Microsoft Certification 70-346 - O365 Identities/Requirements

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Bearxor
B
Bearxor
Community Contributor
Quizzes Created: 1 | Total Attempts: 375
Questions: 96 | Attempts: 375

SettingsSettingsSettings
Microsoft Certification 70-346 - O365 Identities/Requirements - Quiz

MS Exam 70-346: Managing Office 365 Identities and Requirements


Questions and Answers
  • 1. 

    A company deploys an Office 365 tenant in a hybrid configuration with Exchange Server 2013. Office 365 users cannot see the free/busy information that is published from the on-premises Exchange Server. In addition, Exchange Server users cannot see free/busy information that is published from Office 365.You need to troubleshoot why users cannot access free/busy information from both Office 365 and Exchange Server 2013. Which tool should you run?

    • A.

      The Hybrid Configuration wizard

    • B.

      The Remote Connectivity Analyzer with the Exchange Server tab selected

    • C.

      The Microsoft Connectivity Analyzer Tool

    • D.

      The Remote Connectivity Analyzer with the Office 365 tab selected

    Correct Answer
    D. The Remote Connectivity Analyzer with the Office 365 tab selected
    Explanation
    The correct answer is "The Remote Connectivity Analyzer with the Office 365 tab selected." This tool allows you to test the connectivity and configuration between Office 365 and the on-premises Exchange Server. By selecting the Office 365 tab, you can specifically troubleshoot the issue of users not being able to access free/busy information from both Office 365 and Exchange Server 2013.

    Rate this question:

  • 2. 

    You are the Office 365 administrator for your company. The environment must support single sign-on. You need to install the required certificates.Which two certificates should you install? Each correct answer presents part of the solution.

    • A.

      Secure Sockets Layer (SSL)

    • B.

      Privacy-enhanced mail (PEM)

    • C.

      Token signing

    • D.

      Personal

    • E.

      Software publisher

    Correct Answer(s)
    A. Secure Sockets Layer (SSL)
    C. Token signing
    Explanation
    To support single sign-on in Office 365, two certificates need to be installed: Secure Sockets Layer (SSL) and Token signing. The SSL certificate is necessary for encrypting the communication between the user's browser and the Office 365 services, ensuring a secure connection. The Token signing certificate is used to sign the security tokens issued by the identity provider, allowing Office 365 to trust the authentication information provided by the identity provider. By installing both certificates, the environment will be able to establish a secure and trusted single sign-on experience for users.

    Rate this question:

  • 3. 

    You are the Office 365 administrator for your company. You prepare to install Active Directory Federation Services (AD FS). You need to open the correct port between the AD FS proxy server and the AD FS federation server.Which port should you open?

    • A.

      TCP 80

    • B.

      TCP 135

    • C.

      TCP 389

    • D.

      TCP 443

    • E.

      TCP 636

    • F.

      TCP 1723

    Correct Answer
    D. TCP 443
    Explanation
    The correct port to open between the AD FS proxy server and the AD FS federation server is TCP 443. This is because TCP port 443 is the default port for HTTPS communication, which is used for secure communication between web browsers and web servers. AD FS requires secure communication for authentication and authorization processes, and TCP 443 ensures that the communication is encrypted and secure.

    Rate this question:

  • 4. 

    An organization implements single sign-on (SSO) for use with Office 365 services. You install an Active Directory Federation Services (AD FS) proxy server. Users report that they are unable to authenticate. You launch the Event Viewer and view the event information shown in the following screen shot:You need to ensure that users can authenticate to Office 365. What should you do?

    • A.

      Re-enter the credentials used to establish the trust.

    • B.

      Verify the federation server proxy is trusted by the federation service.

    • C.

      Re-install the Secure Sockets Layer certificate for the federation service.

    • D.

      Verify network connectivity between the Federation Service Proxy and federation server.

    Correct Answer
    A. Re-enter the credentials used to establish the trust.
  • 5. 

    You create an Office 365 tenant. You assign administrative roles to other users. You hire a new user named User2. User2 must NOT be able to change passwords for other users. You need to assign an administrative role to User2.Which role should you assign?

    • A.

      Service administrator

    • B.

      Global administrator

    • C.

      Delegate administrator

    • D.

      Password administrator

    Correct Answer
    C. Delegate administrator
    Explanation
    The correct role to assign to User2 is Delegate administrator. This role allows the user to perform administrative tasks such as managing users and groups, but does not grant the ability to change passwords for other users. This ensures that User2 cannot make unauthorized changes to other users' accounts.

    Rate this question:

  • 6. 

    You are the Office 365 administrator for your company. You have a workstation that runs Windows 8. You need to install the prerequisite components so that you can view mail protection reports on the workstation.Which two items must you install? Each correct answer presents part of the solution.

    • A.

      SQL Server Analysis Services

    • B.

      Microsoft Connectivity Analyzer Tool

    • C.

      Microsoft Access 2013

    • D.

      .NET Framework 4.5

    • E.

      Microsoft Excel 2013

    Correct Answer(s)
    A. SQL Server Analysis Services
    B. Microsoft Connectivity Analyzer Tool
    Explanation
    To view mail protection reports on the workstation, you need to install two items: SQL Server Analysis Services and the Microsoft Connectivity Analyzer Tool. SQL Server Analysis Services is required for data analysis and reporting, while the Microsoft Connectivity Analyzer Tool helps diagnose and troubleshoot connectivity issues. Installing these components will enable you to access and analyze the mail protection reports effectively.

    Rate this question:

  • 7. 

    Your company purchases an Office 365 plan. The company has an Active Directory Domain Services domain. User1 must manage Office 365 delegation for the company. You need to ensure that User1 can assign administrative roles to other users.What should you do?

    • A.

      Create an Office 365 tenant and assign User1 the password administrator role.

    • B.

      Use a password administrator account to assign the role to User1.

    • C.

      Use a user management administrator account to assign the role to User1.

    • D.

      Create an Office 365 tenant and assign User1 the global administrator role.

