user' to open a list of roles.
7. Select Application Developer in the list and click the 'Select' button to assign the role.
8. Click the 'Invite' button to send the invitation.
Explanation:
You need to create a guest account for the external user and assign the Application Developer role. As the user's domain is an external domain, you will need to 'invite' the user. The external user will need to accept the invitation to create the account.
1. Go to the Azure Active Directory Admin Center.
2. In the left navigation pane, select Users.
3. Click on the '+ New Guest User' link.
4. Ensure that the 'Invite user' option is selected.
5. Enter [email protected] in the email address field.
6. In the Roles section, 'user' will be selected by default. Click on 'user' to open a list of roles.
7. Select Application Developer in the list and click the 'Select' button to assign the role.
8. Click the 'Invite' button to send the invitation.
You have a Microsoft 365 subscription.
All users are assigned Microsoft 365 Apps for enterprise licenses.
You need to ensure that reports display the names of users that have activated Microsoft 365 apps and on how many devices What should you modify in the Microsoft 365 admin center?
All users are assigned Microsoft 365 Apps for enterprise licenses.
You need to ensure that reports display the names of users that have activated Microsoft 365 apps and on how many devices What should you modify in the Microsoft 365 admin center?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a new Microsoft 365 subscription.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://support.microsoft.com/en-us/help/4026501/office-auditing-in-office-365-for-admins
https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Multi-factor authentication (MFA) is configured to use 131.107.50/24 for trusted IPs.
The tenant contains the named locations shown in the following table.
You create a conditional access policy that has the following configurations:
Users and groups assignment: All users
Cloud apps assignment: App1
Conditions: Include all trusted locations
Grant access: require multi-factor authentication
For each of the following statements, select Yes if the statement is true. otherwise, select No.
NOTE: Each correct selection is worth one point.
Multi-factor authentication (MFA) is configured to use 131.107.50/24 for trusted IPs.
The tenant contains the named locations shown in the following table.
You create a conditional access policy that has the following configurations:
Users and groups assignment: All users
Cloud apps assignment: App1
Conditions: Include all trusted locations
Grant access: require multi-factor authentication
For each of the following statements, select Yes if the statement is true. otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.
NOTE: Each correct selection is worth one point.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Your company has 500 client computers that run Windows 10.
You plan to deploy Microsoft Office 365 ProPlus to all the computers.
You create the following XML file for the planned deployment.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You plan to deploy Microsoft Office 365 ProPlus to all the computers.
You create the following XML file for the planned deployment.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016-deployment-tool
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Azure Active Directory admin center, you add fabrikam.com as a custom domain. You instruct User2 to sign in as [email protected].
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Azure Active Directory admin center, you add fabrikam.com as a custom domain. You instruct User2 to sign in as [email protected].
Does this meet the goal?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)