Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Microsoft 365 Identity and Services (MS-100) Sample Questions

  1. Home
  3. Microsoft 365 Identity and Services (MS-100) Sample Questions
Microsoft 365 Identity and Services (MS-100) Sample Questions

Candidates who are Microsoft 365 Enterprise Administrators who have the skills to assess, plan, migrate, deploy, and manage Microsoft 365 services should take the Microsoft 365 Identity and Services (MS-100) exam. They are in charge of managing the enterprise’s identities, security, compliance, and auxiliary technologies as well as other Microsoft 365 tenant-related activities. The article provides a list of CompTIA A+ 220-1001 (Core 1) Sample Questions that cover core exam topics including –

  • Design, configure, and manage Microsoft 365 tenant
  • Understand Office 365 product functionality
  • Configure Office 365
  • Manage Office 365 ProPlus deployments
  • Plan and implement identity synchronization
  • Implement application and external access

Advanced Sample Questions

What is Azure AD Connect?

  • A. A tool for managing Microsoft 365 subscriptions and licenses.
  • B. A tool for synchronizing user identities between on-premises and cloud environments.
  • C. A tool for securing network traffic between on-premises and cloud environments.
  • D. A tool for managing device policies and access controls in Microsoft 365.

Answer: B. A tool for synchronizing user identities between on-premises and cloud environments.

Explanation: Azure AD Connect is a tool for synchronizing user identities between on-premises and cloud environments. It allows organizations to manage user identities and authentication across both environments, ensuring a seamless experience for end users and simplifying management for IT teams.

What is Multi-Factor Authentication (MFA)?

  • A. A tool for managing device policies and access controls in Microsoft 365.
  • B. A tool for securing network traffic between on-premises and cloud environments.
  • C. A tool for synchronizing user identities between on-premises and cloud environments.
  • D. A security feature that requires users to provide additional verification when logging in.

Answer: D. A security feature that requires users to provide additional verification when logging in.

Explanation: Multi-Factor Authentication (MFA) is a security feature that requires users to provide additional verification when logging in. This can include something the user knows (like a password), something the user has (like a mobile phone), or something the user is (like a fingerprint). MFA provides an additional layer of security to protect against unauthorized access to sensitive data and resources.

What is Microsoft Intune?

  • A. A tool for managing device policies and access controls in Microsoft 365.
  • B. A tool for securing network traffic between on-premises and cloud environments.
  • C. A tool for synchronizing user identities between on-premises and cloud environments.
  • D. A tool for managing Microsoft 365 subscriptions and licenses.

Answer: A. A tool for managing device policies and access controls in Microsoft 365.

Explanation: Microsoft Intune is a tool for managing device policies and access controls in Microsoft 365. It allows organizations to manage and secure devices that are used to access corporate data, including PCs, Macs, mobile phones, and tablets. With Intune, IT teams can set policies to enforce security and compliance requirements, and manage devices remotely.

What is Azure Active Directory (Azure AD)?

  • A. A tool for managing device policies and access controls in Microsoft 365.
  • B. A tool for securing network traffic between on-premises and cloud environments.
  • C. A tool for managing Microsoft 365 subscriptions and licenses.
  • D. A cloud-based directory and identity management service.

Answer: D. A cloud-based directory and identity management service.

Explanation: Azure Active Directory (Azure AD) is a cloud-based directory and identity management service that allows organizations to manage user identities and access to resources. It provides a central location for managing user accounts, passwords, and permissions, and can be used to authenticate users across different applications and services.

What is the purpose of the Microsoft 365 Admin Center?

  • A. To manage and monitor devices that are used to access corporate data.
  • B. To manage user identities and access to resources in Microsoft 365.
  • C. To manage and monitor network traffic between on-premises and cloud environments.
  • D. To manage and monitor Microsoft 365 subscriptions and licenses.

Answer: D. To manage and monitor Microsoft 365 subscriptions and licenses.

Explanation: The Microsoft 365 Admin Center is a web-based portal for managing and monitoring Microsoft 365 subscriptions and licenses. It allows IT teams to manage users, devices, and applications, and monitor

What is the difference between Azure AD Premium and Azure AD Free?

