Microsoft 365 Identity and Services Questions and Answers
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
- Contoso.com
- East.contoso.com
An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.
You deploy a new domain named west.contoso.com to the forest.
You need to ensure that west.contoso.com syncs to the Azure AD tenant.
Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to active mode.
Does this meet the goal?
You have a Microsoft 365 subscription and a hybrid Microsoft Exchange Online deployment.
You plan to deploy iOS devices that will use Outlook for iOS and Hybrid Modem Authentication (HMA).
You need to ensure that HMA is configured correctly.
What should you use?
You have a bot named SupporrBot that is registered to the Microsoft Bot Framework and deployed to the Azure Bot Service. The bot is configured as shown in the following table.
SupportBot provides responses to user queries in Microsoft Teams conversations.
You need to create an app manifest to deploy SupportBot to Microsoft Teams.
How should you complete the manifest? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe1211885.onmicrosoft.com
Microsoft 365 Password: oL9z0=?Nq@ox
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11098651
You need to ensure that all the users in your organization are prompted to change their password every 180 days.
To answer the question, sign in to the Microsoft 365 portal.
You publish an enterprise application named App1 that process financial data.
You need to ensure that access to App1 is revoked for users who no longer require view the processed financial data.
What should you configure?
Your on-permission network contains the web application shown in the following table.
You purchase Microsoft 365, and the implement directory synchronization.
You plan to publish the web applications.
You need to ensure that all the applications are accessible by using the My Apps portal. The solution must minimize administrative effort.
What should you do first?
You have a Microsoft 365 subscription.
From the Microsoft 365 portal, users download and install Microsoft Office apps on their devices.
You need to ensure that Office feature updates are installed by using the Semi-Annual Enterprise Channel.
What should you configure from the Services page of the Microsoft 365 admin center?
Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the following table.
The group have the members shown in the following table.
You are configure synchronization between fabrikam.com and a Microsoft Azure Active Director (Azure AD) tenant.
You configure the domain/OU Filtering settings in Azure AD Connect as shown in the Domain>OU Filtering exhibit. (Click the Domain/OU Filtering tab.)
You configure the Filtering in Azure Connect as shown in the Filtering exhibit. (Click the Filtering tab.)
NOTE: Each correct selection is worth one point.
Your company has a Microsoft 365 subscription.
You need to identify all the users in the subscription who are licensed for Microsoft Office 365 through a group membership. The solution must include the name of the group used to assign the license.
What should you use?
Your company has a Microsoft 365 tenant named litwareinc.com.
The Guest access settings in Microsoft Teams are configured as shown in the following exhibit.
The External access settings in Microsoft Teams are configured as shown in the following exhibit.
The company has a third-party supplier named adventureworks.com. Users in litwareinc.com collaborate with the following users by using Microsoft Teams:
- User1@contoso.com
- User2@adventureworks.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription and a DNS domain. The domain is hosted by a third-party DNS service.
You plan to add the domain to the subscription.
You need to use Microsoft Exchange Online to send and receive emails for the domain.
Which type of DNS record should you add to the DNS zone of the domain for each task? To answer, drag the appropriate records to the correct tasks. Each record may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription.
You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant.
A partner company has an email domain named contoso.com.
You need to prevent out-of-office replies from being sent to contoso.com.
What should you create?
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You create an administrative unit named AU1 that contains the members shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
This question requires that you evaluate the underlined text to determine if it is correct-In Microsoft Word on Windows, before you can sideload a Microsoft Office Add-in, you must firs: upload the manifest to Microsoft OneDrive instructions: Review the underlined text. If it makes the statement correct select "No change is needed," If the statement is incorrect select the answer choice that makes the statement correct
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a Microsoft SharePoint Online site named Site1 and the accounts shown in the following table.
You have an on-premises server named Server1 that contains a folder named Folder1. Folder1 contains the files shown in the following table.
The User1, User2, and Group1 accounts have the security identifiers (SIDs) shown in the following table.
You use the SharePoint Migration Tool to migrate Folder1 to Site1. You preserve the file share permissions and use the following user mapping file.
S-1-5-21-4534338-1127018997-2609994386-1304, UserA@Contoso.com, FALSE
S-1-5-21-4534338-1127018997-2609994386-1228, UserB@Contoso.com, FALSE
S-1-5-21-4534338-1127018997-2609994386-1106, GroupA, TRUE
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point
You have a Microsoft 365 subscription that uses an Azure Directory (Azure AD) tenant named Contoso.com. The tenant contains the users shown in the following table.
You add another user named user5 to the User administrator role.
You need to identify which management tasks User5 can perform.
Which two tasks should you identify? Each correct answer presents a complete solution.
Your company has a Microsoft 365 subscription.
You plan to move several archived PST files to Microsoft Exchange Online mailboxes.
