[2024年04月] ベスト Microsoft 365 学習ガイドは MS-100 試験問題集 [Q235-Q260]

[2024年04月] ベストMicrosoft 365学習ガイドはMS-100試験問題集

MS-100認定ガイド問題と解答トレーニング

Microsoft MS-100（Microsoft 365 Identity and Services）試験は、IT専門家にとって最も人気のある認定試験の1つです。この試験は、Microsoft 365サービスとテクノロジーを扱うIT専門家の知識とスキルをテストするように設計されています。この試験では、Microsoft 365サービスとテクノロジーを管理、監視、構成、およびトラブルシューティングする候補者の能力を測定します。

Microsoft MS-100試験を受けるためには、Microsoft 365サービスとその管理について深い理解が必要です。Microsoft 365サービスの構成、管理、およびトラブルシューティングの経験が必要であり、ネットワーク、セキュリティ、およびコンプライアンスに関する知識も必要です。また、PowerShellやその他のコマンドラインツールを使用して、Microsoft 365サービスを管理する方法について深い理解が必要です。

質問 # 235
You create a Microsoft 365 Enterprise subscription.
You assign licenses for all products to all users.
You need to ensure that all Microsoft Office 365 ProPlus installations occur from a network share. The solution must prevent the users from installing Office 365 ProPlus from the Internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create an XML download file.
B. From your computer, run setup.exe /download downloadconfig.xml.
C. From each client computer, run setup.exe /configure installconfig.xml.
D. From the Microsoft 365 admin center, configure the Software download settings.
E. From the Microsoft 365 admin center, deactivate the Office 365 licenses for all the users.

正解：A、C、D

解説：
You can use the Office Deployment Tool (ODT) to download the installation files for Office 365 ProPlus from a local source on your network instead of from the Office Content Delivery Network (CDN).
The first step is to create the configuration file. You can download an XML template file and modify that.
The next step to install Office 365 ProPlus is to run the ODT executable in configure mode with a reference to the configuration file you just saved. In the following example, the configuration file is named installconfig.xml. setup.exe /configure installconfig.xml After running the command, you should see the Office installation start.
To prevent the users from installing Office 365 ProPlus from the Internet, you need to configure the Software download settings (disallow downloads) in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/deployoffice/overview-of-the-office-2016-deployment-tool#download-the-installation-files-for-office-365-proplus-from-a-local-source

質問 # 236
You have a Microsoft 365 tenant that contains a Microsoft Power Platform environment.
You need to ensure that only specific users can create new environments.
What should you do in the Power Platform admin center?

A. From Data policies, create a new data policy.
B. From Data integration, create a new connection set.
C. From Environments, modify the behaviour settings for the default environment.
D. From Power Platform settings, modify the Governance settings for the environment.

正解：D

解説：
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/power-platform/admin/control-environment-creation Testlet 2 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.
Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as a DNS server.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements
Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
* Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft
365.
* Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements
Fabrikam identifies the following technical requirements:
* All users must be able to exchange email messages successfully during Project1 by using their current email address.
* Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
* A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
* Microsoft 365 Apps for enterprise applications must be installed from a network share only.
* Disruptions to email access must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
* An on-premises web application named App1 must allow users to complete their expense reports online.
App1 must be available to users from the My Apps portal.
* The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.
Security Requirements
Fabrikam identifies the following security requirements:
* After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
* The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
* After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
* The principle of least privilege must be used.

質問 # 237
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You purchase a domain named contoso.com from a registrar and add all the required DNS records.
You create a user account named User1. User1 is configured to sign in as [email protected].
You need to configure User1 to sign in as [email protected].
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解：

解説：

Reference:
https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide

質問 # 238
You need to add the custom domain names to Office 365 to support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?

