Microsoft 365 Identity and Services 온라인 연습
최종 업데이트 시간: 2024년10월30일
당신은 온라인 연습 문제를 통해 Microsoft MS-100 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 MS-100 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 200개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
Email address policies define the rules that create email addresses for recipients in your Exchange organization whether this is Exchange on-premise or Exchange online.
You can configure email address policies using the graphical interface of the Exchange Admin Center or by using PowerShell with the Set-EmailAddressPolicy cmdlet.
The Set-EmailAddressPolicy cmdlet is used to modify an email address policy. The Update-EmailAddressPolicy cmdlet is used to apply an email address policy to users.
Reference: https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/email-address-policies/email-address-policies?view=exchserver-2019
정답:
Explanation:
Anti-phishing protection is part of Office 365 Advanced Threat Protection (ATP). To prevent phishing email messages from being delivered to your organization, you need to configure a threat management policy.
ATP anti-phishing is only available in Advanced Threat Protection (ATP). ATP is included in subscriptions, such as Microsoft 365 Enterprise, Microsoft 365 Business, Office 365 Enterprise E5, Office 365 Education A5, etc.
Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies
정답:
Explanation:
The Security & Compliance reports in the Microsoft 365 admin center are reports regarding security and compliance for your Office 365 Services. For example, email usage reports, Data Loss Prevention reports etc. They do not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/download-existing-reports
정답:
Explanation:
Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in Staging mode is configured and ready to go but it needs to be manually switched to Active to perform directory synchronization.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
정답:
Explanation:
Azure AD Connect synchronizes Active Directory to Azure Active Directory on a schedule. The minimum time between synchronizations is 30 minutes.
If you want to synchronize changes to Active Directory without waiting for the next sync cycle, you can initiate a sync by using the Start-AdSyncSyncCycle. The Delta option synchronizes changes to Active Directory made since the last sync. The Full option synchronizes all Active Directory objects including those that have not changed.
Reference: https://blogs.technet.microsoft.com/rmilne/2014/10/01/how-to-run-manual-dirsync-azure-active-directory-sync-updates/
정답:
Explanation:
The risky sign-ins reports are available to users in the following roles:
✑ Security Administrator
✑ Global Administrator
✑ Security Reader
Of the three roles listed above, the Security Reader role has the least privilege.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins
정답:
Explanation:
A User Administrator is the only role listed that can create user accounts included Guest user accounts. A Global Administrator can also create user accounts.
A User Administrator is also the only role listed that can modify the group membership of users.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
정답:
Explanation:
The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active Directory.
You can use Windows PowerShell on a domain controller and run the Get-ADUser cmdlet to get the required users and pipe the results into Set-ADUser cmdlet to modify the city attribute.
Reference: https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-aduser?view=win10-ps
정답:
Explanation:
Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in Staging mode is configured and ready to go but it needs to be manually switched to Active to perform directory synchronization.
Azure authentication agents can be installed on as many servers as you like.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
정답:
Explanation:
Box 1:
A Password Administrator or a User Administrator can reset the password non-administrative users.
Box 2:
A User Administrator can configure other attributes such as the Manager attribute of non-administrative users.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
정답:
Explanation:
Allan Yoo’s user account is synchronized from the on-premise Active Directory. This means that most user account settings have to be configured in the on-premise Active Directory.
In the exhibit, Password Writeback is disabled. Therefore, you cannot reset the password of Allan Yoo from the Azure portal.
You also cannot change Allan Yoo’s job title in the Azure portal because his account is synchronized from the on-premise Active Directory.
One setting that you can configure for synchronized user accounts I the usage location. The usage location must be configured on a user account before you can assign licenses to the user.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
정답:
Explanation:
Federation with Active Directory Federation Services (AD FS) is required to allow users to sign in by using smart card-based certificates.
Federated authentication
When you choose this authentication method, Azure AD hands off the authentication process to a separate trusted authentication system, such as on-premises Active Directory Federation Services (AD FS), to validate the user’s password.
The authentication system can provide additional advanced authentication requirements. Examples are smartcard-based authentication or third-party multifactor authentication.
Reference: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
정답:
Explanation:
Azure AD Connect needs to be able to connect to various Microsoft domains such as login.microsoftonline.com. Therefore, you need to modify the list of allowed outbound domains on the firewall.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports
정답:
Explanation:
Your devices use a service connection point (SCP) object during the registration to discover Azure AD tenant information. In your on-premises Active Directory instance, the SCP object for the hybrid Azure AD joined devices must exist in the configuration naming context partition of the computer's forest. There is only one configuration naming context per forest. In a multi-forest Active Directory configuration, the service connection point must exist in all forests that contain domain-joined computers.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual
정답:
Explanation:
To audit AD FS user authentication, you need to install Azure AD Connect Health for AD FS. The agent should be installed on an AD FS server. After the installation, you need to register the agent by running the Register-AzureADConnectHealthSyncAgent cmdlet.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs