We provide 70 346 managing office 365 identities and requirements in two formats. Download PDF & Practice Tests. Pass Microsoft 70-346 Exam quickly & easily. The 70-346 PDF type is available for reading and printing. You can print more and practice many times. With the help of our 70 346 dumps product and material, you can easily pass the 70-346 exam.
Check 70-346 free dumps before getting the full version:
NEW QUESTION 1
Contoso, Ltd. has an Office 365 tenant. The company has two servers named Server1 and Server2 that run Windows 2012 R2 Server. The servers are not joined to the contoso.com domain. Server2 is deployed to the perimeter network. You install Secure Sockets Layer (SSL) certificates on both servers.
You must use Integrated Windows authentication
You need to install and configure all AD FS components in the environment.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation: Box 1: Install and Configure AD FS on Server1. Box 2: Join Server1 to the contoso.com domain
Box 3: Run the following Windows PowerShell cmdlet on Server2: Install-WindowsFeature
Box 4: Run the following Windows PowerShell cmdlet on Server2: Install-WebApplicationproxy
Prepare the Base Servers Box 1, Box 2: AD FS Server
Box 3, Box 4: AD FS Proxy Server
Once the necessary WAP role services are installed, we are then able to launch the Web Application Proxy Wizard to configure WAP.
NEW QUESTION 2
You are an administrator for a company. You are planning an Office 365 pilot. The current environment has servers that run Windows Server 2012. There is no budget to upgrade the servers.
You add an external DNS record for Active Directory Federation Services (AD FS). You must implement a single sign-on (SSO) solution for users to access the Office 365 resources. You must deploy the AD FS components with the following requirements:
Loss of a single server must not prevent any authentication request or management function.
Users must be able to access the Office 365 environment from their home computers by using their corporate credentials.
Any modifications to service configurations must be made after servers are deployed. You need to deploy AD FS.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NEW QUESTION 3
A company has 50 employees that use Office 365.
You need to enforce password complexity requirements for all accounts.
How should you complete the relevant Windows PowerShell command? To answer, drag the appropriate Windows PowerShell segment to the correct location in the answer area. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation: We use Get –MsolUser to get all users. We then enforce strong password complexity to each of these users through StrongPassWordRequired parameter of the Set –MsolUser command. The output of get command is used in the set command through the concatenating function (the symbol |).
Box 1: -MsolUser
The Get-MsolUser cmdlet can be used to retrieve an individual user, or list of users. An individual user will be retrieved if the ObjectId or UserPrincipalName parameter is used. Box 2: MsolUser
The Set-MsolUser cmdlet is used to update a user object. This cmdlet should be used for basic properties only. Parameter: -StrongPasswordRequired <Boolean>
Sets whether or not the user requires a strong password.
NEW QUESTION 4
You plan to deploy an Office 365 tenant to multiple offices around the country.
You need to modify the accounts that are authorized to administer the Rights Management service. Which Windows PowerShell cmdlet should you run?
- A. Enable-AadrmSuperUserFeature
- B. Add-MsolGroupMember
- C. Add-AadrmRoleBasedAdministrator
- D. Get-AadrmRoleBasedAdministrator
Explanation: The Get-AadrmRoleBasedAdministrator cmdlet lists the role-based administrators for Azure Rights Management.
NEW QUESTION 5
An organization with an Active Directory Domain Services (AD DS) domain migrates to Office 365. You need to manage Office 365 from a domain-joined Windows Server 2012 Core server.
Which three components should you install? Each answer presents part of the solution.
- A. Azure Active Directory module for Windows PowerShell
- B. Microsoft .NET Framework 3.5
- C. Microsoft Office 365 Integration Module for Windows Small Business Server 2011 Essentials
- D. Microsoft .NET Framework 4.0
- E. Microsoft Online Services Sign-in Assistant
- F. Rights Management module for Windows PowerShell
Explanation: You can use Windows PowerShell to administer Office 365 and Azure Active Directory. However, the default installation of Windows PowerShell on Windows Server 2012 (or any other version of Windows) does not include the PowerShell cmdlets required to manage Office 365 or Azure Active Directory.
You need to install the PowerShell module that includes the necessary cmdlets for managing Azure Active Directory. This module is the Windows Azure Active Directory Module for Windows PowerShell module. This module also requires that Microsoft .NET Framework 3.5 is installed and enabled.
Before the Windows Azure Active Directory Module for Windows PowerShell, can be installed, the Microsoft Online Services Sign-in Assistant must be installed. This will allow you to connect to your Office 365/Azure subscription from a PowerShell session on a remote computer.
NEW QUESTION 6
You are the Office 365 administrator for your company. The company has a single office. You have the following requirements:
You must configure a redundant Active Directory Federation Services (AD FS) implementation.
You must use a Windows Internal Database to store AD FS configuration data.
