Exame Microsoft MD-100
Questões extraídas: https://drive.google.com/open?id=1yIZWjaPsK-moo8c702Qls3nsSWKOmVTW Consulte, para mais questões.
0
0
0
1
Which role should you assign to User1?
Security Reader
Security Administrator
Records Management
Hygiene Management
2
You have a Microsoft Office 365 subscription that contains several Microsoft SharePoint Online sites. You discover that users from your company can invite external users to access files on the SharePoint sites. You need to ensure that the company users can invite only authenticated guest users to the sites. What should you do?
From the Azure Active Directory admin center, configure a conditional access policy.
From SharePoint Online Management Shell, run the Set-SPOSite cmdlet
From the Microsoft 365 admin center, configure a partner relationship.
From the SharePoint admin center, configure the sharing settings.
3
Your company has a hybrid deployment of Microsoft 365. Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed. You need to verify whether all the Authentication Agents are used for authentication. What should you do?
From Performance Monitor, use the Kerberos authentications counter.
From the Azure portal, use the Diagnostics settings on the Monitor blade.
From Performance Monitor, use the #PTA authentications counter.
From the Azure portal, use the Troubleshoot option on the Pass-through authentication page
4
Your company recently purchased a Microsoft 365 subscription. You enable Microsoft Azure Multi-Factor Authentication (MFA) for all 500 users in the Azure Active Directory (Azure AD) tenant. You need to generate a report that lists all the users who completed the Azure MFA registration process. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
From Azure Cloud Shell, run the Get-MsolUser cmdlet.
From the Azure Active Directory admin center, use Risky sign-ins blade
From Azure Cloud Shell, run the Get-AzureADUser cmdlet.
From the Azure Active Directory admin center, use the MFA Server blade.
5
You have a Microsoft 365 Enterprise subscription. You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device. You need to view which users authenticated by using multi-factor authentication. What should you do?
From the Microsoft 365 admin center, view the Usage reports.
From the Azure Active Directory admin center, view the audit logs.
From the Microsoft 365 admin center, view the Security & Compliance reports.
From the Azure Active Directory admin center, view the user sign-ins.
6
You have a Microsoft 365 Enterprise E5 subscription. You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department. What should you do?
Create an activity policy
Create a sign-in risk policy
Create an app permission policy.
Crease a session policy
7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. Users passwords must be 10 characters or more. Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant. Does this meet the goal?
Yes
No
8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. Users passwords must be 10 characters or more. Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant. Does this meet the goal?
Yes
No
9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. Users passwords must be 10 characters or more. Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory. Does this meet the goal?
No
Yes
10
Your company has three main offices and one branch office. The branch office is used for research. The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication. You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office. What should you include in the recommendation?
a Microsoft Intune device configuration profile
a device compliance policy
Microsoft Azure Active Directory (Azure AD) password protection.
Microsoft Azure Active Directory (Azure AD) conditional access.
11
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers. You purchase Microsoft 365 and plan to implement several Microsoft 365 services. You need to identify an authentication strategy for the planned Microsoft 365 deployment. The solution must meet the following requirements: Ensure that users can access Microsoft 365 by using their on-premises credentials. Use the existing server infrastructure only. Store all user passwords on-premises only. Be highly available. Which authentication strategy should you identify?
pass-through authentication and seamless SSO
pass-through authentication and seamless SSO with password hash synchronization
password hash synchronization and seamless SSO
federation
12
Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users. Users on the network report that they are prompted for multi-factor authentication multiple times a day. You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices. What should you do?
Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft
Azure Active Directory (Azure AD).
Enable the remember multi-factor authentication setting, and then verify each device as a trusted
device
Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted
device.
Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft
Azure Active Directory (Azure AD).
13
Your company has a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. An external vendor has a Microsoft account that has a username of [email protected]. You plan to provide [email protected] with access to several resources in the subscription. You need to add the external user account to contoso.onmicrosoft.com. The solution must ensure that the external vendor can authenticate by using [email protected]. What should you do?
From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify –UserPrincipalName
[email protected].
From the Azure portal, add a new guest user, and then specify [email protected] as the email
address.
From the Azure portal, add a custom domain name, and then create a new Azure AD user and use
[email protected] as the username.
From the Microsoft 365 admin center, add a contact, and then specify [email protected] as the email
address.
14
You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2. Which authentication strategy should you implement for the pilot projects?
pass-through authentication and seamless SSO
pass-through authentication
password hash synchronization
password hash synchronization and seamless SSO
15
Your company has an on-premises Microsoft Exchange Server 2013 organization. The company has 100 users. The company purchases Microsoft 365 and plans to move its entire infrastructure to the cloud. The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD). You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online. What should you recommend?
cutover migration
IMAP migration
remote move migration
staged migration
16
Your on-premises network contains five file servers. The file servers host shares that contain user data. You plan to migrate the user data to a Microsoft 365 subscription. You need to recommend a solution to import the user data into Microsoft OneDrive. What should you include in the recommendation?
Run the SharePoint Hybrid Configuration Wizard.
Run the SharePoint Migration Tool
Configure the settings of the OneDrive client on your Windows 10 device
Configure the Sync settings in the OneDrive admin center.
17
Your network contains two Active Directory forests. Each forest contains two domains. All client computers run Windows 10 and are domain-joined. You plan to configure Hybrid Azure AD join for the computers. You create a Microsoft Azure Active Directory (Azure AD) tenant. You need to ensure that the computers can discover the Azure AD tenant. What should you create?
a new service connection point (SCP) for each domain
a new computer account for each computer
a new trust relationship for each forest
a new service connection point (SCP) for each forest
18
You have a Microsoft 365 subscription. All users have client computers that run Windows 10 and have Microsoft Office 365 ProPlus installed. Some users in the research department work for extended periods of time without an Internet connection. How many days can the research department users remain offline before they are prevented from editing Office documents?
10
120
30
90
19
Your organization has an on-premises Microsoft Exchange Server 2016 organization. The organization is in the company’s main office in Melbourne. The main office has a low-bandwidth connection to the Internet. The organization contains 250 mailboxes. You purchase a Microsoft 365 subscription and plan to migrate to Exchange Online next month. In 12 months, you plan to increase the bandwidth available for the Internet connection. You need to recommend the best migration strategy for the organization. The solution must minimize administrative effort. What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
cutover migration
network upload
staged migration
hybrid migration
20
Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com. All users have client computers that run Windows 10 Pro and are joined to Azure AD. The company purchases a Microsoft 365 E3 subscription. You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort. You assign licenses from the Microsoft 365 admin center. What should you do next?
Deploy Windows 10 Enterprise by using Windows Autopilot.
Add a custom domain name to the subscription.
Create provisioning package, and then deploy the package to all the computers.
Instruct all the users to log off of their computer, and then to log in again.
21
Your network contains an Active Directory forest named contoso.local. You purchase a Microsoft 365 subscription. You plan to move to Microsoft and to implement a hybrid deployment solution for the next 12 months. You need to prepare for the planned move to Microsoft 365. What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.
Rename the Active Directory forest.
Purchase a third-party X.509 certificate.
Create an external forest trust.
Purchase a custom domain name.
22
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You add an app named App1 to the enterprise applications in contoso.com. You need to configure self-service for App1. What should you do first?
Configure an SSO method for App1.
Configure the provisioning mode for App1.
Add an owner to App1.
Assign App1 to users and groups.
23
You purchase Microsoft 365, and then implement directory synchronization. You plan to publish the web applications. You need to ensure that all the applications are accessible by using the My Apps portal. The solution must minimize administrative effort. What should you do first?
Deploy one conditional access policy.
Deploy one connector.
Create a site-to-site VPN from Microsoft Azure to the on-premises network.
Create four application registrations.
24
Your network contains an Active Directory domain named contoso.com. You have a Microsoft 365 subscription. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You implement directory synchronization. The developers at your company plan to build an app named App1. App1 will connect to the Microsoft Graph API to provide access to several Microsoft Office 365 services. You need to provide the URI for the authorization endpoint that App1 must use. What should you provide?
https://login.microsoftonline.com/
https://contoso.com/contoso.onmicrosoft.com/app1
https://login.microsoftonline.com/contoso.onmicrosoft.com/
https://myapps.microsoft.com
25
Which migration solution should you recommend for Project1?
