Topic 3 - Manage access and authentication Flashcards Preview

MS-100 - Microsoft 365 Identity and Services > Topic 3 - Manage access and authentication > Flashcards

Flashcards in Topic 3 - Manage access and authentication Deck (29)
Loading flashcards...
1

HOTSPOT -
You have a Microsoft 365 subscription that contains a guest user named User1. User1 is assigned the User administrator role.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

4

2

 

2

You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com contains the users shown in the following table.

Contoso.com is configured as shown in the following exhibit.

You need to ensure that guest users can be created in the tenant.
Which setting should you modify?

A. Guests can invite.

B. Guests users permissions are limited.

C. Members can invite.

D. Admins and users in the guest inviter role can invite.

E. Deny invitations to the specified domains.

Reveal Solution    Discussion  

D. Admins and users in the guest inviter role can invite.

3

Your company recently purchased a Microsoft 365 subscription.
You enable Microsoft Azure Multi-Factor Authentication (MFA) for all 500 users in the Azure Active Directory (Azure AD) tenant.
You need to generate a report that lists all the users who completed the Azure MFA registration process.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet.

B. From Azure Cloud Shell, run the Get-MsolUser cmdlet.

C. From the Azure Active Directory admin center, use the Multi-Factor Authentication â€" Server Status blade.

D. From the Azure Active Directory admin center, use Risky sign-ins blade.

B. From Azure Cloud Shell, run the Get-MsolUser cmdlet.

4

You have a Microsoft 365 Enterprise subscription.
You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device.
You need to view which users authenticated by using multi-factor authentication.
What should you do?

A. From the Microsoft 365 admin center, view the Security & Compliance reports.

B. From the Azure Active Directory admin center, view the user sign-ins.

C. From the Microsoft 365 admin center, view the Usage reports.

D. From the Azure Active Directory admin center, view the audit logs.

B. From the Azure Active Directory admin center, view the user sign-ins.

5

You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

A. Create an activity policy.

B. Create a sign-in risk policy.

C. Crease a session policy.

D. Create an app permission policy.

B. Create a sign-in risk policy.

6

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to implement pass-through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Modify the email address attribute for each user account.

B. From the Azure portal, add a custom domain name.

C. From Active Directory Domains and Trusts, add a UPN suffix.

D. Modify the User logon name for each user account.

E. From the Azure portal, configure an authentication method.

F. From a domain controller, install an Authentication Agent.

B. From the Azure portal, add a custom domain name.

C. From Active Directory Domains and Trusts, add a UPN suffix.

D. Modify the User logon name for each user account.

7

You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From all the AD FS servers, run auditpol.exe.

B. From all the domain controllers, run the Set-AdminAuditLogConfig cmdlet and specify the â€"LogLevel parameter.

C. On a domain controller, install Azure AD Connect Health for AD DS.

D. From the Azure AD Connect server, run the cmdlet. Register-AzureADConnectHealthSyncAgent

E. On an AD FS server, install Azure AD Connect Health for AD FS.

D. From the Azure AD Connect server, run the cmdlet. Register-AzureADConnectHealthSyncAgent

E. On an AD FS server, install Azure AD Connect Health for AD FS.

8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ Users passwords must be 10 characters or more.
Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

A. Yes

B. No

B. No

9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ Users passwords must be 10 characters or more.
Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.
Does this meet the goal?

A. Yes

B. No

B. No

10

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ Users passwords must be 10 characters or more.
Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?

A. Yes

B. No

A. Yes

11

Your company has three main offices and one branch office. The branch office is used for research.
The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.
You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.
What should you include in the recommendation?

A. Microsoft Azure Active Directory (Azure AD) conditional access.

B. Microsoft Azure Active Directory (Azure AD) password protection.

C. a device compliance policy

D. a Microsoft Intune device configuration profile

A. Microsoft Azure Active Directory (Azure AD) conditional access.

12

Your network contains an Active Directory domain named contoso.com.
All users authenticate by using a third-party authentication solution.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to recommend an identity strategy that meets the following requirements:
✑ Provides seamless SSO
✑ Minimizes the number of additional servers required to support the solution
✑ Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)
✑ Ensures that all the users authenticate to Microsoft 365 by using their on-premises user account
You are evaluating the implementation of federation.
Which two requirements are met by using federation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. minimizes the number of additional servers required to support the solution

B. provides seamless SSO

C. stores the passwords of all the users in Azure AD

D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account.

B. provides seamless SSO

D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account.

13

Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to identify an authentication strategy for the planned Microsoft 365 deployment. The solution must meet the following requirements:
✑ Ensure that users can access Microsoft 365 by using their on-premises credentials.
✑ Use the existing server infrastructure only.
✑ Store all user passwords on-premises only.
✑ Be highly available.
Which authentication strategy should you identify?