  • A. Azure AD Premium includes more features than Azure AD Free, such as self-service password reset and group-based access management.
  • B. Azure AD Free includes more features than Azure AD Premium, such as multi-factor authentication and conditional access policies.
  • C. There is no difference between Azure AD Premium and Azure AD Free.
  • D. Azure AD Premium is a separate product from Azure AD Free.

Answer: A. Azure AD Premium includes more features than Azure AD Free, such as self-service password reset and group-based access management.

Explanation: Azure AD Premium includes more features than Azure AD Free, such as self-service password reset and group-based access management. Azure AD Free provides basic identity and access management features, but lacks some of the advanced features of Azure AD Premium.

What is Conditional Access in Microsoft 365?

  • A. A feature that allows users to access resources based on their device compliance status.
  • B. A feature that allows IT teams to set policies to control access to resources based on certain conditions, such as location or device type.
  • C. A feature that allows users to reset their own passwords without IT support.
  • D. A feature that allows IT teams to manage and monitor network traffic between on-premises and cloud environments.

Answer: B. A feature that allows IT teams to set policies to control access to resources based on certain conditions, such as location or device type.

Explanation: Conditional Access is a feature in Microsoft 365 that allows IT teams to set policies to control access to resources based on certain conditions, such as location or device type. For example, IT teams can require users to use multi-factor authentication when accessing sensitive resources from outside the corporate network.

What is the difference between Exchange Online and Exchange Server?

  • A. Exchange Online is a cloud-based email and calendaring service, while Exchange Server is an on-premises email and calendaring solution.
  • B. Exchange Online is an on-premises email and calendaring solution, while Exchange Server is a cloud-based email and calendaring service.
  • C. Exchange Online and Exchange Server are identical products with no differences in features or functionality.
  • D. Exchange Online is a free version of Exchange Server.

Answer: A. Exchange Online is a cloud-based email and calendaring service, while Exchange Server is an on-premises email and calendaring solution.

Explanation: Exchange Online is a cloud-based email and calendaring service, while Exchange Server is an on-premises email and calendaring solution. Exchange Online is hosted in the cloud by Microsoft and provides many of the same features as Exchange Server, but with the added benefits of being managed and updated by Microsoft.

What is Azure Information Protection?

  • A. A tool for managing and protecting sensitive information in Microsoft 365.
  • B. A tool for securing network traffic between on-premises and cloud environments.
  • C. A tool for managing Microsoft 365 subscriptions and licenses.
  • D. A tool for managing device policies and access controls in Microsoft 365.

Answer: A. A tool for managing and protecting sensitive information in Microsoft 365.

Explanation: Azure Information Protection is a tool for managing and protecting sensitive information in Microsoft 365. It allows organizations to classify and label sensitive data, apply encryption and rights management controls, and monitor and audit data usage.

Basic Sample Questions

Q1) Your business has a Microsoft Office 365 subscription. You have a suspicion that a number of Office 365 features have lately been upgrade. You’ll need to look at a list of the tenant’s recently upgraded features. Solution: In the Microsoft 365 admin center, you use the View service requests option. Is this achieving the goal?

  • Yes
  • No

Correct Answer: No

Explanation: A support ticket is a service request. As a result, the Microsoft 365 admin center’s View service requests option displays a list of support tickets. This approach does not satisfy the goal since it does not present a list of the features that were recently changed in the tenancy. To achieve the goal, you’ll need to use the Microsoft 365 admin center’s Message center.

Refer: Track new and changed features in the Microsoft 365 Message center

Q2) Your business has a Microsoft Office 365 subscription. You have a suspicion that a number of Office 365 features have lately been upgrade. You’ll need to look at a list of the tenant’s recently upgraded features. Solution: Dashboard is used in Security & Compliance. Is this achieving the goal?

  1. Yes
  2.  No

Correct Answer: No

Explanation: The Dashboard in Security & Compliance comprises numerous widgets, depending on what your organization’s Office 365 subscription covers, such as Threat.Threat Protection Status, Global Weekly Threat Detections, Malware, and more are all included in the management summary. This approach does not satisfy the goal since it does not present a list of the features that were recently change in the tenancy. To achieve the goal, you’ll need to use the Microsoft 365 admin center’s Message centre.

