• Home
  • Articles
  • MS-100 Questions PDF [2023] Use Valid New dump to Clear Exam [Q241-Q257]

MS-100 Questions PDF [2023] Use Valid New dump to Clear Exam [Q241-Q257]

Share

MS-100 Questions PDF [2023] Use Valid New dump to Clear Exam

Passing Microsoft MS-100 Exam Using 2023 Practice Tests

NEW QUESTION # 241
You need to recommend which DNS record must be created before adding a domain name for the project.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?

  • A. alias (CNAME)
  • B. host (A)
  • C. host information (HINFO)
  • D. mail exchanger (MX)

Answer: B

Explanation:
When you add a custom domain to Office 365, you need to verify that you own the domain. You can do this by adding either an MX record or a TXT record to the DNS for that domain.
Reference:
https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide


NEW QUESTION # 242
You are securing a wet API by using the Microsoft identity Platform. The web API must meet the following requirements:
* Authenticated Azure Active Directory (Azure AD) users must be able to retrieve user information from Azure AD.
* Authenticated Azure AD users must be able to manage Microsoft 365 groups.
You need to grant permissions for the web API. The solution must use the principle of least privilege. What should you grant? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 243
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management (MDM).
The device type restrictions are configured as shown in the following table.

The device limit restrictions are configured as shown in the following table.

What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

When multiple policies are applied to groups that users are a member of, only the highest priority (lowest number) policy applies.
In this case, the Engineering users are assigned two device type policies (the default policy and the priority 2 policy). The priority 2 policy has a higher priority than the default policy so the Engineers' allowed platform is Android only.
The engineers have two device limit restrictions policies applied them. The priority1 policy is a higher priority than the priority2 policy so the priority1 policy device limit (15) applies.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set


NEW QUESTION # 244
You have a Microsoft 365 E5 subscription.
You have an Azure AD tenant named contoso.com that contains the following users:
* Admin 1
* Admin2
* User1
Contoso.com contains an administrative unit named AU1 that has no role assignments. User1 is a member of AU1.

Answer:

Explanation:

Explanation


NEW QUESTION # 245
Your company has a main office and 20 branch offices in North America and Europe. Each branch office connects to the main office by using a WAN link. All the offices connect to the Internet and resolve external host names by using the main office connections.
You plan to deploy Microsoft 365 and to implement a direct Internet connection in each office.
You need to recommend a change to the infrastructure to provide the quickest possible access to Microsoft 365 services.
What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

  • A. In each branch office, configure name resolution so that all external hosts are redirected to public DNS
  • B. For all the client computers in the branch offices, modify the MTU setting by using a Group Policy object (GPO).
  • C. In each branch office, deploy a proxy server that has user authentication enabled.
  • D. In each branch office, deploy a firewall that has packet inspection enabled.

Answer: A

Explanation:
servers directly.
Explanation:
Being a cloud service, Office 365 would be classed as an external host to the office computers.
All the offices connect to the Internet and resolve external host names by using the main office connections. This means that all branch office computers perform DNS lookups and connect to the Internet over the WAN link.
Each branch office will have a direct connection to the Internet so the quickest possible access to Microsoft 365 services would be by using the direct Internet connections. However, the DNS lookups would still go over the WAN links to main office. The solution to provide the quickest possible access to Microsoft 365 services is to configure DNS name resolution so that the computers use public DNS servers for external hosts. That way DNS lookups for Office 365 and the connections to Office 365 will use the direct Internet connections.


NEW QUESTION # 246
You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Yes.
User1 is in a group named Compliant. All the conditional access policies apply to Group1 so they don't apply to User1.
As there is no conditional access policy blocking access for the group named Compliant, User1 is able to access App1 using any device.
Box 2: Yes.
User2 is in Group1 so Policy1 applies first. Policy1 excludes compliant devices and Device1 is compliant.
Therefore, Policy1 does not apply so we move on to Policy2.
User2 is also in Group2. Policy2 excludes Group2. Therefore, Policy2 does not apply so we move on to Policy3.
Policy3 applies to Group1 so Policy3 applies to User2. Policy3 applies to 'All device states' so Policy3 applies to Device1. Policy3 grants access. Therefore, User2 can access App1 using Device1.
Box 3: No.
User2 is in Group1 so Policy1 applies. Policy1 excludes compliant devices but Devices is non-compliant.
Therefore, User2 cannot access App1 from Device2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access


NEW QUESTION # 247
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Multi-factor authentication (MFA) is configured to use 131.107.50/24 for trusted IPs.
The tenant contains the named locations shown in the following table.

You create a conditional access policy that has the following configurations:
Users and groups assignment: All users
Cloud apps assignment: App1
Conditions: Include all trusted locations
Grant access: require multi-factor authentication
For each of the following statements, select Yes if the statement is true. otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition


NEW QUESTION # 248
Your on-permission network contains the web application shown in the following table.