A. pass-through authentication and seamless SSO

B. pass-through authentication and seamless SSO with password hash synchronization

C. password hash synchronization and seamless SSO

D. federation

A. pass-through authentication and seamless SSO

14

Your network contains an on-premises Active Directory domain.
You have a Microsoft 365 subscription.
You implement a directory synchronization solution that uses pass-through authentication.
You configure Microsoft Azure Active Directory (Azure AD) smart lockout as shown in the following exhibit.

You discover that Active Directory users can use the passwords in the custom banned passwords list.
You need to ensure that banned passwords are effective for all users.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From a domain controller, install the Azure AD Password Protection Proxy.

B. From a domain controller, install the Microsoft AAD Application Proxy connector.

C. From Custom banned passwords, modify the Enforce custom list setting.

D. From Password protection for Windows Server Active Directory, modify the Mode setting.

E. From all the domain controllers, install the Azure AD Password Protection DC Agent.

F. From Active Directory, modify the Default Domain Policy.

A. From a domain controller, install the Azure AD Password Protection Proxy.

C. From Custom banned passwords, modify the Enforce custom list setting.

E. From all the domain controllers, install the Azure AD Password Protection DC Agent.

15

HOTSPOT -
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes a user named User1.
You enable multi-factor authentication for contoso.com and configure the following two fraud alert settings:
✑ Set Allow users to submit fraud alerts: On
✑ Automatically block users who report fraud: On
You need to instruct the users in your organization to use the fraud reporting features correctly.
What should you tell the users to do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

1

4

 

16

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
An external user has a Microsoft account that uses an email address of user1@outlook.com.
An administrator named Admin1 attempts to create a user account for the external user and receives the error message shown in the following exhibit.

You need to ensure that Admin1 can add the user.
What should you do from the Azure Active Directory admin center?

A. Add a custom domain name named outlook.com.

B. Modify the Authentication methods.

C. Modify the External collaboration settings.

D. Assign Admin1 the Security administrator role.

C. Modify the External collaboration settings.

17

HOTSPOT -
You have a Microsoft 365 Enterprise subscription.
You create a password policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

2

1

 

18

Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.
Users on the network report that they are prompted for multi-factor authentication multiple times a day.
You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices.
What should you do?

A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device.

B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.

C. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.

19

Your company has a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
An external vendor has a Microsoft account that has a username of user1@outlook.com.
You plan to provide user1@outlook.com with access to several resources in the subscription.
You need to add the external user account to contoso.onmicrosoft.com. The solution must ensure that the external vendor can authenticate by using user1@outlook.com.
What should you do?

A. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify â€"UserPrincipalName user1@outlook.com.

B. From the Microsoft 365 admin center, add a contact, and then specify user1@outlook.com as the email address.

C. From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address.

D. From the Azure portal, add a custom domain name, and then create a new Azure AD user and use user1@outlook.com as the username.

C. From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address.

20

You have a Microsoft Office 365 subscription that contains several Microsoft SharePoint Online sites.
You discover that users from your company can invite external users to access files on the SharePoint sites.
You need to ensure that the company users can invite only authenticated guest users to the sites.
What should you do?

A. From the Microsoft 365 admin center, configure a partner relationship.

B. From SharePoint Online Management Shell, run the Set-SPOSite cmdlet.

C. From the Azure Active Directory admin center, configure a conditional access policy.

D. From the SharePoint admin center, configure the sharing settings.

D. From the SharePoint admin center, configure the sharing settings.

21

Your company has a hybrid deployment of Microsoft 365.
Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed.
You need to verify whether all the Authentication Agents are used for authentication.
What should you do?

A. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page.

B. From Performance Monitor, use the #PTA authentications counter.

C. From the Azure portal, use the Diagnostics settings on the Monitor blade.

D. From Performance Monitor, use the Kerberos authentications counter.

A. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page.

22

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint policy is modified in the future.
Solution: From the SharePoint site, you create an alert.
Does this meet the goal?

A. Yes

B. No

B. No

23

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint policy is modified in the future.
Solution: From the SharePoint admin center, you modify the sharing settings.
Does this meet the goal?

A. Yes

B. No

B. No

24

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint policy is modified in the future.
Solution: From the Security & Compliance admin center, you create a threat management policy.
Does this meet the goal?

A. Yes

B. No

A. Yes

25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Device Management admin center, you a trusted location and compliance policy.
Does this meet the goal?

A. Yes

B. No

B. No

26

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Microsoft 365 admin center, you configure the Organization profile settings.
Does this meet the goal?

A. Yes

B. No

B. No

27

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.
Does this meet the goal?

A. Yes

B. No

A. Yes

28

HOTSPOT -
You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

The domain contains the devices shown in the following table.

The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

no

no

no

 

29