Refer: Security dashboard in the Security & Compliance Center

Q3) Your business has a Microsoft Office 365 subscription. You have a suspicion that a number of Office 365 features have lately been upgrade. You’ll need to look at a list of the tenant’s recently upgraded features. Solution: In the Microsoft 365 admin centre, you use Message centre. Is this achieving the goal?

  • Yes
  • No

Correct Answer: Yes

Explanation: To see a list of the features that were recently update in the tenant, navigate to the Message centre in the Microsoft 365 admin centre. This is where Microsoft publishes official statements about new and modified features, maintenance schedules, and other significant updates.

Refer: Track new and changed features in the Microsoft 365 Message center

Q4)Your business has a Microsoft Office 365 subscription. You have a suspicion that a number of Office 365 features have lately been upgrade. You’ll need to look at a list of the tenant’s recently upgraded features. Solution: In the Microsoft 365 admin centre, you review the Security & Compliance report. Is this achieving the goal?

  • Yes
  • No

Correct Answer: No

Explanation: The Microsoft 365 admin center’s Security & Compliance reports provide reports about security and compliance for your Office 365 Services. Email usage reports, Data Loss Prevention reports, and so on. They don’t show a list of recently upgraded features in the tenancy, hence this solution falls short of the purpose. To achieve the goal, you’ll need to use the Microsoft 365 admin center’s Message center.

Refer: View Defender for Office 365 reports in the Microsoft 365 Defender portal

Q5) Microsoft Exchange Online is part of your Microsoft 365 tenancy. You intend to share your calendar with adatum.com, a partner organization. The partner company likewise has a Microsoft 365 subscription. You must ensure that every user’s calendar is immediately available to adatum.com users. So, what are your options?

  1.  From the Exchange admin center, create a sharing policy.
  2. From the Exchange admin center, create a new organization relationship.
  3.  From the Microsoft 365 admin center, modify the Organization profile settings.
  4.  From the Microsoft 365 admin center, configure external site sharing.

Correct Answer: From the Exchange admin center, create a new organization relationship.

Explanation: To communicate calendar information with an external business partner, you’ll need to create an organisation relationship. Admins in Office 365 can create a partnership with another Office 365 organisation or an Exchange on-premises organisation.

Refer: Create an organization relationship in Exchange Online

Q6)Your company has an on-premises Microsoft Exchange Server 2016 organization and a Microsoft 365 Enterprise subscription. You plan to migrate mailboxes and groups to Exchange Online. You start a new migration batch. Users report slow performance when they use the on-premises Exchange Server organization. You discover that the migration is causing the slow performance. You need to reduce the impact of the mailbox migration on the end-users. What should you do?

  1.  Create a mail flow rule.
  2.  Configure back pressure.
  3.  Modify the migration endpoint settings.
  4.  Create a throttling policy.

Correct Answer: modify the migration endpoint settings.

Explanation: The slow performance is due to the migration. This indicates that the on-premise Exchange server is having trouble replicating mailboxes to Exchange Online due to the heavy demand. Lessen the maximum number of concurrent mailbox migrations to reduce the burden on the on-premise server. Migrating a few mailboxes at a time will have a lower performance impact than migrating a large number of mailboxes at once.

Refer: How to manage the maximum concurrent migration batches in Exchange Online in Office 365

Q7) You’re a subscriber to Microsoft 365. You must stop phishing email messages from being transmit to your company. So, what are your options?

  1.  From the Exchange admin center, create an anti-malware policy.
  2.  From the Security & Compliance admin center, create a DLP policy.
  3.  From the Security & Compliance admin center, create a new threat management policy.
  4.  From the Exchange admin center, create a spam filter policy.

Correct Answer:  From the Security & Compliance admin center, create a new threat management policy.

Explanation: Office 365 Advanced Threat Security includes anti-phishing protection (ATP). A threat management policy must be configure to prevent phishing email messages from being transmitted to your organisation. Only Advanced Threat Protection includes ATP anti-phishing (ATP). Microsoft 365 Enterprise, Microsoft 365 Business, Office 365 Enterprise E5, Office 365 Education A5, and other subscriptions feature ATP.