    Correct Answer
    D. Create an Office 365 tenant and assign User1 the global administrator role.
    Explanation
    To ensure that User1 can assign administrative roles to other users, User1 needs to have the highest level of administrative privileges, which is the global administrator role. By creating an Office 365 tenant and assigning User1 the global administrator role, User1 will have the necessary permissions to manage Office 365 delegation for the company.

    Rate this question:

  • 8. 

    An organization prepares to migrate to Office 365. The organization has one domain controller named NYC-DC1 and one server named NYC-DS that is designated as the directory synchronization computer.NYC-DC1 is running Windows Server 2008 R2 and has a Forest Functional Level of Windows 2000. What is the minimum you must do to the server to allow Directory Synchronization to function?

    • A.

      Raise the forest functional level to Windows Server 2003.

    • B.

      Raise the forest functional level to Windows Server 2008.

    • C.

      Raise the forest functional level to Windows Server 2008 R2.

    • D.

      Install Windows Server 2012.

    Correct Answer
    A. Raise the forest functional level to Windows Server 2003.
    Explanation
    In order to allow Directory Synchronization to function, the forest functional level needs to be raised to at least Windows Server 2003. Since the current forest functional level is Windows 2000, it is necessary to raise it to Windows Server 2003 to meet the minimum requirement for Directory Synchronization.

    Rate this question:

  • 9. 

    An organization prepares to migrate to Office 365. The organization has one domain controller named NYC-DC1 and one server named NYC-DS that is designated as the directory synchronization computer.NYC-DS is running Windows Server 2003. What is the minimum you must do to the server to allow Directory Synchronization to function?

    • A.

      Install the 64-bit version of Windows Server 2008 Standard edition

    • B.

      Install Windows Server 2008 R2 Standard edition

    • C.

      Install Windows Server 2008 R2 Datacenter edition

    • D.

      Install Windows Server 2012

    Correct Answer
    B. Install Windows Server 2008 R2 Standard edition
    Explanation
    To allow Directory Synchronization to function, the minimum requirement is to install Windows Server 2008 R2 Standard edition. This version of the operating system is compatible with Office 365 and will enable the server to synchronize the directory with the cloud-based service. The other options mentioned, such as installing the 64-bit version of Windows Server 2008 Standard edition, Windows Server 2008 R2 Datacenter edition, or Windows Server 2012, do not meet the minimum requirement specified.

    Rate this question:

  • 10. 

    Contoso Ltd. uses Office 365 for collaboration. You are implementing Active Directory Federation Services (AD FS) for single sign-on (SSO) with Office 365 services. The environment contains an Active Directory domain and an AD FS federation server. You need to ensure that the environment is prepared for the AD FS setup.Which two actions should you preform? Each correct answer presents part of the solution.

    • A.

      Configure Active Directory to use the domain contoso.com

    • B.

      Configure Active Directory to use the domain contoso.local

    • C.

      Create a server authentication certificate for the federation server by using fs.contoso.com as the subject name and subject alternative name.

    • D.

      Create a server authentication certificate for the federation server by using fs.contoso.local as the subject name and subject alternative name.

    Correct Answer(s)
    A. Configure Active Directory to use the domain contoso.com
    C. Create a server authentication certificate for the federation server by using fs.contoso.com as the subject name and subject alternative name.
    Explanation
    To prepare the environment for AD FS setup, the first action is to configure Active Directory to use the domain "contoso.com". This ensures that the AD FS server is integrated with the correct Active Directory domain.

    The second action is to create a server authentication certificate for the federation server. This certificate should have "fs.contoso.com" as the subject name and subject alternative name. This certificate is necessary for secure communication between the AD FS server and Office 365 services, enabling SSO functionality.

    Rate this question:

  • 11. 

    Your company has an Office 365 subscription. You create a new retention policy that contains several retention tags. A user named Test5 has a client computer that runs Microsoft Office Outlook 2007. You install Microsoft Outlook 2010 on the client computer of Test5. Test5 reports that the new retention tags are unavailable from Outlook 2010. You verify that other users can use the new retention tags.You need to ensure that the new retention tags are available to Test5 from Outlook 2010. What should you do?

    • A.

      Instruct Test5 to repair the Outlook profile

    • B.

      Modify the retention policy tags

    • C.

      Run the Set-Mailbox cmdlet

    • D.

      Force directory synchronization

    Correct Answer
    A. Instruct Test5 to repair the Outlook profile
  • 12. 

    You are the Office 365 administrator for your company. Users report that their passwords expire too frequently, and they do not receive adequate notice of password expiration. Account passwords must remain active for the longest duration allowed. Users must receive password expiration notifications as early as possible. You need to configure the password expiration policy.What is the maximum amount of days you can set before a password change is forced?

    • A.

      1

    • B.

      13

    • C.

      30

    • D.

      72

    • E.

      365

    • F.

      730

    • G.

      1095

    • H.

      1460

    Correct Answer
    F. 730
    Explanation
    The maximum amount of days that can be set before a password change is forced is 730. This means that users will have up to 2 years before they are required to change their passwords. This setting allows for longer periods of password validity, addressing the issue of passwords expiring too frequently. Additionally, users will receive password expiration notifications as early as possible, giving them ample time to change their passwords before they expire.

    Rate this question:

  • 13. 

    You are the Office 365 administrator for your company. Users report that their passwords expire too frequently, and they do not receive adequate notice of password expiration. Account passwords must remain active for the longest duration allowed. Users must receive password expiration notifications as early as possible. You need to configure the password expiration policy.What is the earliest amount of time you can set or users to be notified of an upcoming password change?

    • A.

      1

    • B.

      13

    • C.

      30

    • D.

      72

    • E.

      365

    • F.

      730

    • G.

      1095

    • H.

      1460

    Correct Answer
    C. 30
    Explanation
    The earliest amount of time that can be set for users to be notified of an upcoming password change is 30 days. This means that users will receive a notification 30 days before their password is set to expire, giving them ample time to change their password before it becomes inactive. This setting allows for a longer duration for active passwords and ensures that users are adequately notified of the upcoming change.