A. one alias (CNAME) record
B. one text (TXT) record
C. three alias (CNAME) records
D. three text (TXT) records

正解：D

解説：
Contoso plans to provide email addresses for all the users in the following domains:
* East.adatum.com
* Contoso.adatum.com
* Humongousinsurance.com
To verify three domain names, you need to add three TXT records.
Reference:
https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide Design and Implement Microsoft 365 Services Testlet 3 This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam.
You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.
Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as a DNS server.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements
Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
* Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft
365.
* Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements
Fabrikam identifies the following technical requirements:
* All users must be able to exchange email messages successfully during Project1 by using their current email address.
* Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
* A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
* Microsoft Microsoft 365 Apps for enterprise applications must be installed from a network share only.
* Disruptions to email access must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
* An on-premises web application named App1 must allow users to complete their expense reports online.
App1 must be available to users from the My Apps portal.
* The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.
Security Requirements
Fabrikam identifies the following security requirements:
* After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
* The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
* After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
* The principle of least privilege must be used.

質問 # 239
You have a Microsoft 365 subscription and a DNS domain. The domain is hosted by a third-party DNS service.
You plan to add the domain to the subscription.
You need to use Microsoft Exchange Online to send and receive emails for the domain.
Which type of DNS record should you add to the DNS zone of the domain for each task? To answer, drag the appropriate records to the correct tasks. Each record may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation

Box 1: MX
When you update your domain's MX record, all new email for anyone who uses your domain will now come to Microsoft 365.
Box 2: CNAME
Add CNAME records to connect other service. You can add CNAME records for each service that you want to connect.
Box 3: TXT
Add or edit an SPF TXT record to help prevent email spam
Reference:
https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hos

質問 # 240
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains.
You begin to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
* *.microsoft.com
* *.office.com
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. From Azure AD Connect, modify the Customize synchronization options task.
B. From the firewall, allow the IP address range of the Azure data center for outbound communication.
C. From the firewall, modify the list of allowed outbound domains.
D. From the firewall, create a list of allowed inbound domains.
E. Deploy an Azure AD Connect sync server in staging mode.

正解：C

解説：
Section: [none]
Explanation:
Azure AD Connect needs to be able to connect to various Microsoft domains such as login.microsoftonline.com. Therefore, you need to modify the list of allowed outbound domains on the firewall.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports

質問 # 241
You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?

A. one alias (CNAME) record
B. one text (TXT) record
C. three alias (CNAME) record
D. three text (TXT) record

正解：C

質問 # 242
You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.

正解：

解説：

Explanation

Box 1: Yes.
User1 is in a group named Compliant. All the conditional access policies apply to Group1 so they don't apply to User1.
As there is no conditional access policy blocking access for the group named Compliant, User1 is able to access App1 using any device.
Box 2: Yes.
User2 is in Group1 so Policy1 applies first. Policy1 excludes compliant devices and Device1 is compliant.
Therefore, Policy1 does not apply so we move on to Policy2.
User2 is also in Group2. Policy2 excludes Group2. Therefore, Policy2 does not apply so we move on to Policy3.
Policy3 applies to Group1 so Policy3 applies to User2. Policy3 applies to 'All device states' so Policy3 applies to Device1. Policy3 grants access. Therefore, User2 can access App1 using Device1.
Box 3: No.
User2 is in Group1 so Policy1 applies. Policy1 excludes compliant devices but Devices is non-compliant.
Therefore, User2 cannot access App1 from Device2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access

質問 # 243
You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

A. Create a new app registration.
B. Create an activity policy.
C. Create a conditional access policy.
D. Create a session policy.

正解：C

解説：
Explanation
You can configure a conditional access policy that applies to the Finance department users. The policy can be configured to 'Allow access' but with multi-factor authentication as a requirement.
The reference below explains how to create a conditional access policy that requires MFA for all users. To apply the policy to finance users only, you would select Users and Group in the Include section instead of All Users and then specify the finance department group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-u

質問 # 244
You have a Microsoft 365 subscription. All users have client computers that run Windows 10 and have Microsoft 365 Apps for enterprise installed.
Some users in the research department work for extended periods of time without an Internet connection.
How many days can the research department users remain offline before they are prevented from editing Office documents?