Refer: Anti-phishing policies in Microsoft 365

Q8) You’re a subscriber to Microsoft 365. According to a new company security policy, you must automatically submit DLP incident reports to legal department users. You must schedule the distribution of the reports via email. The solution must ensure that reports are supplied on a regular basis. How often do you think you’ll be able to deliver the reports?

  •  hourly
  •  monthly
  •  weekly
  •  daily

Correct Answer: weekly

Explanation: You can access numerous reports, including the DLP Incidents report, through the Dashboard in the Security and Compliance centre. You may then set up a timetable for the reports to be email. The frequency can be set to either weekly or monthly in the schedule setup. As a result, you should select Weekly to ensure that the reports are sent as regularly as feasible.

Refer: View Defender for Office 365 reports in the Microsoft 365 Defender portal

Q9) Microsoft 365 is a subscription that your firm owns. Through a group membership, you must identify all users in the subscription who are licence for Microsoft Office 365. The name of the group that was used to assign the licence must be include in the answer. What type of material should you use?

  1.  the Licenses blade in the Azure portal
  2.  Reports in the Microsoft 365 admin center
  3.  Active users in the Microsoft 365 admin center
  4.  Reports in Security & Compliance admin center

Correct Answer:  the Licenses blade in the Azure portal

Explanation: Select Azure Active Directory, then Licenses to access the Licenses blade in the Azure AD Admin Center. Then select ‘Manage your purchased licences’ from the drop-down menu. Select a licence to display, such as Office 365 E3 from the drop-down menu. After that, you’ll see a list of all users who have that licence. It will say ‘Direct’ for a licence that has been allocate directly to a user or ‘Inherite (Group Name)’ for a licence that has been assigned through a group in the ‘Assignment Paths’ column.

Refer: Assign licenses to users by group membership in Azure Active Directory

Q10) Microsoft 365 is a subscription that your firm owns. Using the Security & Compliance admin centre, you can upload multiple archive PST files to Microsoft 365. You try to start an import job for the PST files a month later. You realise that the PST files in Microsoft 365 have been destroy. What is the most likely reason for the deletion of the files? It’s possible that more than one answer option will help you attain your goal. Choose the most appropriate response.

  1.  The PST files were corrupt and deleted by Microsoft 365 security features.
  2.  PST files are delete automatically from Microsoft 365 after 30 days.
  3.  The size of the PST files exceeded a storage quota and cause the files to be deleted.
  4.  Another administrator deleted the PST files.

Correct Answer: PST files are deleted automatically from Microsoft 365 after 30 days.

Explanation: You can bulk-import PST files to Office 365 mailboxes using the Office 365 Import Service. You upload PST files to an Azure blob container named ingestiondata when you utilise the network upload technique to import them. All PST files in the ingestiondata container in Azure are erased 30 days after the most recent import job was create in the Security & Compliance Center if there are no import jobs in process on the Import page in the Security & Compliance Center.

Refer: FAQ about importing PST files

Q11) Your network contains the adatum.local Active Directory forest. The forest has 500 users and uses the UPN suffix adatum.com. A Microsoft 365 tenant is set up. Only 50 support users are sync when you implement directory synchronisation. You notice that five of the synced users have usernames with the onmicrosoft.com UPN suffix. You must make sure that all synchronised identities keep their on-premises user account’s UPN. So, what are your options?

  1. From the Microsoft 365 admin center, add adatum.com as a custom domain name.
  2.  From Windows PowerShell, run the Set-ADDomain ג€”AllowedDNSSuffixes adatum.com command.
  3.  From Active Directory Users and Computers, modify the UPN suffix of the five user accounts.
  4.  From the Microsoft 365 admin center, add adatum.local as a custom domain name.

Correct Answer: From Active Directory Users and Computers, modify the UPN suffix of the five user accounts.

Explanation: Only five of the synced users have usernames with the onmicrosoft.com UPN suffix, according to the inquiry. As a result, the UPN suffix of the other 45 users is right. This indicates that the adatum.com domain has already been add as a custom domain to Office 365. The forest’s name is adatum.local, while its UPN suffix is adatum.com. The default UPN suffix for user accounts on the domain is adatum.local. Each user account must be configure to use adatum.com as the UPN suffix in order to use adatum.com as the UPN suffix.