    Rate this question:

  • 14. 

    A company deploys an Office 365 tenant. You must provide an administrator with the ability to manage company information in Office 365. You need to assign permissions to the administrator by following the principle of least privilege.Which role should you assign?

    • A.

      Global administrator

    • B.

      Service administrator

    • C.

      Billing administrator

    • D.

      User management administrator

    Correct Answer
    B. Service administrator
    Explanation
    The role that should be assigned in this scenario is the Service administrator. This role provides the administrator with the ability to manage company information in Office 365, while still following the principle of least privilege. The Global administrator role has more permissions than necessary for this specific task, while the Billing administrator role is focused on managing billing information. The User management administrator role is also not the correct choice as it is more focused on user management rather than company information management. Therefore, the Service administrator role is the most appropriate choice in this situation.

    Rate this question:

  • 15. 

    An organization purchases an Office 365 plan for 10,000 user accounts. You have a domain controller that runs Windows Server 2008 R2. The forest functional level is set to Windows Server 2000. The organization must be able to synchronize user attributes from the on-premises Active Directory Domain Services environment to Office 365.You need to prepare to install the Windows Azure Active Directory Sync tool. Which two actions should you preform?

    • A.

      Upgrade the domain controller to Windows Server 2012

    • B.

      Install Microsoft .NET Framework 3.5 SP1 and Microsoft .NET Framework 4.0

    • C.

      Install Windows Server 2012 Standard Edition

    • D.

      Raise the forest functional level to Windows Server 2008 R2

    • E.

      Join a workstation to an Active Directory domain

    Correct Answer(s)
    B. Install Microsoft .NET Framework 3.5 SP1 and Microsoft .NET Framework 4.0
    D. Raise the forest functional level to Windows Server 2008 R2
    Explanation
    To prepare to install the Windows Azure Active Directory Sync tool, you need to perform two actions. First, you should install Microsoft .NET Framework 3.5 SP1 and Microsoft .NET Framework 4.0 on the domain controller. This is necessary because the Azure Active Directory Sync tool requires these frameworks to run properly. Second, you should raise the forest functional level to Windows Server 2008 R2. This is required because the Azure Active Directory Sync tool is not compatible with lower forest functional levels. By performing these two actions, you will ensure that the domain controller is ready for the installation of the Azure Active Directory Sync tool and that user attributes can be synchronized from the on-premises Active Directory Domain Services environment to Office 365.

    Rate this question:

  • 16. 

    You are the Office 365 administrator for your company. You must configure a trust between the on-premises Active Directory domain and the Office 365 envionment by using Active Directory Federation Services. You need to assign the correct certificate to the description of your on-premises server environment below.Which certificate secures the communication between federation servers, clients, and federation server proxy computers?

    • A.

      Client

    • B.

      Domain

    • C.

      X.509

    • D.

      SSL

    Correct Answer
    D. SSL
    Explanation
    The SSL certificate is used to secure the communication between federation servers, clients, and federation server proxy computers. SSL (Secure Sockets Layer) is a protocol that provides secure communication over a computer network. It encrypts the data transmitted between the client and the server, ensuring that it cannot be intercepted or tampered with by unauthorized parties. In the context of Active Directory Federation Services, the SSL certificate is necessary to establish a secure trust between the on-premises Active Directory domain and the Office 365 environment.

    Rate this question:

  • 17. 

    You are the Office 365 administrator for your company. You must configure a trust between the on-premises Active Directory domain and the Office 365 envionment by using Active Directory Federation Services. You need to assign the correct certificate to the description of your on-premises server environment below.Which certificate securely signs all tokens that the federation server issues for the cloud-based services.

    • A.

      Client

    • B.

      Domain

    • C.

      X.509

    • D.

      SSL

    Correct Answer
    A. Client
    Explanation
    The correct answer is "Client". In an Active Directory Federation Services (ADFS) environment, the federation server issues security tokens to clients for accessing cloud-based services. These security tokens need to be securely signed to ensure the integrity and authenticity of the tokens. The client certificate is used to sign these tokens and verify their authenticity. Therefore, the client certificate is the correct certificate to securely sign all tokens issued by the federation server for cloud-based services.

    Rate this question:

  • 18. 

    You are the Office 365 administrator for your company. The company has two administrators named User1 and User2. Users must be able to perform the activities as shown in the following table: AdministratorActivitiesUser1
    • Reset passwords for standard user accounts
    • Reset passwords for other members of the same role.
    • Must NOT reset passwords for other administrator accounts
    User2
    • Reset passwords for all administrator accounts
    What is the correct role to assign to User1?

    • A.

      Global administrator

    • B.

      Delegate administrator

    • C.

      Billing administrator

    • D.

      Password administrator

    Correct Answer
    D. Password administrator
    Explanation
    The correct role to assign to User1 is "password administrator" because User1 needs to be able to reset passwords for standard user accounts and other members of the same role, but must not reset passwords for other administrator accounts. This role allows User1 to manage passwords for specific user accounts without having the ability to access or modify other administrative settings.

    Rate this question:

  • 19. 

    You are the Office 365 administrator for your company. The company has two administrators named User1 and User2. Users must be able to perform the activities as shown in the following table: AdministratorActivitiesUser1
    • Reset passwords for standard user accounts
    • Reset passwords for other members of the same role.
    • Must NOT reset passwords for other administrator accounts
    User2
    • Reset passwords for all administrator accounts
    What is the correct role to assign to User2?

    • A.

      Global administrator

    • B.

      Delegate administrator

    • C.

      Billing administrator

    • D.

      Password administrator

    Correct Answer
    A. Global administrator
    Explanation
    The correct role to assign to User2 is "global administrator" because User2 needs to be able to reset passwords for all administrator accounts, which includes User1. The other options (delegate administrator, billing administrator, password administrator) do not have the necessary permissions to reset passwords for all administrator accounts.

    Rate this question:

  • 20. 