A. 0
B. 1
C. 2
D. 3

正解：A

解説：
Section: [none]
Explanation:
After 30 days, Microsoft 365 Apps for enterprise will go into reduced functionality mode. When this happens, users will be able to open files but they won't be able to edit them.
As part of the installation process, Microsoft 365 Apps for enterprise communicates with the Office Licensing Service and the Activation and Validation Service to obtain and activate a product key. Each day, or each time the user logs on to their computer, the computer connects to the Activation and Validation Service to verify the license status and extend the product key. As long as the computer can connect to the Internet at least once every 30 days, Office remains fully functional. If the computer goes offline for more than 30 days, Office enters reduced functionality mode until the next time a connection can be made.
Reference:
https://docs.microsoft.com/en-us/deployoffice/overview-of-licensing-and-activation-in-office-365-proplus

質問 # 245
You need to meet the security requirements for User3. The solution must meet the technical requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation

* User3 must be able to manage Office 365 connectors.
* The principle of least privilege must be used whenever possible.
Office 365 connectors are configured in the Exchange Admin Center.
You need to assign User3 the Organization Management role to enable User3 to manage Office 365 connectors.
A Global Admin could manage Office 365 connectors but the Organization Management role has less privilege.
Reference:
https://docs.microsoft.com/en-us/office365/SecurityCompliance/eop/feature-permissions-in-eop

質問 # 246
You have a Microsoft 365 subscription.
You are configuring permissions for Security & Compliance.
You need to ensure that the users can perform the tasks shown in the following table.

The solution must use the principle of least privilege.
To which role should you assign each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation

Security Reader: Members can manage security alerts (view only), and also view reports and settings of security features.
Security Administrator, Compliance Administrator and Organization Management can manage alerts.
However, Security Administrator has the least privilege.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-cent

質問 # 247
You receive the following JSON document when you use Microsoft Graph to query the current signed-in user.

正解：

解説：

質問 # 248
You need to meet the application requirement for the Office 365 ProPlus applications.
You create a XML file that contains the following settings.

Use the drop-down menus to select the choice that complete each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

正解：

解説：

質問 # 249
Your company uses email, calendar, contact, and task services in Microsoft Outlook.com.
You purchase a Microsoft 365 subscription and plan to migrate all users from Outlook.com to Microsoft 365.
You need to identify which user data can be migrated to Microsoft 365.
Which type of data should you identify?

A. calendar
B. task
C. contacts
D. email

正解：D

解説：
You can use the Internet Message Access Protocol (IMAP) to migrate user email from Gmail, Exchange, Outlook.com, and other email systems that support IMAP migration. When you migrate the user's email by using IMAP migration, only the items in the users' inbox or other mail folders are migrated. Contacts, calendar items, and tasks can't be migrated with IMAP, but they can be by a user.
Reference:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/mailbox-migration#migrate-email-from-anotherimap-enabled-email-system

質問 # 250
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid deployment of Microsoft 365 that contains the objects shown in the following table.

Azure AD Connect has the following settings:
* Password Hash Sync: Enabled
* Password writeback: Enabled
* Group writeback: Enabled
You need to add User2 to Group 2.
Solution: From Azure PowerShell, you run the Set-AzureADGroupcmdlet.
Does this meet the goal?

A. No
B. Yes

正解：A

解説：
Section: [none]
Explanation:
The Set-AzureADGroup cmdlet updates a group in Azure Active Directory (AD) but User2 and Group2 are objects in Windows Server AD.

質問 # 251
You need to meet the application requirements for the Office 365 ProPlus applications.
You create an XML files that contains the following settings.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation

Box 1:
Office 365 ProPlus feature updates will be installed twice a year in March and September.
The Channel element in the configuration file is set to 'Targeted'. This means Semi-Annual Targeted.
To help your organization prepare for a Semi-Annual Channel release, Microsoft provides Semi-Annual Channel (Targeted). The primary purpose of this update channel is to give pilot users and application compatibility testers in your organization a chance to work with the upcoming Semi-Annual Channel release Box 2:
Microsoft Office 365 ProPlus applications must be installed from a network share only.
The AllowCDNFallback value is currently set to true. The purpose of this setting is to enable Office 365 to be downloaded from Microsoft's Content Delivery Network if the network share is unavailable. The AllowCDNFallback value should be set to false to meet the technical requirement.
Reference:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016-deployment-tool#updat
https://docs.microsoft.com/en-us/deployoffice/overview-of-update-channels-for-office-365-proplus

質問 # 252
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.
Does this meet the goal?

A. Yes
B. No

正解：A

解説：
Section: [none]
Explanation:
Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.
With named locations, you can create logical groupings of IP address ranges, for example your office IP range.
You can then mark the named location as a trusted location.
Mark as trusted location - A flag you can set for a named location to indicate a trusted location. Typically, trusted locations are network areas that are controlled by your IT department.
You would then configure the conditional access policy to allow access only from the trusted location.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online- and-OneDrive-for/ba-p/46678

質問 # 253
You are configuring an enterprise application named TestApp in Microsoft Azure as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation

References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-hard-coded-lin

質問 # 254
You have a Microsoft Azure Active Directory (Azure AD) tenant.
Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation:
References:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

質問 # 255
You have a Microsoft 365 subscription. All users have client computers that run Windows 10 and have Microsoft Office 365 ProPlus installed.
Some users in the research department work for extended periods of time without an Internet connection.
How many days can the research department users remain offline before they are prevented from editing Office documents?

A. 0
B. 1
C. 2
D. 3

正解：A

解説：
After 30 days, Microsoft Office 365 ProPlus will go into reduced functionality mode. When this happens, users will be able to open files but they won't be able to edit them.
As part of the installation process, Office 365 ProPlus communicates with the Office Licensing Service and the Activation and Validation Service to obtain and activate a product key. Each day, or each time the user logs on to their computer, the computer connects to the Activation and Validation Service to verify the license status and extend the product key. As long as the computer can connect to the Internet at least once every 30 days, Office remains fully functional. If the computer goes offline for more than 30 days, Office enters reduced functionality mode until the next time a connection can be made.
Reference:
https://docs.microsoft.com/en-us/deployoffice/overview-of-licensing-and-activation-in-office-365-proplus

質問 # 256
Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).
You have users in contoso.com as shown in the following table.

The users have the passwords shown in the following table.

You implement password protection as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解：

解説：

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

質問 # 257
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解：

解説：

Explanation

Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
The group needs to be a Security group.
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

質問 # 258
You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.
Which authentication strategy should you implement for the pilot projects?

A. pass-through authentication
B. pass-through authentication and seamless SSO
C. password hash synchronization and seamless SSO
D. password hash synchronization

正解：C

解説：
Section: [none]
Explanation:
* Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft
365.
* Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
* After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
* Fabrikam does NOT plan to implement identity federation.
* After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable password hash synchronization to enable the users to continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable SSO to enable all users to be signed in to on-premises and cloud-based applications automatically.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn Testlet 4 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named ADatum Corporation.
Environment
On-Premises Environment
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.

The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud environment
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
* Password hash synchronization is enabled.
* Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.

Self-service password reset (SSPR) is enabled.
The Azure Active Directory (Azure AD) tenant has Security defaults enabled.
Requirements
Planned Changes
Litware identifies the following issues:
* Admin1 cannot create conditional access policies.
* Admin4 receives an error when attempting to use SSPR.
* Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Technical Requirements
Litware plans to implement the following changes:
* Implement Microsoft Intune.
* Implement Microsoft Teams.
* Implement Microsoft Defender for Office 365.
* Ensure that users can install Office 365 apps on their device.
* Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.
* Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.

質問 # 259
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchases a Microsoft 365 subscription and establishes a hybrid deployment of Azure Directory (Azure AD) by using password hash synchronization.
You create a new user User10 on-premises and a new user named User20 in Azure AD.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.