Refer: Prepare a non-routable domain for directory synchronization

Q12) You’re a subscriber to Microsoft 365. Several Microsoft Office 365 applications or services appear to have just been upgrade. You must determine which applications or services have been upgrade recently. What are two options for achieving the goal? Each accurate response provides a comprehensive solution.

  1. From the Microsoft 365 admin center, review the Message center blade.
  2.  From the Office 365 Admin mobile app, review the messages.
  3.  From the Microsoft 365 admin center, review the Products blade.
  4.  From the Microsoft 365 admin center, review the Service health blade.

Correct Answer: From the Microsoft 365 admin center, review the Message center blade; From the Office 365 Admin mobile app, review the messages.

Explanation: To see a list of the features that were recently update in the tenant, navigate to the Message centre in the Microsoft 365 admin centre. This is where Microsoft publishes official statements about new and modified features, maintenance schedules, and other significant updates. The Office 365 Admin mobile app can also be use to view the messages shown in the Message centre.

Refer: Track new and changed features in the Microsoft 365 Message center

Q13) Your business has a Microsoft Office 365 subscription. You have a suspicion that a number of Office 365 features have lately been upgrade. You’ll need to look at a list of the tenant’s recently upgraded features. Solution: Monitoring and reporting are access through the Compliance admin centre. Is this achieving the goal?

  • Yes
  • No

Correct Answer: No

Explanation: The Dashboard under Security & Compliance provides numerous widgets, depending on what your organization’s Office 365 subscription includes, such as Threat Management Summary, Threat Protection Status, Global Weekly Threat Detections, Malware, and so on. Much of the same information is available in Microsoft 365’s Compliance admin centre, which also offers extra entries focusing on warnings and data insights. This approach does not satisfy the goal since the Monitoring and Reports area of the Compliance admin centre does not display a list of the features that were recently change in the tenancy.

Refer: Track new and changed features in the Microsoft 365 Message center

Q14)Your network has a contoso.com Active Directory domain that is synchronise with Microsoft Azure Active Directory (Azure AD). Microsoft System Center Configuration Manager is use to manage Windows 10 devices (Current Branch). For co-management, you set up a pilot. You add Device1 to the domain as a new device. On Device1, you install the Configuration Manager client. You must guarantee that Device1 can be manage with Microsoft Intune and Configuration Manager. Solution: From the Intune admin centre, you build a device configuration profile. Is this achieving the goal?

  • Yes
  • No

Correct Answer: No

Explanation: Since Device1 has the Configuration Manager client installed, you can use Configuration Manager to manage it. Device1 must be enroll in Microsoft Intune in order to be manage using Microsoft Intune. Configure a Setup Manager Device Collection in the Co-management Pilot configuration to identify which devices are auto-enroll in Microsoft Intune. Device1 must be add to the Device Collection.
You don’t need to use the Intune admin centre to establish a device configuration profile. As a result, this solution falls short of the requirements.

Refer: How to enable co-management in Configuration Manager

Q15) You’re a subscriber to Microsoft 365. A data loss prevention (DLP) policy is set up. Users are wrongly tagging content as false positive, allowing the DLP policy to be bypass. You must prohibit users from circumventing the DLP policy. What should you set up?

  1.  actions
  2.  exceptions
  3.  incident reports
  4.  user overrides

Correct Answer: user overrides

Explanation: Users can override a policy tip and report a false positive by configuring a DLP policy. You can teach your users about DLP regulations and assist them in remaining compliant while not interfering with their work. If a user tries to share a document with sensitive information, for example, a DLP policy can send them an email notification and offer them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. Outlook on the web, Outlook, Excel, PowerPoint, and Word all have the same policy advice.

Refer: Data loss prevention reference

Q16) On-premises Windows Server File Classification Infrastructure (9FCI) is used by your firm. Confidential papers can be found on the on-premises file servers. The files are transferred from on-premises file servers to Microsoft SharePoint Online. Based on the Confidential classification, you must guarantee that you can apply data loss prevention (DLP) rules for the submitted files. What should you start with?

  1. From the SharePoint admin center, create a managed property.
  2. From the SharePoint admin center, configure hybrid search.
  3. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet.
  4. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet.