    You are the SharePoint Online administrator for Contoso, Ltd. The company purchases an Office 365 Enterprise E1 plan. The public-facing website must use SharePoint Online and the custom domain contoso.comYou need to configure the DNS settings for the public-facing SharePoint site. How should you configure the DNS settings?

    • A.

      Record: A - Hostname: contoso-public.office.com - Points To Address: contoso-public.sharepoint.com

    • B.

      Record: CNAME - Hostname: www.contoso.com - Points To Address: contoso-public.sharepoint.com

    • C.

      Record: CNAME - Hostname: www.contoso.com - Points To Address: contoso-public.onmicrosoft.com

    • D.

      Record: A - Hostname: www.contoso.com - Points To Address: contoso-public.sharepoint.com

    Correct Answer
    B. Record: CNAME - Hostname: www.contoso.com - Points To Address: contoso-public.sharepoint.com
    Explanation
    The correct answer is to configure a CNAME record with the hostname "www.contoso.com" and point it to "contoso-public.sharepoint.com". This is because a CNAME record is used to create an alias for a domain name, allowing multiple domain names to point to the same location. In this case, the custom domain "www.contoso.com" needs to point to the public-facing SharePoint site, which is hosted at "contoso-public.sharepoint.com".

    Rate this question:

  • 21. 

    Contoso, Ltd. plans to use Office 365 for email services and Lync Online. Contoso has four unique domain names. You need to migrate domain names to Office 365.Which two domain names should you exclude from the migration?

    • A.

      Contoso.us

    • B.

      Contoso

    • C.

      Contoso.local

    • D.

      Contoso.co

    Correct Answer(s)
    B. Contoso
    C. Contoso.local
    Explanation
    The domain names "contoso" and "contoso.local" should be excluded from the migration. "contoso" is likely the internal domain name used within the local network and does not need to be migrated to Office 365. "contoso.local" is also an internal domain name commonly used for Active Directory domains and does not need to be migrated either. The domain names "contoso.us" and "contoso.co" should be included in the migration as they are likely the public domain names that need to be configured for email and Lync Online services in Office 365.

    Rate this question:

  • 22. 

    An organization prepares to implement Office 365. You have the follow responsibilities:
    1. Gather information about the requirements for the Office 365 implementation
    2. Use a supported tool that provides the most comprehensive information about the current environment
    You need to determine the organization's readiness for the Office 365 implementation. What should you do?

    • A.

      Run the Windows PowerShell cmdlet Get-MsolCompanyInformation

    • B.

      Run the OnRamp for Office 365 tool

    • C.

      Install the Windows Azure Active Directory Sync tool

    • D.

      Run the Office 365 Deployment Readiness Tool

    Correct Answer
    B. Run the OnRamp for Office 365 tool
    Explanation
    To determine the organization's readiness for the Office 365 implementation, the best option is to run the OnRamp for Office 365 tool. This tool provides comprehensive information about the current environment and helps gather all the necessary requirements for the implementation. It is specifically designed for Office 365 deployments and will provide the most accurate assessment of the organization's readiness.

    Rate this question:

  • 23. 

    You deploy Lync Online for a company that has offices in San Francisco and New York. The two offices both connect to the internet. There is no private network link between the offices. Users in the New York office report that they cannot transfer files to the users in the San Francisco office by using Lync Online.What should you do?

    • A.

      Configure the firewall to open Transmission Control Protocol (TCP) ports 50060-50079

    • B.

      Configure the firewall to open Transmission Control Protocol (TCP) ports 50040-50059

    • C.

      Create a private network connection to share files

    • D.

      Upgrade all of the Lync Online clients to use Lync 2013

    Correct Answer
    B. Configure the firewall to open Transmission Control Protocol (TCP) ports 50040-50059
    Explanation
    To resolve the issue of users in the New York office being unable to transfer files to users in the San Francisco office using Lync Online, the correct solution is to configure the firewall to open Transmission Control Protocol (TCP) ports 50040-50059. By opening these specific ports, it allows the necessary network traffic for file transfers between the two offices to pass through the firewall. This will enable the users to successfully transfer files using Lync Online without the need for a private network connection or upgrading the Lync Online clients.

    Rate this question:

  • 24. 

    A company deploys an Office 365 tenant. You need to configure single sign-on (SSO) for all user accounts.Which two actions should you preform?

    • A.

      Run the Windows PowerShell cmdlet Convert-MsolDomainToStandard

    • B.

      Run the Windows PowerShell cmdlet Enable-ADFSEndpoint

    • C.

      Run the Windows PowerShell cmdlet Convert-MsolDomainToFederated

    • D.

      Deploy a federation server proxy

    • E.

      Run the Windows PowerShell cmdlet New-ADFSOrganization

    • F.

      Deploy a federation server farm

    Correct Answer(s)
    C. Run the Windows PowerShell cmdlet Convert-MsolDomainToFederated
    F. Deploy a federation server farm
    Explanation
    To configure single sign-on (SSO) for all user accounts in an Office 365 tenant, you need to perform two actions. First, you need to run the Windows PowerShell cmdlet Convert-MsolDomainToFederated. This cmdlet converts the domain from standard authentication to federated authentication, enabling SSO for the users. Second, you need to deploy a federation server farm. The federation server farm acts as the authentication authority and allows users to authenticate once and access multiple applications without having to re-enter their credentials. By performing these two actions, you can successfully configure SSO for all user accounts in the Office 365 tenant.

    Rate this question:

  • 25. 

    Contoso uses Office 365 for collaboration services. You implement single sign-on (SSO) with Office 365 by using Active Directory Federation Services (AD FS). You need to implement Windows Azure multi-factor authentication.Which three actions should you perform?

    • A.

      On the AD FS federation server, run PhoneFactor AgentSetup.exe

    • B.

      On the AD FS Federation server, run WindowsAzureSDK-x64.exe

    • C.

      On the AD FS Federation server, run the Windows PowerShell cmdlet Register-AdfsAuthenticationProvider

    • D.

      On the AD FS Federation server, run FsConfigWizard.exe

    • E.

