Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A company plans to deploy an Office 365 tenant. You have two servers named FS1 and FS2 that have the Federation Service Proxy role service installed.
You must deploy Active Directory Federation Services (AD FS) on Windows Server 2012.
You need to configure name resolution for FS1 and FS2.
What should you do?
A. On FS1 and FS2, add the cluster DNS name and IP address of the federation server farm to the hosts file.
B. On FS1 only, add the cluster DNS name and IP address of the federation server farm to the hosts file.
C. On FS1 only, add the cluster NetBIOS name and IP address of the federation server farm to the LMHOSTS file.
D. On FS1 and FS2, add the cluster NetBIOS name and IP address of the federation server farm to the LMHOSTS file.
Answer: A
Q2. An organization with an Active Directory Domain Services (AD DS) domain migrates to Office 365. You need to manage Office 365 from a domain-joined Windows Server 2012 Core server.
Which three components should you install? Each answer presents part of the solution.
A. Windows Azure Active Directory module for Windows PowerShell
B. Microsoft .NET Framework 3.5
C. Microsoft Office 365 Integration Module for Windows Small Business Server 2011 Essentials
D. Microsoft .NET Framework 4.0
E. Microsoft Online Services Sign-in Assistant
F. Rights Management module for Windows PowerShell
Answer: A,B,E
Q3. You are the Office 365 administrator for your company.
Users report that they cannot sign in to Lync from their mobile devices, but they are able to
send and receive Lync messages by using their laptop computers.
You need to troubleshoot the issue.
What should you do?
A. From the Office 365 message center, confirm Lync settings.
B. Use the Microsoft Connectivity Analyzer tool to confirm settings.
C. Confirm Lync user licenses for the affected users.
D. From the Lync admin center, verify the external access settings.
Answer: B
Q4. You have an Office 365 tenant that uses an Enterprise E3 subscription. You activate Azure
Rights Management for the tenant.
You must test the service with the Development security group before you deploy Azure
Rights Management for all users.
You need to enable Azure Rights Management for only the Development security group. Which Windows PowerShell cmdlet should you run?
A. Enable-Aadrm
B. New-AadrmRightsDefinition
C. Enable-AadrmSuperUserFeature
D. Add-AadrmSuperUser
E. Set-AadrmOnboardingControlPolicy
Answer: E
Explanation:
The Set-AadrmOnboardingControlPolicy cmdlet sets the policy that controls user on-boarding for Azure Rights Management. This cmdlet supports a gradual deployment by controlling which users in your organization can protect content by using Azure Rights Management.
Example:
Restrict Azure RMS to users who are members of a specified group This command allows only users that are members of the security group with the specified object ID to protect content by using Azure Rights Management. The command applies to Windows clients and mobile devices.
Windows PowerShell
PS C:\> Set-AadrmOnboardingControlPolicy -UseRmsUserLicense $False -SecurityGroupObjectId "f
Reference: Set-AadrmOnboardingControlPolicy
https://msdn.microsoft.com/en-us/library/dn857521.aspx
Q5. You are the Office 365 administrator for your company. A user named User1 from a partner organization is permitted to sign in and use the Office 365 services. User1 reports that the password expires in ten days. You must set the password to never expire. Changes must NOT impact any other accounts.
You need to update the password policy for the user.
Which Windows PowerShell cmdlet should you run?
A. Set-MsolPasswordPolicy
B. Set-MsolPartnerlnformation
C. Set-MsolUser
D. Set-MsolUserPassword
Answer: C
Explanation:
Reference:
http://onlinehelp.microsoft.com/en-ca/office365-enterprises/hh534387.aspx
Q6. DRAG DROP
A company deploys an Office 365 tenant.
All employees in the human resources (HR) department must use multi-factor authentication. They must use only the Microsoft Outlook client to access their email messages. User1 joins the HR department.
You need to help User1 configure his account.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q7. You are the Office 365 administrator for your company. The company synchronizes the local Active Directory objects with a central identity management system.
The environment has the following characteristics:
Each department has its own organizational unit (OU).
The company has OU hierarchies for partner user accounts.
All user accounts are maintained by the identity management system.
You need to ensure that partner accounts are NOT synchronized with Office 365.
What should you do?
A. Configure OU-based filtering by using the Windows Azure Active Directory Sync tool.
B. In the Windows Azure Active Directory portal, configure OU-based filtering.
C. Configure user attribute-based filtering by using the Windows Azure Active Directory Sync tool.
D. In the Windows Azure Active Directory portal, configure user attribute-based filtering.
Answer: A
Explanation:
Reference: http://technet.microsoft.com/en-us/library/jj710171.aspx
Company has OU hierarchies for partner user accounts so OU-based filtering should be fine.
Q8. You are the Office 365 administrator for your company.
Users report that they have received significantly more spam messages over the past month than they normally receive.
You need to analyze trends for the email messages received over the past 60 days.
From the Office 365 admin center, what should you view?
A. Messages on the Service health page
B. The Received mail report
C. The Office 365 Malware detections in sent mail report
D. The Mailbox content search and hold report
Answer: A
Q9. You are the Office 365 administrator for your company. You have a workstation that runs Windows 8.
You need to install the prerequisite components so that you can view mail protection reports on the workstation.
Which two items must you install? Each correct answer presents part of the solution.