You purchase Microsoft 365, and the implement directory synchronization.
You plan to publish the web applications.
You need to ensure that all the applications are accessible by using the My Apps portal. The solution must minimize administrative effort.
What should you do first?

  • A. Deploy one conditional access policy.
  • B. Deploy one connector.
  • C. Create a site-to-site VPN from Microsoft Azure to the on-premises network.
  • D. Create four application registrations.

Answer: B


NEW QUESTION # 249
Your network contains an Active Directory forest named adatum.local. The forest contains 500 users and uses adatum.com as a UPN suffix.
You deploy a Microsoft 365 tenant.
You implement directory synchronization and sync only 50 support users.
You discover that five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com.
You need to ensure that all synchronized identities retain the UPN set in their on-premises user account.
What should you do?

  • A. From the Microsoft 365 admin center, add adatum.com as a custom domain name.
  • B. From Active Directory Users and Computers, modify the UPN suffix of the five user accounts.
  • C. From the Microsoft 365 admin center, add adatum.local as a custom domain name.
  • D. From Windows PowerShell, run the Set-ADDomain -AllowedDNSSuffixes adatum.comcommand.

Answer: B

Explanation:
Explanation
Explanation:
The question states that only five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com. Therefore the other 45 users have the correct UPN suffix. This tells us that the adatum.com domain has already been added to Office 365 as a custom domain.
The forest is named adatum.local and uses adatum.com as a UPN suffix. User accounts in the domain will have adatum.local as their default UPN suffix. To use adatum.com as the UPN suffix, each user account will need to be configured to use adatum.com as the UPN suffix.
Any synchronized user account that has adatum.local as a UPN suffix will be configured to use a UPN suffix of onmicrosoft.com because adatum.local cannot be added to Office 365 as a custom domain.
Therefore, the reason that the five synchronized users have usernames with a UPN suffix of onmicrosoft.com is because their accounts were not configured to use the UPN suffix of contoso.com.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory- synchronization


NEW QUESTION # 250
You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You purchase a DNS domain named fabnkam.com.
You need to ensure that Microsoft Exchange Online users can receive emails sent to the fabrikam.com domain.
What should you use?

  • A. the Microsoft 365 compliance center
  • B. the Microsoft Endpoint Manager admin center
  • C. the Microsoft 365 admin center
  • D. the Exchange admin center

Answer: C


NEW QUESTION # 251
You have a Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies


NEW QUESTION # 252
You have several devices enrolled in Microsoft Intune.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

The device type restrictions in Intune are configured as shown in the following table.

You add User3 as a device enrollment manager in Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set


NEW QUESTION # 253
You company has a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

The tenant includes a security group named Admin1. Admin1 will be used to manage administrative accounts.
You need to identify which users can perform the following administrative tasks:
* Create guest user accounts.
* Add User3 to Admin1.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
A User Administrator is the only role listed that can create user accounts included Guest user accounts. A Global Administrator can also create user accounts.
A User Administrator is also the only role listed that can modify the group membership of users.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles


NEW QUESTION # 254
You have a Microsoft 365 Enterprise subscription.
You create a password policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout


NEW QUESTION # 255
Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.
Users on the network report that they are prompted for multi-factor authentication multiple times a day.
You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices.
What should you do?

  • A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device.
  • B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.
  • C. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).
  • D. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

Answer: B

Explanation:
The remember Multi-Factor Authentication feature for devices and browsers that are trusted by the user is a free feature for all Multi-Factor Authentication users. Users can bypass subsequent verifications for a specified number of days, after they've successfully signed-in to a device by using Multi-Factor Authentication. The feature enhances usability by minimizing the number of times a user has to perform two-step verification on the same device.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings


NEW QUESTION # 256
Your company has a hybrid deployment of Microsoft 36S.
Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed.
You need to verify whether all the Authentication Agents are used for authentication.
What should you do?

  • A. From Performance Monitor, use the #PTA authentications counter.
  • B. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page.
  • C. From Performance Monitor, use the Kerberos authentications counter.
  • D. From the Azure portal use the Diagnostics settings on the Monitor blade.

Answer: B


NEW QUESTION # 257
......


Conclusion

If you want to get the badge, you should have thorough preparation to master the content and be able to pass the test. Don’t avoid good learning and check the options that Microsoft offers on its website right on the certification page. Also, don’t forget to use exam dumps and practice tests to increase your chances of a high score.

 

MS-100 Study Guide Brilliant MS-100 Exam Dumps PDF: https://www.dumpsquestion.com/MS-100-exam-dumps-collection.html

View MS-100 Exam Question Dumps With Latest Demo: https://drive.google.com/open?id=1lRB1yXyFVNQavEwbHcXGgDEL-H-sV_Ex

Related Articles

more
Microsoft MS-100 Certification Practice Exam

Copyright © 2026 DumpsQuestion NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy