Managing Office 365 Identities and Requirements
Question No: 101 – (Topic 2)
An organization prepares to implement Office 365.
You have the following requirements:
->Gather information about the requirements for the Office 365 implementation.
->Use a supported tool that provides the most comprehensive information about the current environment.
You need to determine the organization#39;s readiness for the Office 365 implementation. What should you do?
Run the Windows PowerShell cmdlet Get-MsolCompanylnformation.
Run the OnRamp for Office 365 tool.
Install the Windows Azure Active Directory Sync tool.
Run the Office 365 Deployment Readiness Tool.
Question No: 102 – (Topic 2)
Contoso Ltd. uses Office 365 for collaboration. You are implementing Active Directory Federation Services (AD FS) for single sign-on (SSO) with Office 365 services. The environment contains an Active Directory domain and an AD FS federation server.
You need to ensure that the environment is prepared for the AD FS setup.
Which two actions should you perform? Each correct answer presents part of the solution.
Configure Active Directory to use the domain contoso.com.
Configure Active Directory to use the domain contoso.local.
Create a server authentication certificate for the federation server by using
fs.contoso.com as the subject name and subject alternative name.
Create a server authentication certificate for the federation server by using fs.contoso.local as the subject name and subject alternative name.
Question No: 103 – (Topic 2)
You plan to deploy an Office 365 tenant to multiple offices around the country.
You need to modify the users and groups who are authorized to administer the Rights Management service.
Which Windows PowerShell cmdlet should you run?
Question No: 104 – (Topic 2)
You are in the process of moving ownership of the Adatum.com DNS zone from your current ISP to Office 365.
Which of the following names should be configured as nameservers as a part of this process?
Answer: B Explanation:
To move ownership of DNS to Office 365, you need to configure ns1.bdm.microsoftonline.com and ns2.bdm.microsoftonline.com as authoritative nameservers for the zone.
Question No: 105 – (Topic 2)
Contoso Ltd, has an on-premises SharePoint environment. The Company plans to deploy SharePoint Online.
You must use Active Directory Federation Service (AD FS). The global administrator account must be able to access the Office 365 tenant even if AD FS is unavailable.
You need to set up the global administrator account. What should you do?
Answer: A Explanation:
A complete set up of ADFS federates the entire domain of contoso.com. Even if you create a global admin user in Office 365 using the @contoso.com domain the domain is federated so I believe you will be redirected you to your ADFS login page.
If you create a global admin in Office 365 and configure the UPN to use the domain suffix
of contoso.onmicrosoft.com you will not be sent to the ADFS log in page.
Question No: 106 DRAG DROP – (Topic 2)
Contoso, Ltd., uses SharePoint Online and plans a new single sign-on (SSO) implementation that uses Active Directory Federation Services (AD FS).
Your environment contains the following configurations:
->two servers named Server1 and Server2
->a partner collaboration website for the domain contoso.com that points to a SharePoint Online team site
->a hardware load balancer to use with Server1 and Server2
You need to install AD FS to support the environment.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Example: Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer.
In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate.
PS C:\gt; $fscredential = Get-Credential
PS C:\gt; Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential
* Install-AdFsFarm command creates the first node of a new federation server farm.
/ The parameter -CertificateThumbprintlt;Stringgt;
Specifies the value of the certificate thumbprint of the certificate that should be used in the Secure Sockets Layer (SSL) binding of the Default Web Site in Internet Information Services (IIS). This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
/ The parameter -FederationServiceNamelt;Stringgt;
Specifies the DNS name of the federation service. This value must match the subject name of the certificate configured on the SSL binding in IIS.
* The Add-AdfsFarmNode command adds this computer to an existing federation server farm.
Question No: 107 – (Topic 2)
You have an Office 365 tenant that uses an Enterprise E3 subscription. You have two servers in a perimeter network that have the Active Directory Federation Services (AD FS) proxy role service installed. A federation server farm is located behind a firewall.
You need to ensure that the AD FS proxies can communicate with the federation server farm.
Which two name resolution strategies can you use? Each correct answer presents a complete solution.
HOSTS file on the proxy servers
DNS server in the perimeter network
LMHOSTS file on the proxy servers
LMHOSTS file on the federation servers
HOSTS file on the federation servers
Explanation: Configure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Only the Perimeter Network
So that name resolution can work successfully for a federation server in an Active Directory Federation Services (AD FS) scenario in which one or more Domain Name System (DNS) zones serve only the perimeter network, the following tasks must be completed:
The hosts file on the federation server proxy must be updated to add the IP address of a federation server.
DNS in the perimeter network must be configured to resolve all client requests for the AD FS host name to the federation server proxy. To do this, you add a host (A) resource record to perimeter DNS for the federation server proxy.
Reference: Configure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Only the Perimeter Network
Question No: 108 – (Topic 2)
You use a centralized identity management system as a source of authority for user account information. You export a list of new user accounts to a file on a daily basis. Your company uses a local Active Directory for storing user accounts for on-premises solutions. You are configuring the Windows Azure Active Directory Sync tool.
New user accounts must be created in both the local Active Directory and Office 365. You must import user account data into Office 365 daily.
You need to import the new users. What should you do?
Use the Office 365 admin center to import the file.
Create a Windows PowerShell script to import account data from the file into Active Directory.
Use the Windows Azure Management Portal to import the file.
Create a Windows PowerShell script that uses the MSOnline module to import account data from the file.
Question No: 109 – (Topic 2)
Your company has a hybrid deployment of Office 365. All mailboxes are hosted on Office
365. All users access their Office 365 mailbox by using a user account that is hosted on- premises. You need to delete a user account and its associated mailbox.
Which tool should you use?
The Remove-MSOLUser cmdlet
The Remove-Mailbox cmdlet
The Office 365 portal
Active Directory Users and Computers
Answer: D Explanation:
When deleting accounts from Active Directory and directory synchronization runs the associated object will be deleted from Azure and also soft deleting the mailbox.
Question No: 110 – (Topic 2)
You are the Office 365 administrator for your company.
The company has established the following new requirements:
Members of the legal team must be able to conduct eDiscovery searches.
Employees must be notified when they send email messages that contain confidential information.
You need to configure the environment.
Which two actions should you perform? Each correct answer presents part of the solution.
Configure journaling to a Microsoft Exchange Online mailbox for all mailboxes.
Add the members of the legal team to the Discovery Management role group.
Create a Data Loss Prevention policy.
Place all executive mailboxes on In-Place Hold for 365 days and use In-Place eDiscovery for mailbox searches.
Enable Microsoft Exchange Online Archiving for the executive mailboxes.
Place all executive mailboxes on Retention Hold.
Answer: B,C Explanation:
B: The Discovery Management role group allows administrators or USERS to perform searches of mailboxes in the Exchange Online organization.
C: Data Loss Prevention Policies can be configured with a Policy Tip to notify the sender when they are sending confidential information. Existing or custom DLP policy templates can be used to detect the presence of confidential information.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|