Managing Office 365 Identities and Requirements

Question 1

Your organization has an Office 365 subscription. Microsoft Azure AD Connect is deployed to the organization.
You need to deploy Active Directory Federation Services (AD FS) to meet the following requirements:
* Use an AD FS namespace of sts.fabrikam.com.
* Allow mobile devices to connect from untrusted networks and prevent all other devices from connecting from untrusted networks.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

Explanation

Step 1: Install a third-party certificate.
Since AD FS leverages SSL, we need to have a SSL certificate.
Before starting the AD FS configuration wizard install a third-party certificate.
Step 2: Run the AD FS Federation Server Configuration Wizard.
Step 3: Federate the AD FS Domain
We must change the Office 365 domain to be a federated domain.
Step 4: Modify the relying party trust for the Microsoft Office 365Identity Platform After enabling claims-based authentication, the next step is to add and configure the claims provider and relying party trusts in AD FS.
After you enable claims-based authentication, you must configure Microsoft Dynamics 365 Server as are lying party to consume claims from AD FS for authenticating internal claims access.
References:
https://blogs.technet.microsoft.com/rmilne/2014/04/28/how-to-install-adfs-2012-r2-for-office-365/
https://technet.microsoft.com/en-us/library/gg188595.aspx

Question 2

You need to use the Office 365 admin center portal to create the report for the Dallas office. Which values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Topic 3, Fabrikam, Inc (Case Study A)
OverView
Fabrikam, inc is a financial services organization.
Fabrikam recently purchased another financial services organization named Contoso, Ltd.
Fabrikam has 2000 users. Contoso has 500 users.
Windows 10 and office 2016 are deployed to all computers.
Physical Location:
Fabrikam has an office in the United States. Contoso has an office in the United Kingdom.
The offices connect to each other by using a WAN link. Each office also connects directly to the internet.
Existing Environment:
Active Directory:
The network Fabrikam contains an Active Directory forest.
The Active Directory environment of Contoso was migrated to the Active Directory forest of Fabrikam. The forest contains three domains named fabrikam.com , contractor.fabrikam.com, and contoso.com.
All domain controllers run Windows Server 2008 R2.
All contractors outsourced by fabrikam use the user principal name (UPN) suffix of contractor.fabrikam.com.
If fabrikam hires the contractor as a permanenet employee, the UPN suffix changes to fabrikam.com.
Network
The network has the following configurations:
* External IP address for the United States office: 192.168.1.100
* External IP address for the United Kingdom office: 192.168.2.100
* Internal IP address range for the United States office: 10.0.1.0/24
* Internal IP address range for the United Kingdom office : 10.0.2.0/24 Active Directory Federation Services (ADFS) AD FS and web Application Proxies are deployed to support an app for the sales department. The app is accessed from the Microsoft Azure Portal.
Office 365 Tenant
You have an Office 365 subscription that has the following configurations:
* Organization name: Fabrikam Financial Services.
* Vanity domain: Fabrikamfinancialservices.onmicrosoft.com
* Microsoft SharePoint domain: Fabrikamfinancialservices .sharepoint.com
* Additional domain added to the subscription: Contoso.com and fabrikam.com Requirements:
Planned Changes:
* Deploy Azure AD connect.
* Move mailboxes from Microsoft Exchange 2016 to Exchange Online.
* Deploy Azure multi-factor authentication for devices that connect from untrusted networks only.
* Customize the AD FS sign-in webpage to include the Fabrikam logo, a helpdesk phone number, and a sign=in description.
* Once all of the Fabrikam users are replicated to Azure Active Directory (Azure AD), assign an E3 license to all of the users in the United States office.
Technical Requirements:
Contoso identifies the following technical requirements:
* When a device connects from an untrusted network to https://outlook.office.com, ensure that users must type a verification code generated from a mobile app.
* Ensure that all users can access office 365 services from a web browser by using either a UPN or their primary SMTP email address.
* After Azure AD connect is deployed, change the UPN suffix if all the users in the Contoso sales department to fabrikam.com.
* Ensure that administrator are notified when the health information of Exchange Online changes.
* User Office 365 reports to review previous tasks performed in Office 365.

Question 3

You have an Office 365 tenant that has an Enterprise E3 subscription. You configure multi-factor authentication for all users in the tenant. Remote users configure Outlook 2016 to use their Office 365 credentials.
You need to ensure that users only authenticate with Office 365 by using two-step verification.
What should you do?

A. Modify the license type of the user accounts to an Enterprise E1 subscription.

B. Disable app passwords for the user accounts.

C. Remove the rights management license from the user accounts.

D. Add the user accounts to a new security group.

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 4

You have an Office 365 subscription.
The Office 365 organization contains 500 users.
You need to identify the following users in the organization:
* users who have Litigation Hold enabled
* users who receive the most spam email messages
* users who have mailboxes that were accesses by an administrator
Which type of report should you review to identify each type of user? To answer, drag the appropriate reports to the correct types of users. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Correct Answer:

Explanation

Box 1: Usage
Box 2: Auditing
To run a litigation hold report
* Select Manage My Organization > Roles & Auditing > Auditing.
* Click Run a litigation hold report
Box 3: Auditing
References:https://mshiyas.wordpress.com/tag/run-a-litigation-hold-report-in-office-365/

Question 5

You are the Office 365 administrator for your company.
The environment must support single sign-on.
You need to install the required certificates.
Which two certificates should you install? Each correct answer presents part of the solution.