A. SQL Server Analysis Services
B. Microsoft Connectivity Analyzer Tool
C. Microsoft Access 2013
D. .NET Framework 4.5
E. Microsoft Excel 2013
Answer: D,E
Explanation:
Reference: http://www.microsoft.com/en-gb/download/details.aspx?id=30716
Required Software:
Microsoft Office Excel 2013
1.Microsoft .NET Framework 4.5
2.Microsoft Online Services Sign-In Assistant (for Exchange Online Protection customersonly)
3.An Office 365 subscription that contains Exchange Online or Exchange Online Protection
4.Email address you use to sign in to Office 365.
Q10. DRAG DROP
You implement Office 365 for an organization.
You must create the correct DNS entries needed to configure Office 365.
Which DNS entries should you create? To answer, drag the appropriate DNS record type to the correct purpose. Each DNS record type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q11. A company has an Office 365 tenant that has an Enterprise E1 subscription. The company has offices in several different countries.
You need to restrict Office 365 services for existing users by location.
Which Windows PowerShell cmdlet should you run?
A. Set-MsolUser
B. Redo-MsolProvisionUser
C. Set-MsolUserLicense
D. Set-MsolUserPrincipalName
E. Convert-MsolFederatedUser
F. Set-MailUser
G. Set-LinkedUser
H. New-MsolUser
Answer: A
Explanation:
The Set-MsolUser cmdlet is used to update a user object.
Example: The following command sets the location (country) of this user. The country must be a two-letter ISO code. This can be set for synced users as well as managed users. Set-MsolUser -UserPrincipalName user@contoso.com -UsageLocation "CA"
Note: Some organizations may want to create policies that limit access to Microsoft Office 365 services, depending on where the client resides. Active Directory Federation Services (AD FS) 2.0 provides a way for organizations to configure these types of policies. Office 365 customers using Single Sign-On (SSO) who require these policies can now use client access policy rules to restrict access based on the location of the computer or device that is making the request. Customers using Microsoft Online Services cloud User IDs cannot implement these restrictions at this time.
Reference: Limiting Access to Office 365 Services Based on the Location of the Client
https://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx
Reference: Set-MsolUser
https://msdn.microsoft.com/en-us/library/azure/dn194136.aspx
Q12. DRAG DROP
A company has 50 employees that use Office 365.
You need to enforce password complexity requirements for all accounts.
How should you complete the relevant Windows PowerShell command? To answer, drag the appropriate Windows PowerShell segment to the correct location or locations. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q13. A company has an Office 365 tenant that has an Enterprise E1 subscription.
You use single sign-on for all user accounts. You plan to migrate all services to Office 365.
You need to ensure that all accounts use standard authentication.
Which Windows PowerShell cmdlet should you run?
A. Set-MsolUser
B. Redo-MsolProvisionUser
C. Set-MsolUserLicense
D. Set-MsolUserPrincipalName
E. Convert-MsolFederatedUser
F. Set-MailUser
G. Set-LinkedUser
H. New-MsolUser
Answer: E
Explanation:
The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type.
Reference: Convert-MsolFederatedUser
https://msdn.microsoft.com/sv-se/library/azure/dn194101.aspx
Q14. HOTSPOT
The legal department in your organization creates standardized disclaimers for all of their email messages. The disclaimers explain that any transmissions that are received in error should be reported back to the sender. You track any confidential documents that are attached to email messages.
Your security team reports that an employee may have mistakenly sent an email message that contained confidential information.
You need to identify whether the email message included the disclaimer and whether it contained confidential information.
Which two options should you configure? To answer, select the appropriate objects in the answer area.
Answer:
Q15. DRAG DROP
A company deploys an Office 365 tenant. You install the Active Directory Federation Services (AD FS) server role on a server that runs Windows Server 2012. You install and configure the Federation Service Proxy role service. Users sign in by using the Security Assertion Markup Language (SAML) protocol.
You need to customize the sign-in pages for Office 365.
Which pages should you customize? To answer, drag the appropriate page to the correct customization. Each page may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q16. You are the Office 365 administrator for your company.
The environment must support single sign-on.
You need to install the required certificates.
Which two certificates should you install? Each correct answer presents part of the solution.
A. Secure Sockets Layer (SSL)
B. Privacy-enhanced mail (PEM)
C. Token signing
D. Personal
E. Software publisher
Answer: A,C
Q17. HOTSPOT
You are the SharePoint Online administrator for Contoso, Ltd. The company purchases an Office 365 Enterprise El plan.
The public-facing website must use SharePoint Online and the custom domain contoso.com.
You need to configure the DNS settings for the public-facing SharePoint site.
How should you configure the DNS settings? Select the appropriate options from each list in the answer area.
Answer:
Q18. You have an Exchange Online tenant. You must identify mailboxes that are no longer in use.
You need to locate the inactive mailboxes.
Which Windows PowerShell command should you run?
A. Get-StaleMailboxReport-StartDate
B. Get-MailboxActivityReport-Organization
C. Get-MailboxActivityReport-Expression
D. Get-MailboxActivityReport-EndDate
Answer: A
Explanation:
Use the Get-StaleMailboxDetailReport cmdlet to view mailboxes that haven't been
accessed for at least 30 days.
The StartDate parameter specifies the start date of the date range.
Reference: Get-StaleMailboxDetailReport https://technet.microsoft.com/en-us/library/jj200715(v=exchg.150).aspx