- (Exam Topic 5)
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
You need to identify which users can perform the following administrative tasks: 
Reset the password of User4. Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1:
A Password Administrator or a User Administrator can reset the password non-administrative users.
Box 2: A User Administrator can configure other attributes such as the Manager attribute of non-administrative users.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You have a Microsoft 365 tenant that contains the users shown in the following table.
Microsoft Exchange Online has the mail flow rules shown in the following table
Rule1 has the following settings:
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
You need to configure just in time access to meet the technical requirements. What should you use?
Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure joergsi 5 months, 1 week ago
Privileged access management
The effectiveness of an information protection strategy depends on how secure the administrative accounts used to manage that strategy are. If accounts that can be used to configure and manage an information protection strategy are not properly secured, then the information protection strategy itself can be easily compromised.
Privileged access management enables you to configure policies that apply
=> just-in-time administrative principles to sensitive administrative roles.
For example, if someone needs temporary access to configure an information protection policy, that person would need to go through an approval process to obtain the necessary set of rights instead of having an Azure Active Directory (Azure AD) account with those rights permanently assigned.
Thomas, Orin. Exam Ref MS-100 Microsoft 365 Identity and Services (S.10). Pearson Education. Kindle-Version.
- (Exam Topic 5)
You are developing a single-page application (SPA) that authenticates users by using MSALjs. The SPA must meet the following requirements:
• Only allow access to the users in an organization named contoso.onmicrosoft.com.
• Support single sign-on (SSO) across tabs and user sessions.
How should you complete the code for the SPA? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
Your network contains two on-premises Active Directory forests named contoso.com and fabrikam.com. Fabrikam.com contains one domain and five domain controllers. Contoso.com contains the domains shown in the following table.
You need to sync all the users from both the forests to a single Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
What is the minimum number of Azure AD Connect sync servers required?
Correct Answer:
A
You can have only one active Azure AD Connect server synchronizing accounts to a single Azure Active Directory (Azure AD) tenant. You can have ‘backup’ Azure AD Connect servers, but these must be running in ‘staging’ mode. Staging mode means the Azure AD Connect instance is not actively synchronizing users but is ready to be bought online if the active Azure AD Connect instance goes offline.
When you have multiple forests, all forests must be reachable by a single Azure AD Connect sync server. The server must be joined to a domain. If necessary, to reach all forests, you can place the server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet).
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-single-