A. Token signing

B. Personal

C. Privacy-enhanced mail (PEM)

D. Secure Sockets Layer (SSL)

E. Software publisher

Correct Answer: A,D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 6

A company plans to deploy an Office 365 tenant.
You have the following requirements:
* Administrators must be able to access the Office 365 admin center.
* Microsoft Exchange Online must be used as a Simple Mail Transfer Protocol (SMTP) relay for a line-of-business application that sends email messages to remote domains.
* All users must be able to use the audio and video capabilities in Microsoft Skype for Business.
You need to configure the ports for the firewall.
Which port should you use for each application? Select the correct answer from each list in the answer area.

Correct Answer:

Explanation

Transport Control Protocol(TCP), User Datagram Protocol (UDP) ports, and Protocol Numbers are important to TCP/IP networking, intranets, and the Internet. Ports and protocol numbers provide access to a host computer. However, they also create a security hazard by allowing uninvited access. Therefore, knowing which port to allow or disable increases a network's security. If the wrong ports or protocol numbers are disabled on a firewall, router, or proxy server as a security measure, essential services might become unavailable.
TCP port 25 is used for simple mail transfer protocol which is used to e-mail routing between mail servers.
TCP port 443 is used for Audio, video and application sharing sessions as well as data sharing sessions.
RTP/UDP port 50020-50039 must be used for outbound video sessions.
RTP/UDP port 50000-50019must be used for outbound audio sessions.

Question 7

You need to modify the Office 365 subscription to support the planned changes for the devices that connect from untrusted networks.
You enable Azure multi-factor authentication for all of the users in the subscription.
What should you do next from the Office 365 portal?

A. Set the Trusted IPs to 192.168.1.100/32 and 192.168.2.100/32

B. Set the Trusted IPs to 10.0.1.0/24 and 10.0.2.0/24.

C. Add a trusted domain.

D. Convert the fabrikam.com domain to a federated domain.

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 8

You need to troubleshoot the issues for user Sarah.Jones.
How should you complete the command? To answer, select the appropriate options to the answer area.
NOTE: Each correct selection is worth one point

Correct Answer:

Explanation

References:
https://docs.microsoft.com/en-us/powershell/module/exchange/mail-flow/get-messagetrace?view=exchange-ps

Question 9

A company has an Office 365 tenant. You plan to distribute the Office 365 ProPlus client to users.
The client machines do not normally have Internet access.
You need to activate the Office 365 ProPlus installations and ensure that the licenses remain active.
What should you do?

A. Connect the client computer to the Internet only once to activate the Office 365 ProPlus client.

B. Connect the client computer to the Internet once to activate the Office 365 ProPlus client, and once every 90days after that.

C. Connect the client computer to the Internet once to activate the Office 365 ProPlus client, and once every 365 days after that.

D. Connect the client computer to the Internet once to activate the Office 365 ProPlus client, and once every 180 days after that.

E. Connect the client computer to the Internet once to activate the Office 365 ProPlus client, and once every 30 days after that.

Correct Answer: E

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 10

A company has offices in New York and London. The current on-premises Exchange 2013 organization has servers in both sites. Mailboxes for users located in New York are on an Exchange server in the New York office. Mailboxes for users located in London are on an Exchange server in the London office.
You must migrate all mailboxes to Exchange Online. You create an Office 365 tenant and specify the company's New York address.
You need to determine where the user's mailboxes will be created.
Where are the mailboxes created in Exchange Online?

A. All user mailboxes are created in a random datacenter anywhere in the world.

B. All user mailboxes are created in North American datacenters.

C. During the migration process, an administrator must specify the region where each mailbox is created.

D. Mailboxes for users in London are created in European datacenters. Mailboxes for users in New York are created in North American datacenters.

Correct Answer: B

Question 11

You are the Office 365 administrator for your company. You configure new user accounts for User1 and User2. User1 has an on-premises mailbox. User2 has an Office 365 mailbox.
Each user must be able to view the availability of the other user.
You need to ascertain whether users can share their free/busy information.
What should you use?

A. Business Connectivity Services

B. Windows Azure Active Directory Rights Management

C. Microsoft Remote Connectivity Analyzer Tool

D. Transport Reliability IP Probe (TRIPP Tool)

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 12

An organization plans to migrate to Office 365. You use the Windows Azure Active Directory (AD) Sync tool.
Several users will not migrate to Office 365. You must exclude these users from synchronization. All users must continue to authenticate against the on-premises Active Directory.
You need to synchronize the remaining users.
Which three actions should you perform? Each correct answer presents part of the solution.

A. Populate an attribute for each user account.

B. Disable the user accounts in Active Directory.

C. Configure the connection filter.

D. Perform a full synchronization.

E. Run the Windows PowerShell command Set-MsolDirSyncEnabled -EnableDirSync $false.

Correct Answer: A,C,D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Office 365 subscription.
All of the users in your tenant are assigned an E5 license.
You need to view the list of planned updates for Microsoft Skype for Business Online.
Solution: You open the Office 365 admin center and you review the contents of the Security & Compliance reports.
Does this meet the goal?

A. No

B. Yes

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Microsoft Managing Office 365 Identities and Requirements - 70-346 Exam Practice Test

Latest Update

Useful Links

Contact Us