      Run the Active Directory Domains and Trusts MMC snap-in. Register Windows Azure Multi-Factor Authentication Server as an additional authentication provider

    • F.

      Run the Windows Azure Multi-Factor Authentication Server Authentication Configuration Wizard

    Correct Answer(s)
    A. On the AD FS federation server, run pHoneFactor AgentSetup.exe
    B. On the AD FS Federation server, run WindowsAzureSDK-x64.exe
    C. On the AD FS Federation server, run the Windows PowerShell cmdlet Register-AdfsAuthenticationProvider
    Explanation
    To implement Windows Azure multi-factor authentication in Office 365 with AD FS, three actions should be performed. First, run PhoneFactor AgentSetup.exe on the AD FS federation server. This installs the necessary components for multi-factor authentication. Second, run WindowsAzureSDK-x64.exe on the AD FS Federation server. This installs the Windows Azure SDK, which is required for integrating with Azure multi-factor authentication. Finally, run the Windows PowerShell cmdlet Register-AdfsAuthenticationProvider on the AD FS Federation server. This registers the Azure multi-factor authentication as an authentication provider in AD FS.

    Rate this question:

  • 26. 

    You are the Office 365 administrator for your company. The company synchronizes the local Active Directory objects with a central identity management system. The environment has the following characteristics:
    • Each deployment has its own organizational unit (OU)
    • The company has OU hierarchies for partner user accounts
    • All user accounts are maintained by the identity management system
    You need to ensure that partner accounts are NOT synchronized with Office 365. What should you do?

    • A.

      Configure OU-based filtering by using the Windows Azure Active Directory Sync tool

    • B.

      In the Windows Azure Active Directory portal, configure OU-based filtering

    • C.

      Configure user attribute-based filtering by using the Windows Azure Active Directory Sync tool

    • D.

      In the Windows Azure Active Directory portal, configure user attribute-based filtering

    Correct Answer
    C. Configure user attribute-based filtering by using the Windows Azure Active Directory Sync tool
    Explanation
    To ensure that partner accounts are not synchronized with Office 365, you should configure user attribute-based filtering by using the Windows Azure Active Directory Sync tool. This means that you can set up specific attributes for the partner user accounts in the identity management system, and then configure the sync tool to filter out these accounts based on those attributes. This will prevent the synchronization of partner accounts with Office 365, ensuring that only the desired user accounts are synchronized.

    Rate this question:

  • 27. 

    You are the administrator for a company named Contoso, Ltd. The company has an Office 365 subscription. Your need to prevent users from changing their user display name by using Outlook Web App. What should you do?

    • A.

      Run the Set-MsolCompanyContactInformation cmdlet

    • B.

      Modify the default email address policy

    • C.

      Run the Set-MsolUserPrincipalName cmdlet

    • D.

      Modify the default role assignment policy

    Correct Answer
    D. Modify the default role assignment policy
    Explanation
    To prevent users from changing their user display name using Outlook Web App, you should modify the default role assignment policy. By modifying the default role assignment policy, you can restrict the permissions for users to modify their display name. This will ensure that users do not have the ability to change their display name using Outlook Web App.

    Rate this question:

  • 28. 

    The legal department in your organization creates standardized disclaimers for all of their email messages. The disclaimers explain that any transmissions that are received in error should be reported back to the sender. You track any confidential documents that are attached to email messages. Your security team reports that an employee may have mistakenly sent an email message that contained confidential information. You need to identify whether the email message included the disclaimer and whether it contained confidential information.Which two options should you configure?

    • A.

      Rule matches for received mail

    • B.

      Rule matches for sent mail

    • C.

      DLP policy matches for sent mail

    • D.

      DLP rule matches for sent mail

    • E.

      DLP rule matches for received mail

    Correct Answer(s)
    B. Rule matches for sent mail
    C. DLP policy matches for sent mail
    Explanation
    To identify whether the email message included the disclaimer, you should configure "rule matches for sent mail". This rule will check if the email message contains the standardized disclaimer created by the legal department.

    To identify whether the email message contained confidential information, you should configure "DLP policy matches for sent mail". This policy will scan the email message for any confidential documents attached to it, allowing you to track such documents and take appropriate actions if necessary.

    Rate this question:

  • 29. 

    You are the Office 365 administrator for your company. Users report that they have received significantly more spam messages over the past month than they normally receive.You need to analyze trends for the email messages received over the past 60 days. From the Office 365 admin center, what should you view?

    • A.

      The mail protection reports

    • B.

      The mailbox content search and hold report

    • C.

      Messages on the message center page

    • D.

      The Office 365 Malware detections in sent mail report

    Correct Answer
    A. The mail protection reports
    Explanation
    To analyze trends for the email messages received over the past 60 days and determine the reason for the increase in spam messages, the Office 365 administrator should view the mail protection reports. These reports provide insights into the effectiveness of the mail protection features, including information on spam messages, malware detections, and other security-related metrics. By analyzing these reports, the administrator can identify patterns, trends, and potential issues that may be causing the increase in spam messages.

    Rate this question:

  • 30. 

    Your company uses Office 365. You need to identify which users do NOT have a Microsoft Exchange Online license assigned to their user account.Which PowerShell cmdlet should you use?

    • A.

      Get-ManagementRoleAssignment

    • B.

      Get-User

    • C.

      Get-RoleGroupMember

    • D.

      Get-LogonStatistics

    • E.

      Get-RemovedMailbox

    • F.

      Get-MSOLCOntact

    • G.

      Get-Recipient

    • H.

      Get-Mailbox

    • I.

      Get-Group

    • J.

      Get-MailboxStatistics

    • K.

      Get-MSOLUser

    • L.

      Get-MailContact

    Correct Answer
    K. Get-MSOLUser
    Explanation
    The Get-MSOLUser cmdlet is used to retrieve information about users in Azure Active Directory, including their assigned licenses. By using this cmdlet, you can identify which users do not have a Microsoft Exchange Online license assigned to their user account.

    Rate this question:

  • 31. 

