最新のMS-100試験のリアル試験問題 本日無料更新されました
MS-100リアル試験問題解答は更新された[2023年04月23日]
Microsoft MS-100試験は、Microsoft 365 Identity and Servicesの知識と専門知識を検証したいITプロフェッショナル向けに設計されています。この認定試験は、アイデンティティ管理、セキュリティ、コンプライアンス、認証などのMicrosoft 365サービスについて深い理解を持つ個人を対象としています。この試験は、候補者がユーザーのアイデンティティと役割、アクセス管理、セキュリティ、コンプライアンス、認証を含むMicrosoft 365サービスを管理する能力を測定します。
質問 # 163
You have an on-premises Microsoft SharePoint Server 2016 environment.
You create a Microsoft 365 tenant.
You need to migrate some of the SharePoint sites to SharePoint Online. The solution must meet the following requirements:
* Microsoft OneDrive sites must redirect users to online content.
* Users must be able to follow both on-premises and cloud-based sites.
* Users must have a single SharePoint profile for both on-premises and on the cloud.
* When users search for a document by using keywords, the results must include online and on-premises results.
From the SharePoint Hybrid Configuration Wizard, you select the following features:
* Hybrid business to business (B2B) sites
* Hybrid OneDrive
* Hybrid Search
Which two requirements are met by using the SharePoint Hybrid Configuration Wizard features? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Users must be able to follow both on-premises and cloud-based sites.
- B. Users must have a single SharePoint profile for both on-premises and on the cloud.
- C. OneDrive sites must redirect users to online content.
- D. When users search for a document by using keywords, the results must include online and on-premises results.
正解:C、D
解説:
Section: [none]
Explanation:
Hybrid OneDrive - Choosing this option will redirect on-premises My Sites/OneDrive for Business sites to SharePoint Online OneDrive for Business in Office 365. Once the wizard completes, any click of the OneDrive link from on-premises will redirect to OneDrive for Business in the cloud. This meets the following requirement:
OneDrive sites must redirect users to online content.
Cloud hybrid search - Choosing this option creates a cloud Search service application in SharePoint Server and connects the cloud Search service application to your Office 365 tenant. This meets the following requirement: When users search for a document by using keywords, the results must include online and on- premises results.
Reference:
https://docs.microsoft.com/en-us/sharepoint/hybrid/hybrid-picker-in-the-sharepoint-online-admin-center
質問 # 164
You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection
質問 # 165
You have a Microsoft 365 subscription.
You have a group named Support. Users in the Support group frequently send email messages to external users.
The manager of the Support group wants to randomly review messages that contain attachments.
You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/supervision-policies
質問 # 166
You recently migrated your on-premises email solution to Microsoft Exchange Online and are evaluating which licenses to purchase.
You want the members of two groups named IT and Managers to be able to use the features shown in the following table.
The IT group contains 50 users. The Managers group contains 200 users.
You need to recommend which licenses must be purchased for the planned solution. The solution must minimize licensing costs.
Which licenses should you recommend?
- A. 50 Microsoft 365 E 3 and 200 Microsoft 365 E5
- B. 250 Microsoft 365 E3 only
- C. 250 Microsoft 365 E5 only
- D. 200 Microsoft 365 E3 and 50 Microsoft 365 E5
正解:D
解説:
Explanation
Microsoft Azure Active Directory Privileged Identity Management requires an Azure AD Premium P2 license.
This license comes as part of the Microsoft 365 E5 license. Therefore, we need 50 Microsoft 365 E5 licenses for the IT group.
Conditional Access requires the Azure AD Premium P1 license. This comes as part of the Microsoft E3 license. Therefore, we need 200 Microsoft 365 E3 licenses for the Managers group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requiremen
質問 # 167
Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to identify which user accounts failed to sync. You must resolve the issue as quickly as possible.
What should you do?
- A. From Windows PowerShell, run the Start-AdSyncCycle -PolicyType Deltacommand.
- B. Run idfix.exe, and then click Complete.
- C. Run idfix.exe, and then click Edit.
- D. From Active Directory Administrative Center, search for all the users, and then modify the properties of
the user accounts.
正解:C
質問 # 168
Your company has a sales system that emails an alert to all the members of the sales department when a new sale is made.
You need to ensure that a notification is posted to a team channel when a new sale is made. The solution must minimize development effort.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Post JSON to the webhook URL from the existing sales system.
- B. Set the configurationUrl property of a connector in the manifest
- C. Get an incoming webhook for the channel
- D. Post XML to the webhook URL from the existing sales system.
正解:C、D
質問 # 169
You need to meet the security requirement for the vendors.
What should you do?
- A. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName parameter.
- B. From the Azure portal, add an identity provider.
- C. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserType parameter.
- D. From the Azure portal, create guest accounts.