The solution must use a custom login page for external users.
The solution must use single sign-on for internal users.
You need to deploy the minimum number of servers. How many servers should you deploy?
- A. 2
- B. 4
- C. 6
- D. 16
Explanation: To provide redundancy, we would need to create AD FS farms with at least two servers. This can be used to allow internal users to use single sign-on (SSO).
As we are using Windows Internal Database (WIM) to store AD FS configuration data, we do not need any additional servers for the database as WIM is included in Windows Server 2008 and later versions. Redundancy for WIM is possible when an AD FS farm is set up.
To support external users, we would need to set up an AD FS proxy server. In order to provide redundancy we would need to set up an AD FS proxy farm. This would require a minimum of 2 more servers.
The custom login page for external users can be created on the AD FS proxy server, which the external users would access. There is thus no need for additional servers.
Thus the minimum number of server we would require is four: two for the AD FS farm and two for the AD FS proxy farm.
NEW QUESTION 7
You are planning an Office 365 pilot.
You need to ensure that the environment is ready for Office 365. Which tool should you use?
- A. Microsoft Connectivity Analyzer
- B. Office 365 Best Practices Analyzer
- C. Remote Connectivity Analyzer
- D. Office 365 Health, Readiness, and Connectivity Checks
Explanation: Running Office 365 Health, Readiness, and Connectivity Checks prior to setting up Office 365 allows you to make sure that your environment is prepared for the Office 365 services. It can find settings in your existing environment that might cause problems when you start to set up or use your services. This will allow you to fix or work around the potential problems to make your deployment path easier to complete.
NEW QUESTION 8
You have an Office 365 subscription.
The Office 365 organization contains 500 users.
You need to identify the following users in the organization:
users who have Litigation Hold enabled
users who receive the most spam email messages
users who have mailboxes that were accesses by an administrator
Which type of report should you review to identify each type of user? To answer, drag the appropriate reports to the correct types of users. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation: The Azure AD Connect server must have .NET Framework 4.5.1 or later and Microsoft PowerShell 3.0 or later installed.
Azure AD Connect requires a SQL Server database to store identity data. SQL Server Express has a 10 GB size limit that enables you to manage approximately 100,000 objects.
NEW QUESTION 9
Your company has an Office 365 subscription that is configured for single sign-on (SSO) to an on-premises deployment of Active Directory.
Office 2016 is deployed to all workstations. Microsoft OneDrive for Business is used to replicate My Documents to OneDrive for Business.
You need to ensure that when clients connect to Office 365 from an untrusted network, they can access Office 365 resources by using a web browser.
Which two actions should you perform? Each correct answer presents part of the solution.
- A. Modify the Sharing settings for SharePoint Online.
- B. Disable modern authentication.
- C. Add a claims provider trust.
- D. Add a relying party trust.
- E. Add a new rule.
Explanation: B: In Skype for Business Server 2015, Modern Authentication is used between on-premises clients and on-premises servers in order to give users a proper level of authorization to resources.
C: A Claims Provider trust is one where ADFS gets claims from the Claim Provider, which could be the local AD as Claims Provider or an external Claims Provider.
NEW QUESTION 10
You have an Office 365 subscription.
The Office 365 organization contains five temporary administrators. The administrators are members of multiple role groups.
You need to create a script that prevents the temporary administrators from performing administrative tasks from the Office 365 admin center. The solution must meet the following requirements:
Release the Office 365 licenses assigned to the temporary administrators.
Which cmdlet should you run? To answer, select the appropriate options in the answer area.
Explanation: The Set-MsolUserLicense cmdlet can be used to adjust the licenses for a user. This can include adding a new license, removing a license, updating the license options, or any combination of these actions.
The following command removes the for enterprises license from the user. This may result in the user's data being removed from each service.
Set-MsolUserLicense -UserPrincipalName firstname.lastname@example.org -RemoveLicenses "contoso:ENTERPRISEPACK"
NEW QUESTION 11
A company deploys an Office 365 tenant. All employees use Skype for Business Online. You need to configure the network firewall to support Skype for Business Online.
Which ports must you open? To answer, drag the appropriate port number to the correct feature or features. Each port number may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation: Transport Control Protocol (TCP), User Datagram Protocol (UDP) ports, and Protocol Numbers are important to TCP/IP networking, intranets, and the Internet. Ports and protocol numbers provide access to a host computer. However, they also create a security hazard by allowing uninvited access. Therefore, knowing which port to allow or disable increases a network's security. If the wrong ports or protocol numbers are disabled on a firewall, router, or proxy server as a security measure, essential services might become unavailable.
Port 443 is used for Audio, video and application sharing sessions as well as data sharing sessions - For HTTPS.
Port 5223 is used for mobile push notifications - Extensible Messaging and Presence Protocol (XMPP) client connection over SSL.