    You are the Office 365 administrator for your company. A user named User1 from a partner organization is permitted to sign in and use the Office 365 services. User1 reports that the password expires in ten days. You must set the password to never expire.Changes must NOT impact any other accounts. You need to update the password policy for the user. Which Windows PowerShell cmdlet should you run?

    • A.

      Set-MsolPasswordPolicy

    • B.

      Set-MsolPartnerInformation

    • C.

      Set-MsolUser

    • D.

      Set-MsolUserPassword

    Correct Answer
    C. Set-MsolUser
    Explanation
    To update the password policy for a specific user in Office 365 without impacting any other accounts, the correct PowerShell cmdlet to run is "Set-MsolUser". This cmdlet allows the Office 365 administrator to modify user properties, including the password policy. By using this cmdlet, the administrator can set the password for User1 to never expire, as required in the scenario.

    Rate this question:

  • 32. 

    An organization deploys an Office 365 tenant. User accounts must be synchronized to Office 365 by using the Windows Azure Active Directory Sync Tool. You have the following password policies:
    • Passwords for the on-premises Active Directory DOmain Services (AD DS) user accounts are at least six characters long
    • Passwords for Office 365 user accounts are at least eight characters long.
    You need to ensure that the user accounts will be synchronized. Which user accounts will be synchronized?

    • A.

      All user accounts

    • B.

      No user accounts

    • C.

      User accounts with a password length of at least 8 characters

    • D.

      User accounts with a password length of at least 14 characters

    Correct Answer
    A. All user accounts
    Explanation
    All user accounts will be synchronized. The Windows Azure Active Directory Sync Tool will synchronize all user accounts, regardless of their password length. The password policies for on-premises Active Directory Domain Services (AD DS) and Office 365 user accounts are not relevant to the synchronization process.

    Rate this question:

  • 33. 

    An organization deploys an Office 365 tenant. The Service Health page displays the following information:What is the current status of Exchange Online and SharePoint Online?

    • A.

      SharePoint Online is available. Exchange Online is available but service is degraded

    • B.

      SharePoint Online is available. Issues with the Exchange Online subscription are under investiagtion

    • C.

      The SharePoint Online subscription is expired. The Exchange Online subscription will expire soon.

    • D.

      The SharePoint Online subscription is expired. Issues with the Exchange Online service are under investigation.

    Correct Answer
    A. SharePoint Online is available. Exchange Online is available but service is degraded
    Explanation
    The current status of Exchange Online is available but the service is degraded. This means that while Exchange Online is still accessible, there may be some performance issues or limitations in its functionality. On the other hand, SharePoint Online is available without any reported issues.

    Rate this question:

  • 34. 

    An organization deploys an Office 365 tenant. The Service Health page displays the following information:What is the earliest date that a post-incident review will be available for SharePointOnline?

    • A.

      November 13

    • B.

      November 21

    • C.

      November 30

    • D.

      December 1

    Correct Answer
    A. November 13
    Explanation
    The earliest date that a post-incident review will be available for SharePoint Online is November 13. This is because it is the first date mentioned in the list of options provided.

    Rate this question:

  • 35. 

    A company named Fabrikam, Inc. is deploying an Office 365 tenant. You install Active Directory Federation Services (AD FS) on a server that runs Windows Server 2012. The company's environment is described in the following table: DescriptionFully Qualified Domain NameCluster DNS Namefs.fabrikam.comServer node in clusterserver1.fabrikam.comServer node in clusterserver2.fabrikam.comYou must obtain a certificate from a certification authority and install it on the federation servers. You need to specify the subject name for the certificate. Which name should you specify? 

    • A.

      Fs.fabrikam.com

    • B.

      Server1.fabrikam.com

    • C.

      Fabrikam.com

    • D.

      Server2.fabrikam.com

    Correct Answer
    A. Fs.fabrikam.com
    Explanation
    The subject name for the certificate should be fs.fabrikam.com. This is because fs.fabrikam.com is the fully qualified domain name (FQDN) that represents the federation servers in the Fabrikam, Inc. environment. The certificate needs to match the FQDN of the server where AD FS is installed in order to establish secure communication between the federation servers and other components of the Office 365 tenant.

    Rate this question:

  • 36. 

    An organization migrates to Office 365. The Office 365 administrator must be notified when Office 365 maintenance activities are planned. You need to configure the administrator's computer to receive the notifications.What should you configure?

    • A.

      Office 365 Management Pack for System Center Operations Manager

    • B.

      Service requests

    • C.

      Service health page

    • D.

      Office 365 Service Health RSS Notifications feed

    Correct Answer
    A. Office 365 Management Pack for System Center Operations Manager
    Explanation
    The Office 365 Management Pack for System Center Operations Manager should be configured to notify the administrator's computer when Office 365 maintenance activities are planned. This management pack integrates Office 365 with System Center Operations Manager, allowing administrators to monitor and manage their Office 365 environment. By configuring this, the administrator will receive notifications about planned maintenance activities, ensuring they are aware of any potential disruptions or downtime.

    Rate this question:

  • 37. 

    Your company deploys an Office 365 tenant. You need to ensure that you can view service health and maintenance reports for the past seven days.What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

    • A.

      Run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Kit

    • B.

      View the service health current status page of the Office 365 admin center

    • C.

      View the service settings page of the Office 365 admin center

    • D.

      Subscribe to the Office 365 Service Health RSS Notifications feed

    Correct Answer(s)
    A. Run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Kit
    B. View the service health current status page of the Office 365 admin center
    Explanation
    To view service health and maintenance reports for the past seven days in Office 365, there are two possible ways. Firstly, you can run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Kit, which provides detailed diagnostic information and logs for troubleshooting purposes. Secondly, you can view the service health current status page of the Office 365 admin center, which displays real-time information about service health and any ongoing maintenance activities. These two methods together allow you to stay informed about the service health and maintenance activities in your Office 365 tenant.

    Rate this question:

  • 38. 