You need to create an import job for the PST files.
Which three actions should you perform before you create the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You are securing a wet API by using the Microsoft identity Platform. The web API must meet the following requirements:
• Authenticated Azure Active Directory (Azure AD) users must be able to retrieve user information from Azure AD.
• Authenticated Azure AD users must be able to manage Microsoft 365 groups.
You need to grant permissions for the web API. The solution must use the principle of least privilege. What should you grant? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company is based in the United Kingdom (UK).
Users frequently handle data that contains Personally Identifiable Information (PII).
You create a data loss prevention (DLP) policy that applies to users inside and outside the company. The policy is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based in the information presented in the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
You need to identify which users can perform the following administrative tasks:
- Reset the password of User4.
- Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
Users have Android or iOS devices and access Microsoft 365 resources from computers that run Windows 11 or MacOS.
You need to implement passwordless authentication. The solution must support all the devices.
Which authentication method should you use?
Your network contains an Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has a share named Share1.
You have a hybrid deployment of Microsoft 365.
You need to migrate the content in Share1 to Microsoft OneDrive.
What should you use?
Your network contains an Active Directory domain named .Ki.ituin.com that is synced to Microsoft Azure Active Directory (Azure AD).
The domain contains 10O user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three letter airport code of each city.
What should you do?
You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.
You plan to provide access to an on-premises app named App1 by using Azure AD Application Proxy. App1 will be managed by User4.
You need to identify which user can install the Application Proxy connector.
Which user should you identify?
You have a Microsoft 36S subscription that contains several Microsoft SharePoint Online sites. You discover that users from your company can invite external users to access files on the SharePoint sites. You need to ensure that the company users can invite only authenticated guest users to the sites. What should you do?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the Compliance Management role.
Does this meet the goal?
Note This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Management role.
Does this meet the goal?
You need to meet the security requirements for User3. The solution must meet the technical requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to assign User2 the required roles to meet the security requirements and the technical requirements.
To which two roles should you assign User2? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirement.
Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.
Does that meet the goal?
You need to meet the security requirement for the vendors.
What should you do?
You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?
To which Azure AD role should you add User4 to meet the security requirement?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role.
From the Exchange admin center, you assign User2 the Help Desk role.
Does this meet the goal?
You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the security requirement for Group1.
What should you do?
You need to meet the security requirement for the vendors.
What should you do?
Which migration solution should you recommend for Project1?
You need to ensure that all the sales department users can authenticate successfully during Project1and Project2.
Which authentication strategy should you implement for the pilot projects?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Monitoring and reports from the Compliance admin center.
Does this meet the goal?
Which role should you assign to User1?
You need to recommend which DNS record must be created before adding a domain name for the project.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
You create the Microsoft 365 tenant.
You implement Azure AD Connect as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
* User passwords must be 10 characters or more.
Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?
You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
Which migration solution should you recommend for Project1?
You need to prepare the environment for Project1.
You create the Microsoft 365 tenant.
Which three actions should you perform in sequence next? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to meet the application requirements for the Office 365 ProPlus applications.
You create an XML files that contains the following settings.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Which migration solution should you recommend for Project1?
You need to recommend the development environment and tools for the development of SalesApp.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend which type of Office Add-in must be used for SalesApp.
What should you recommend?
You need to ensure that users can initiate private conversations with HRBot. The solution must meet the technical requirements for HRApp. How should you configure the HRApp manifest?
You need to modify the HRApp manifest to provide a tab that supports querying the third-party HR system.
Which section of the manifest should you modify, and which value should you set as the scope? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend the development environment and tools for the redesign of the research department’s SharePoint Online sites.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend which API object the SharePoint Framework (SPFx) intranet components will use to access the research department s project management solution. What should you recommend?
You need to configure HRApp to enable users to search for specific jobs by using chat in Microsoft Teams. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to recommend a model for the expense claims solution. What should you recommend?
You need to provide users with access to SalesApp. The solution must meet the technical requirements What should you include in the solution?
You need to configure the Office 365 service status notifications and limit access to the service and feature updates. The solution must meet the technical requirements.
What should you configure in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are evaluating the use of multi-factor authentication (MFA).
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to configure Azure AD Connect to support the planned changes for the Montreal Users and Seattle Use's OUs. What should you do?
You need to ensure that the Microsoft 365 incidents and advisories are reviewed monthly.
Which users can review the incidents and advisories, and which blade should the users use? To answer, select the appropriate options in the answer area
NOTE: Each correct selection is worth one pant
You need to configure just in time access to meet the technical requirements.
What should you use?
You need to configure Microsoft Teams to support the technical requirements tor collaborating with A. Datum What should you configure in the Microsoft Teams admin center?
You need to ensure that Admin4 can use SSPR.
Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that Litware has the appropriate licence to support the planned changes. The solution must minimize costs. Which license type should you use?