正解:D
解説:
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator
Topic 3, Litware inc
General Overview
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named ADatum Corporation.
Environment
On-Premises Environment
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.
The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud environment
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
Password hash synchronization is enabled.
Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.
Self-service password reset (SSPR) is enabled.
The Azure Active Directory (Azure AD) tenant has Security defaults enabled.
Requirements
Planned Changes
Litware identifies the following issues:
Admin1 cannot create conditional access policies.
Admin4 receives an error when attempting to use SSPR.
Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Technical Requirements
Litware plans to implement the following changes:
Implement Microsoft Intune.
Implement Microsoft Teams.
Implement Microsoft Defender for Office 365.
Ensure that users can install Office 365 apps on their device.
Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.
Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.
質問 # 170
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You have three applications App1, App2, App3. The Apps use files that have the same file extensions.
Your company uses Windows Information Protection (WIP). WIP has the following configurations:
Windows Information Protection mode: Silent
Protected apps: App1
Exempt apps: App2
From App1, you create a file named File1.
What is the effect of the configurations? To answer, select the appropriate options in the answer area.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune
https://docs.microsoft.com/en-us/windows/security/information-protectionHYPERLINK "https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune#exempt-apps-from-wip-restrictions"/windows-information-protection/create-wip-policy-using-intune#exempt-apps-from-wip-restrictions
質問 # 171
You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso.com is configured as shown in the following exhibit.
You need to ensure that guest users can be created in the tenant.
Which setting should you modify?
- A. Deny invitations to the specified domains.
- B. Members can invite.
- C. Admins and users in the guest inviter role can invite.
- D. Guests can invite.
- E. Guest users permissions are limited.
正解:C
解説:
The setting "Admins and users in the guest inviter role can invite" is set to No. This means that no one can create guest accounts because they cannot 'invite' guests. This setting needs to be changed to Yes to ensure that guest users can be created in the tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
質問 # 172
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You review the Security & Compliance report in the Microsoft 365 admin center.
Does this meet the goal?
- A. No
- B. Yes
正解:A
解説:
The Security & Compliance reports in the Microsoft 365 admin center are reports regarding security and compliance for your Office 365 Services. For example, email usage reports, Data Loss Prevention reports etc. They do not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/download-existing-reports
質問 # 173
Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following two exhibits.

You create a user named User1 in Active Directory as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
The Azure AD Attributes page shows which attributes will be synchronized based on the Office 365 services you are using (Exchange, SharePoint etc). We can see that ExtenstionAttribute10 and ExtensionAttribute11 have been deselected.
The Directory Extensions page shows which additional attributes will be synchronized (additional to the list in the Azure AD Attributes page).
ExtensionAttribute1:
Will be synchronized because it is ticked in the Azure AD Attributes page.
ExtensionAttribute10.
Will be synchronized because although it is unticked in the Azure AD Attributes page, it is added again in the Directory Extensions page.
ExtensionAttribute11.
Will not be synchronized because it is unticked in the Azure AD Attributes page and it is not added again in the Directory Extensions page.
ExtensionAttribute12:
Will be synchronized because it is ticked in the Azure AD Attributes page. It is also added again in the Directory Extensions page but this will have no effect as it is already ticked in the Azure AD Attributes page.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
質問 # 174
You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.
All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).
You plan to create a user named Admin1 that will perform following tasks:
* View BitLocker recovery keys.
* Configure the usage location for the users in contoso.com.
You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.
Which two roles should you assign? To answer, select the appropriate roles in the answer area. NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 175
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit.
You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?
- A. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.
- B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.
- C. From the Security & Compliance admin center, create a classification label.
- D. From the Security & Compliance admin center, add the users to the Security Readers role group.
正解:B
解説:
Section: [none]
Explanation:
A named location can be configured as a trusted location. Typically, trusted locations are network areas that are controlled by your IT department. In addition to Conditional Access, trusted named locations are also used by Azure Identity Protection and Azure AD security reports to reduce false positives for risky sign-ins.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
質問 # 176
Your company has 10 offices.
The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.
You discover that one of the offices has the following:
* Computers that have several preinstalled applications
* Computers that use nonstandard computer names
* Computers that have Windows 10 preinstalled
* Computers that are in a workgroup
You must configure the computers to meet the following corporate requirements:
* All the computers must be joined to the domain.
* All the computers must have computer names that use a prefix of CONTOSO.
* All the computers must only have approved corporate applications installed.
You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.
- A. Windows Autopilot
- B. wipe and load refresh
- C. an in-place upgrade
- D. a provisioning package
正解:D
解説:
By using a Provisioning, IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device.
Incorrect Answers:
C: With Windows Autopilot the user can set up pre-configure devices without the need consult their IT administrator.
D: Use the In-Place Upgrade option when you want to keep all (or at least most) existing applications.
References:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios
https://docs.microsoft.com/HYPERLINK "https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot"en-us/windows/deployment/windows-autopilot/windows-autopilot
質問 # 177
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid deployment of Microsoft 365 that contains the objects shown in the following table.
Azure AD Connect has the following settings:
* Password Hash Sync: Enabled
* Password writeback: Enabled
* Group writeback: Enabled
You need to add User2 to Group 2.
Solution: From Azure PowerShell, you run the Set-AzureADGroup cmdlet.
Does this meet the goal?
- A. No
- B. Yes
正解:A
解説:
Explanation
The Set-AzureADGroup cmdlet updates a group in Azure Active Directory (AD) but User2 and Group2 are objects in Windows Server AD.
質問 # 178
You need to configure Microsoft Teams to support the technical requirements tor collaborating with A. Datum What should you configure in the Microsoft Teams admin center?
- A. guest access
- B. messaging policies
- C. external access
- D. meeting policies
正解:A
質問 # 179
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
Contoso.com
East.contoso.com
The forest contains the users shown in the following table.
The forest syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 180
You implement Microsoft Azure Advanced Threat Protection (Azure ATP).
You have an Azure ATP sensor configured as shown in the following exhibit.
Updates
How long after the Azure ATP cloud service is updated will the sensor update?
- A. 24 hours
- B. 12 hours
- C. 1 hour
- D. 48 hours
- E. 7 days
正解:A
解説:
Explanation
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-whats-new
質問 # 181
You have a Microsoft 365 subscription that uses a default named contoso.com.
Three files were created on February 1, 2019, as shown in the following table.
On March 1, 2019, you create two retention labels named Label1 and label2.
The settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1
The settings for Label2 are configured as shown in the Label1 exhibit. (Click the Label2 tab.) Label 2
You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: No
Retention overrides deletion.
Box 2: No
Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then permanently deleted another 93 days after that. Thus 100 days in total.
Box 3: No
Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews
質問 # 182
You plan to deploy two Microsoft Power Platform environments as shown in the following table.
Which environment type should you use for each environment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/power-platform/admin/environments-overview
質問 # 183
You need to ensure that a user named User1 can create documents by using Office Online.
Which two Microsoft Office 365 license options should you turn on for User1? To answer, select the appropriate options in the answer area.
NOTE: Each correct section is worth one point.
正解:
解説:
質問 # 184
You need to prepare the environment for Project1.
You create the Microsoft 365 tenant.
Which three actions should you perform in sequence next? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
All users must be able to exchange email messages successfully during Project1 by using their current email address.
After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
This configuration requires a hybrid Exchange configuration during the pilot phase. This means that you will have mailboxes hosted in Exchange Online and mailboxes hosted in Exchange on-premise.
The first steps to configure Exchange hybrid are to Create the Azure AD tenant, add the Fabrikam.com domain as a custom domain, then configure directory synchronization to replicate the on-prem Active Directory user accounts to Azure Active Directory.
Reference:
https://docs.microsoft.com/en-us/exchange/exchange-hybrid
質問 # 185
You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From all the AD FS servers, run audltpol.exe.
- B. From the Azure AO Connect server, run the Register-AzureADCConnectHealthSyncAgent cmdlet.
- C. From all the domain controllers, run the set-AdminAuditLogConfig cmdlet and specify the -LogiLevel parameter.
- D. On an server, install Azure AD Connect Health (or AD FS.
- E. On a domain controller install Azure AD Connect Health for AD DS.
正解:B、E
質問 # 186
You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso.com is configured as shown in the following exhibit.
You need to ensure that guest users can be created in the tenant.
Which setting should you modify?
- A. Deny invitations to the specified domains.
- B. Members can invite.
- C. Admins and users in the guest inviter role can invite.
- D. Guests can invite.
- E. Guest users permissions are limited.
正解:C
解説:
Section: [none]
Explanation:
The setting "Admins and users in the guest inviter role can invite" is set to No. This means that no one can create guest accounts because they cannot 'invite' guests. This setting needs to be changed to Yes to ensure that guest users can be created in the tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
質問 # 187
You have a Microsoft 365 Enterprise subscription.
You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device.
You need to view which users authenticated by using multi-factor authentication.
What should you do?
- A. From the Azure Active Directory admin center, view the user sign-ins.
- B. From the Microsoft 365 admin center, view the Security & Compliance reports.
- C. From the Microsoft 365 admin center, view the Usage reports.
- D. From the Azure Active Directory admin center, view the audit logs.
正解:A
解説:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
質問 # 188
......
最新のMS-100学習ガイド2023年最新の- 提供するのはテストエンジンとPDF:https://jp.fast2test.com/MS-100-premium-file.html
お手軽に合格させる最新のMicrosoft MS-100問題集には417問があります:https://drive.google.com/open?id=1go1SzB7eTVlB8NejpLp-bx1IMMs-PF3y