    You are the Office 365 administrator for your company. You need to ensure that trusted applications can decrypt rights-protected content. Which four PowerShell cmdlets should you run?NOTE: On the exam, you will have to know the correct order that these PowerShell cmdlets need to be run.

    • A.

      Import-Module AADRM

    • B.

      Connect-AadrmService

    • C.

      Enable-AadrmSuperUserFeature

    • D.

      Set-AadrmMigrationUrl

    • E.

      Add-AadrmRoleBasedAdministrator

    • F.

      Enable-Aadrm

    Correct Answer(s)
    A. Import-Module AADRM
    B. Connect-AadrmService
    C. Enable-AadrmSuperUserFeature
    D. Set-AadrmMigrationUrl
  • 39. 

    A company deploys an Office 365 tenant. You need to enable multi-factor authentication for Office 365. Which three actions should you perform?NOTE: On the exam, you will need need to know the correct order of these actions.

    • A.

      Enable multi-factor authentication for all user accounts

    • B.

      Instruct users to obtain a single-use password to complete the registration process

    • C.

      Instruct users to use a mobile phone to complete the registration process

    • D.

      Create a multi-factor authentication provider with the Per Enabled User usage model

    • E.

      Creat a multi-factor authentication provider with the Per Authentication usage model

    Correct Answer(s)
    A. Enable multi-factor authentication for all user accounts
    B. Instruct users to obtain a single-use password to complete the registration process
    C. Instruct users to use a mobile pHone to complete the registration process
    Explanation
    To enable multi-factor authentication for Office 365, the first action is to enable it for all user accounts. This ensures that all users will be required to go through the multi-factor authentication process. The second action is to instruct users to obtain a single-use password to complete the registration process. This ensures that users have a unique password that they can use during the registration process. The third action is to instruct users to use a mobile phone to complete the registration process. This ensures that users have a mobile device that they can use for the multi-factor authentication process.

    Rate this question:

  • 40. 

    A company has a Windows Server 2008 domain controller and a SharePoint 2007 farm. All servers on the network run Windows Server 2008. You must provide single sign-on for Office 365 SharePoint sites from the company's network. You need to install the required software.What are the first three things you should install?NOTE: You will need to know the appropriate order for these installations on the exam.

    • A.

      Install .NET Framework 3.5 with Service Pack 1

    • B.

      Install AD FS 2.0

    • C.

      Install Rollup 3 for AD FS 2.0

    • D.

      Install SharePoint Server 2013

    • E.

      Install SharePoint Server 2010 with Service Pack 1

    Correct Answer(s)
    A. Install .NET Framework 3.5 with Service Pack 1
    B. Install AD FS 2.0
    C. Install Rollup 3 for AD FS 2.0
    Explanation
    The first three things that should be installed are .NET Framework 3.5 with Service Pack 1, AD FS 2.0, and Rollup 3 for AD FS 2.0. Installing .NET Framework 3.5 with Service Pack 1 is necessary as it is a prerequisite for AD FS 2.0. AD FS 2.0 is required for single sign-on functionality. Rollup 3 for AD FS 2.0 is important to ensure that any necessary updates and fixes are applied to AD FS 2.0.

    Rate this question:

  • 41. 

    You are the Office 365 administrator for your company. Users report that they cannot sign in to Lync from their mobile devices but they are able to send and receive Lync messages by using their laptop computers. You need to troubleshoot the issue.What should you do?

    • A.

      From the Office 365 message center, confirm Lync settings

    • B.

      Use the Microsoft Connectivity Analyzer tool to confirm settings

    • C.

      Confirm Lync user licenses for the affected users

    • D.

      From the Lync admin center, verify the external access settings

    Correct Answer
    B. Use the Microsoft Connectivity Analyzer tool to confirm settings
    Explanation
    The Microsoft Connectivity Analyzer tool is a useful tool for troubleshooting connectivity issues in Office 365. By using this tool, the administrator can test the Lync settings and determine if there are any issues with the configuration that may be preventing users from signing in to Lync on their mobile devices. This tool can help identify any network or configuration issues that may be causing the problem and provide recommendations for resolving them. Therefore, using the Microsoft Connectivity Analyzer tool to confirm settings is the appropriate action to take in this scenario.

    Rate this question:

  • 42. 

    Your company subscribes to an Office 365 Plan E3. A user named User1 installs Office Professional Plus for Office 365 on a client computer. From the Microsoft Online Services portal, you assign User1 an Office Professional Plus license. One month after installing Office, User1 can no longer save and edit Office documents on the client computer. User1 can open and view Office documents. You need to ensure that User1 can save and edit documents on the client computer by using office.What should you do?

    • A.

      Install the Office Customization Tool

    • B.

      Reinstall Office Professional Plus

    • C.

      Install the Microsoft Online Services Sign-in Assistant

    • D.

      Upgrade the subscription to Plan E4

    Correct Answer
    C. Install the Microsoft Online Services Sign-in Assistant
    Explanation
    The Microsoft Online Services Sign-in Assistant is required for Office Professional Plus to authenticate and connect to the Office 365 services. By installing the Sign-in Assistant, User1 will be able to save and edit Office documents on the client computer again. Reinstalling Office Professional Plus or upgrading the subscription to Plan E4 would not address the issue, and installing the Office Customization Tool is not necessary for resolving this specific problem.

    Rate this question:

  • 43. 

    A company plans to use Office 365 to provide email services for users. You need to ensure that a custom domain name is used.What should you do first?

    • A.

      Add the custom domain name to Office 365 and then verify it

    • B.

      Verify the Existing domain name

    • C.

      Create an MX record in DNS

    • D.

      Create a CNAME record in DNS

    Correct Answer
    A. Add the custom domain name to Office 365 and then verify it
    Explanation
    To ensure that a custom domain name is used in Office 365 for email services, the first step should be to add the custom domain name to Office 365 and then verify it. This allows the company to establish ownership and control over the domain name. Once the domain is added and verified, the necessary DNS records can be created, such as MX records for email routing or CNAME records for domain aliasing. However, these DNS records can only be set up after the domain has been added and verified in Office 365.