From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
From Exchange admin center, start the migration and select Remote move migration.
From Exchange Online PowerShell, run the New-MailboxImportRequest cmdlet
From Exchange Online PowerShell, run the New-MailboxExportRequest cmdlet.
26
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant. You suspect that several Office 365 features were recently updated. You need to view a list of the features that were recently updated in the tenant. Solution: You use the View service requests option in the Microsoft 365 admin center. Does this meet the goal?
Yes
No
27
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant. You suspect that several Office 365 features were recently updated. You need to view a list of the features that were recently updated in the tenant. Solution: You use Dashboard in Security & Compliance. Does this meet the goal?
Yes
No
28
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant. You suspect that several Office 365 features were recently updated. You need to view a list of the features that were recently updated in the tenant. Solution: You use Message center in the Microsoft 365 admin center. Does this meet the goal?
Yes
No
29
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a Microsoft Office 365 tenant. You suspect that several Office 365 features were recently updated. You need to view a list of the features that were recently updated in the tenant. Solution: You review the Security & Compliance report in the Microsoft 365 admin center. Does this meet the goal?
Yes
No
30
You have a Microsoft 365 tenant that contains Microsoft Exchange Online. You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has a Microsoft 365 tenant. You need to ensure that the calendar of every user is available to the users in adatum.com immediately. What should you do?
From the Exchange admin center, create a new organization relationship.
From the Microsoft 365 admin center, configure external site sharing.
From the Exchange admin center, create a sharing policy.
From the Microsoft 365 admin center, modify the Organization profile settings.
31
Your company has an on-premises Microsoft Exchange Server 2016 organization and a Microsoft 365 Enterprise subscription. You plan to migrate mailboxes and groups to Exchange Online. You start a new migration batch. Users report slow performance when they use the on-premises Exchange Server organization. You discover that the migration is causing the slow performance. You need to reduce the impact of the mailbox migration on the end-users. What should you do?
Modify the migration endpoint settings
Create a mailbox rule
Configure back pressure.
Create a throttling policy.
32
You have a Microsoft 365 subscription. You need to prevent phishing email messages from being delivered to your organization. What should you do?
From Security & Compliance, create a new threat management policy
From the Exchange admin center, create an anti-malware policy
From Security & Compliance, create a DLP policy.
From the Exchange admin center, create a spam filter policy.
33
You have a Microsoft 365 subscription. A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department. You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible. How frequently can you share the reports?
monthly
hourly
daily
weekly
34
Your company has a Microsoft 365 subscription. You need to identify all the users in the subscription who are licensed for Microsoft Office 365 through a group membership. The solution must include the name of the group used to assign the license. What should you use?
Active users in the Microsoft 365 admin center
Report in Security & Compliance
Reports in the Microsoft 365 admin center
the Licenses blade in the Azure portal
35
Your company has a Microsoft 365 subscription. You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center. A month later, you attempt to run an import job for the PST files. You discover that the PST files were deleted from Microsoft 365. What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal. Select the BEST answer.
PST files are deleted automatically from Microsoft 365 after 30 days
The PST files were corrupted and deleted by Microsoft 365 security features.
The size of the PST files exceeded a storage quota and caused the files to be deleted.
Another administrator deleted the PST files.
36
Your company has a main office and 20 branch offices in North America and Europe. Each branch office connects to the main office by using a WAN link. All the offices connect to the Internet and resolve external host names by using the main office connections. You plan to deploy Microsoft 365 and to implement a direct Internet connection in each office. You need to recommend a change to the infrastructure to provide the quickest possible access to Microsoft 365 services. What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
For all the client computers in the branch offices, modify the MTU setting by using a Group Policy object
(GPO).
In each branch office, configure name resolution so that all external hosts are redirected to public DNS
servers directly.
In each branch office, deploy a firewall that has packet inspection enabled.
In each branch office, deploy a proxy server that has user authentication enabled.
37
Your network contains an Active Directory forest named adatum.local. The forest contains 500 users and uses adatum.com as a UPN suffix. You deploy a Microsoft 365 tenant. You implement directory synchronization and sync only 50 support users. You discover that five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com. You need to ensure that all synchronized identities retain the UPN set in their on-premises user account. What should you do?
From the Microsoft 365 admin center, add adatum.local as a custom domain name.
From the Microsoft 365 admin center, add adatum.com as a custom domain name
From Active Directory Users and Computers, modify the UPN suffix of the five user accounts.
From Windows PowerShell, run the Set-ADDomain –AllowedDNSSuffixes adatum.com
command.
38
You are evaluating the required processes for Project1. You need to recommend which DNS record must be created before you begin the project. Which DNS record should you recommend?
host (AAA)
host (A)
alias (CNAME)
mail exchanger (MX)
39
You have a Microsoft 365 subscription. You view the service advisories shown in the following exhibit. You need to ensure that users who administer Microsoft SharePoint Online can view the advisories to investigate health issues. Which role should you assign to the users?
Reports reader
SharePoint administrator
Service administrator
Message Center reader
40
Your network contains an Active Directory forest named contoso.local. You have a Microsoft 365 subscription. You plan to implement a directory synchronization solution that will use password hash synchronization. From the Microsoft 365 admin center, you verify the contoso.com domain name. You need to prepare the environment for the planned directory synchronization solution. What should you do first?
From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
From Active Directory Users and Computers, modify the UPN suffix for all users.
From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
From the Microsoft 365 admin center, verify the contoso.local domain name.
41
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant. The network uses a firewall that contains a list of allowed outbound domains. You begin to implement directory synchronization. You discover that the firewall configuration contains only the following domain names in the list of allowed domains: *.microsoft.com *.office.com Directory synchronization fails. You need to ensure that directory synchronization completes successfully. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
From the firewall, allow the IP address range of the Azure data center for outbound communication
Deploy an Azure AD Connect sync server in staging mode
From the firewall, modify the list of allowed outbound domains.
From the firewall, create a list of allowed inbound domains
From Azure AD Connect, modify the Customize synchronization options task.
42
Your network contains an on-premises Active Directory forest. You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy. You need to recommend an authentication strategy that meets the following requirements: Allows users to sign in by using smart card-based certificates Allows users to connect to on-premises and Microsoft 365 services by using SSO Which authentication strategy should you recommend?
pass-through authentication and seamless SSO
password hash synchronization and seamless SSO
federation with Active Directory Federation Services (AD FS)
43
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do?
From Windows PowerShell on a domain controller, run the Get-AzureADUser and
Set-AzureADUser cmdlets.
. From Active Directory Administrative Center, select the Active Directory users, and then modify the
Properties settings.
From the Microsoft 365 admin center, select the users, and then use the Bulk actions option
From Azure Cloud Shell, run the Get-AzureADUser and Set-AzureADUser cmdlets.
44
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1. You enable Azure AD Identity Protection. You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1?
Global administrator
Compliance administrator
Security reader
Reports reader
45
Your network contains three Active Directory forests. You create a Microsoft Azure Active Directory (Azure AD) tenant. You plan to sync the on-premises Active Directory to Azure AD. You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails. What should you include in the recommendation?
three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode
one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode
46
Your company has 10,000 users who access all applications from an on-premises data center. You plan to create a Microsoft 365 subscription and to migrate data to the cloud. You plan to implement directory synchronization. User account and group accounts must sync to Microsoft Azure Directory (Azure AD) successfully. You discover that several user accounts fail to sync to Azure AD. You need to identify which user accounts failed to sync. You must resolve the issue as quickly as possible. What should you do?
Run idfix.exe, and then click Edit.
From Active Directory Administrative Center, search for all the users, and then modify the properties of
the user accounts.
Run idfix.exe, and then click Complete.
From Windows PowerShell, run the Start-AdSyncSyncCycle –PolicyType Delta command
47
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants. You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users. You need to recommend a solution for the planned directory synchronization. What should you include in the recommendation?
Deploy one server that runs Azure AD Connect, and then specify two sync groups
Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using
organizational unit (OU)-based filtering.
Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using
organizational unit (OU)-based filtering.
Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using
domain-based filtering.
48
To which Azure AD role should you add User4 to meet the security requirement?
Privileged role administrator
Security administrator
Password administrator
Global administrator
49
Which role should you assign to User1?
Security Administrator
Hygiene Management
Records Management
Security Reader