Correct Answer: From the SharePoint admin center, create a managed property.

Explanation: Based on the type and number of occurrences of PII found in the document, your organisation might use Windows Server FCI to identify documents with personally identifiable information (PII) such as social security numbers, and then classify the document by setting the Personally Identifiable Information property to High, Moderate, Low, Public, or Not PII. You can design a DLP policy in Office 365 that recognises documents with certain values for that property, such as High and Medium, and then takes action, such as barring access to those files. You must first build a managed property in the SharePoint admin centre before you can use a Windows Server FCI property or another property in a DLP policy.

Refer: Create a DLP policy to protect documents with FCI or other properties

Q17) You’re a subscriber to Microsoft 365. In the subscription, you recently configured a Microsoft SharePoint Online tenancy. You intend to create a policy for alerts. You must guarantee that an alert is generated only if malware is found in more than five SharePoint Online documents in a 10-minute period. What should you start with?

  1.  Enable Microsoft Office 365 Cloud App Security.
  2.  Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).
  3.  Enable Microsoft Office 365 Analytics.

Correct Answer: Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).

Explanation: An alert policy is made up of a set of rules and criteria that describe the user or admin activity that triggers an alert, a list of users who trigger the alert if they execute the activity, and a threshold that specifies the number of times the activity must occur before an alert is triggered.

Refer: Alert policies in Microsoft 365

Q18) You’re a Microsoft 365 subscriber. App1 is a line-of-business application that users can access through the My Apps site. You utilise Conditional Access App Control to set a conditional access policy for App1 after some recent security breaches. If App1 detects impossible travel for a user, you must be notified via email. The solution must ensure that only App1 generates alerts. So, what are your options?

  1.  From Microsoft Cloud App Security, modify the impossible travel alert policy.
  2.  From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
  3.  From the Azure Active Directory admin center, modify the conditional access policy.
  4.  From Microsoft Cloud App Security, create an app discovery policy.

Correct Answer: From Microsoft Cloud App Security, modify the impossible travel alert policy.

Explanation: Impossible travel detection detects two user activities (single or multiple sessions) that originate from geographically distant locations in less time than it would take the user to travel from the first to the second place. We’ll have to change the policy such that it just applies to App1.

Refer: Get behavioral analytics and anomaly detection

Q19) On-premises Active Directory domain contoso.com exists in your network. There are 1,000 Windows 10 devices on the domain. You deploy Windows Defender Advanced Threat Protection (ATP) for 10 test devices as a proof of concept (PoC). You configure Windows Defender ATP-related data to be stored in the United States during the onboarding process. In Europe, you want to connect all devices to Windows Defender ATP data. What should you start with?

  1. Create a workspace
  2. Offboard the test devices
  3. Delete the workspace
  4.  Onboard a new device

Correct Answer: Offboard the test devices

Explanation: You can select to keep your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States when you initially onboard Windows Defender ATP. You cannot modify the location where your data is saved once it has been configured. The only way to modify the test device’s position is to offboard them and then onboard them with the new location.

Refer: Microsoft Defender for Endpoint data storage and privacy

Q20) Microsoft 365 E3 is a subscription that your firm possesses. Windows 10 Pro is installed on all devices, and Microsoft Azure Active Directory is used to manage them (Azure AD). The next time users log in to their computer, you must change the edition of Windows 10 to Enterprise. Users must experience minimal downtime as a result of the solution. What type of material should you use?

  1. Subscription Activation 
  2.  Windows Update
  3.  Windows Autopilot
  4. an in-place upgrade

Correct Answer: Windows Autopilot

Explanation: When deploying new Windows devices, Windows Autopilot uses the OEM-optimized version of Windows 10 that comes preinstalled, saving organisations the time and effort of having to maintain custom images and drivers for each device model. Instead of re-imaging the device, your existing Windows 10 installation can be made business-ready by applying settings and policies, installing apps, and even changing the Windows 10 edition (for example, from Windows 10 Pro to Windows 10 Enterprise) to enable additional functionality.

Refer: Overview of Windows Autopilot

Microsoft 365 Identity and Services (MS-100) free practice test
Menu