    Rate this question:

  • 44. 

    You are the Office 365 administrator for your company. You must use Windows PowerShell to manage cloud identities in Office 365. You must use a computer that runs Windows 8 to perform the management tasks. You need to ensure that the Windows 8 computer has the necessary software installed.What should you install first?

    • A.

      Microsoft Office 365 Best Practices Analyzer for Windows PowerShell

    • B.

      Windows PowerShell 4.0

    • C.

      Remote Server Administrator Tools for Windows

    • D.

      Microsoft Online Services Sign-in Assistant

    Correct Answer
    C. Remote Server Administrator Tools for Windows
    Explanation
    To manage cloud identities in Office 365 using Windows PowerShell on a Windows 8 computer, you need to install the Remote Server Administrator Tools for Windows first. These tools provide the necessary functionality to manage server roles and features remotely from a Windows client computer. Once installed, you can then use Windows PowerShell to perform the management tasks required for Office 365.

    Rate this question:

  • 45. 

    Your company has a subscription to Office 365 for midsize business and enterprises. The company uses Microsoft Lync Online. You need to open ports on the network firewall to enable all of the features of Lync Online.Which port ot ports should you open? Choose all that apply.

    • A.

      Inbound TCP 443

    • B.

      Outbound TCP 5061

    • C.

      Outbound UDP 3478

    • D.

      Outbound TCP 443

    • E.

      Outbound UDP 50000-59999

    • F.

      Inbound TCP 8080

    Correct Answer(s)
    C. Outbound UDP 3478
    D. Outbound TCP 443
    E. Outbound UDP 50000-59999
    Explanation
    To enable all the features of Lync Online, the company needs to open the following ports on the network firewall: outbound UDP 3478, outbound TCP 443, and outbound UDP 50000-59999. These ports are necessary for the proper functioning of Lync Online and allow for communication and data transfer between the Lync client and the Lync servers. Opening these ports will ensure that all the features of Lync Online can be utilized effectively.

    Rate this question:

  • 46. 

    You are the Office 365 administrator for your company. User1 leaves the company. You must delete the account for User1.When you delete the account, when will the Exchange Online mailbox be removed?

    • A.

      Never removed

    • B.

      Removed immediately

    • C.

      Removed after a 30-day grace period

    • D.

      Removed after a 90-day grace period

    Correct Answer
    B. Removed immediately
    Explanation
    When you delete the account for User1, the Exchange Online mailbox will be removed immediately. This means that all the emails, contacts, and other data associated with User1's mailbox will be permanently deleted without any grace period for recovery.

    Rate this question:

  • 47. 

    An organization plans to migrate to Office 365. You need to estimate the post-migration network traffic.Which tool should you use?

    • A.

      Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Kit

    • B.

      Microsoft Network Monitor

    • C.

      Lync 2013 Bandwidth Calculator

    • D.

      Microsoft Remote Connectivity Analyzer

    Correct Answer
    A. Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Kit
    Explanation
    The correct answer is Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Kit. This tool is specifically designed to help organizations diagnose and troubleshoot issues related to Microsoft Online Services, including Office 365. It provides detailed information about network traffic, performance, and connectivity, allowing administrators to estimate the post-migration network traffic accurately. Microsoft Network Monitor is a general-purpose network protocol analyzer and may not provide the specific information required for Office 365 migration. Lync 2013 Bandwidth Calculator is used to estimate network bandwidth requirements for Lync Server 2013 deployments, not Office 365 migrations. Microsoft Remote Connectivity Analyzer is a web-based tool that helps diagnose and troubleshoot connectivity issues with various Microsoft services, but it may not provide the detailed network traffic estimation required for Office 365 migration.

    Rate this question:

  • 48. 

    Your company has a hybrid deployment of Office 365. You need to create a group. The group must have the following characteristics:
    • Group properties are synchronized automatically
    • Group members have the ability to control which users can send email messages to the group
    What should you do?

    • A.

      Create a distribution group and configure the Mail Flow Settings

    • B.

      Create a dynamic distribution group

    • C.

      Create a new role group

    • D.

      Create a distribution group and configure the Membership Approval settings

    Correct Answer
    A. Create a distribution group and configure the Mail Flow Settings
    Explanation
    Creating a distribution group and configuring the Mail Flow Settings allows for automatic synchronization of group properties. Additionally, it provides the ability for group members to control which users can send email messages to the group, fulfilling both requirements mentioned in the question.

    Rate this question:

  • 49. 

    You are the Office 365 administrator for your company. You have a server that runs Windows Server 2012. You plan to install an Active Directory Federation Services (AD FS) proxy server. You need to install and configure all of the required roles.Which two roles should you install and configure?

    • A.

      Web Server (IIS)

    • B.

      AD FS

    • C.

      Application Server

    • D.

      Network Policy and Access Service

    • E.

      Active Directory Certificate Services (AD CS)

    • F.

      Remote Access

    Correct Answer(s)
    A. Web Server (IIS)
    B. AD FS
    Explanation
    You should install and configure the Web Server (IIS) role and the AD FS role. The Web Server (IIS) role is required to host the AD FS proxy server. The AD FS role is necessary to set up and configure the AD FS service, which allows for single sign-on authentication and authorization across different applications and systems. The other roles listed are not directly related to the installation and configuration of an AD FS proxy server.

    Rate this question:

  • 50. 

    You administer the Office 365 environment for a company that has offices around the world. All of the offices use the same Office 365 tenant. You need to ensure that all users can access the services that are available in their regions.Which setting or service should you update?

    • A.

      User location settings

    • B.

      User licenses

    • C.

      Service usage address

    • D.

      Rights management

    Correct Answer
    A. User location settings
    Explanation
    To ensure that all users can access the services available in their regions, you should update the user location settings. By configuring the user location settings, you can specify the region or country for each user in the Office 365 environment. This allows the services to be localized and tailored to the specific needs and regulations of each region, ensuring that users have access to the appropriate services based on their location.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 11, 2014
    Quiz Created by
    Bearxor

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.