Microsoft 365 Identity and Services - MS-100 Exam Practice Test

Your network contains an on premises Active Directory domain named contoso.com. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to establish federation authentication between on premises Active Directory and the Azure AD tenant by using Active Directory Federation Services (AD FS).
You need to establish the federation.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Device Management admin center, you a trusted location and compliance policy.
Does this meet the goal?

You have a Microsoft 365 Enterprise E5 subscription.
You add a cloud-based app named App1 to the Microsoft Azure Active Directory (Azure AD) enterprise applications list.
You need to ensure that two-step verification is enforced for all user accounts the next time they connect to App1.
Which three settings should you configure from the policy? To answer, select the appropriate settings in the answer area.

Your company has a Microsoft 365 subscription that contains the users shown in the following table.

You need to identify which users can perform the following administrative tasks:
Modify the password protection policy.
Create guest user accounts.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?

You are securing a wet API by using the Microsoft identity Platform. The web API must meet the following requirements:
* Authenticated Azure Active Directory (Azure AD) users must be able to retrieve user information from Azure AD.
* Authenticated Azure AD users must be able to manage Microsoft 365 groups.
You need to grant permissions for the web API. The solution must use the principle of least privilege. What should you grant? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD).
Azure AD Connect is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Your network contains three Active Directory forests.
You create a Microsoft Azure Active Directory (Azure AD) tenant.
You plan to sync the on premises Active Directory (Azure AD).
You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.
What should you include in the recommendation?