NEW QUESTION 12
You deploy Office 365.
All the members of a team named Sales have full access to a shared mailbox named Sales. You enable auditing for all shared mailboxes.
From the Sales mailbox, an email message that contains inappropriate content is sent. You need to identify which user sent the message.
What should you do?
- A. From the Exchange Control Panel, run an administrator role group report.
- B. From Windows PowerShell, run the Get-SharingPolicy cmdlet.
- C. From Windows PowerShell, run the Write-AdminAuditLog cmdlet.
- D. From Windows PowerShell, run the New-MailboxAuditLogSearch cmdlet.
Explanation: By process of elimination:
The Write-AdminAuditLog cmdlet will write a comment to the administrator audit log. The Get-SharingPolicy cmdlet allows you to view the settings of sharing policies
The administrator role group report in EOP will list changes to the management role groups within a particular time frame.
The New-MailboxAuditLogSearch cmdlet performs an async search of mailbox audit logs for the specified mailboxes and sends the search results by email to the specified recipients.
NEW QUESTION 13
You are the Office 365 administrator for your company.
You must configure a trust between the on-premises Active Directory domain and the Office 365 environment by using Active Directory Federation Services.
You need to assign the correct certificate to the description of your on-premises server environment below. Which certificate types should you assign? To answer, drag the appropriate certificate type to the correct test
description. Each certificate type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation: Certificates are used to secure communications between federation servers, Web Application Proxies, federation server proxies, the cloud service, and web clients.
A Secure Sockets Layer (SSL) certificate is used to secure communications between federation servers, clients, Web Application Proxy, and federation server proxy computers.
A Token-signing certificate is a standard X.509 certificate that is used to securely sign all tokens that the federation server issues and that the cloud service will accept and validate.
NEW QUESTION 14
You are the Office 365 administrator for your company. You audit the Windows Azure Active Directory Rights Management configuration for the company.
You need to view a log of the recent administrative commands performed against the Microsoft Rights Management Service.
Which three Windows PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of actions to the answer area and arrange them in the correct order.
Explanation: Although you can activate Azure Rights Management by using the Office 365 admin center or the
Azure Management Portal, you can also use the Windows PowerShell module for Azure Rights Management to do this. First we active Azure Rights Management by import it through Import-AadrmTpd, then we connect to the service with Connect-AadrmService, and finally we generate the log with Get-AadrmAdminLog.
Step 1: The Import-AadrmTpd cmdlet imports an Active Directory Rights Management Services (AD RMS) trusted publishing domain (TPD) over the Internet into your tenant for Azure Rights Management so that you can migrate Rights Management from on-premises to the cloud.
Step 2: The Connect-AadrmService cmdlet connects you to the Azure Rights Management service. This cmdlet can also be used by a partner company that manages your tenant.
Connect by using this cmdlet before you configure Rights Management by using other cmdlets in this module. Step 3: The Get-AadrmAdminLog cmdlet generates logs for all Rights Management administrative
NEW QUESTION 15
You are the system administrator for a company named Fabrikam, Inc. You implement Office 365. You need to modify settings for the Office 365 tenant. Which action can you perform?
- A. Modify the custom domain of fabrikam.com.
- B. Modify the Microsoft Teams URL
- C. Rename the fabrikam.onmicrosoft.com domain name.
- D. Remove the fabrikam.onmicrosoft.com domain name.
NEW QUESTION 16
You have a SharePoint Online tenant. A user named User1 manages several site collections. User1 must be able to view the following information for the site collections:
a list of side administrators
the number of subsites in a site collection
storage and usage quotas
You need to ensure that User1 can view the requested reports while minimizing the privileges that you grant to User1.
Which two permission levels can you assign to User1? Each correct answer presents a complete solution.
- A. Global admin
- B. SharePoint Online admin
- C. Site Collection admin
- D. Site admin
- E. User management admin
- F. Service admin
Explanation: C: The Site collection administrator has permissions to manage a site collection.
B: Here are some of the key tasks users can do when they are assigned to the SharePoint Online admin role:
Create site collections
Manage site collections and global settings
Assign site collection administrators to manage site collections
Manage site collection storage limits
Manage SharePoint Online user profiles
NEW QUESTION 17
Your company uses Office 365 and has an Enterprise E3 plan. The company has a Microsoft SharePoint Online public website that is currently configured to use the onmicrosoft.com domain name.
The company purchases a new domain name.
You need to change the address of the SharePoint Online public website to the new domain name. What should you do first?
- A. In the SharePoint Online Administration Center, add the new domain.
- B. In the Office 365 admin center, add the new domain.
- C. Create a new site collection and assign it the new domain.
- D. Create a new public website and assign it to the new domain.
Explanation: If you go to the SharePoint Online Administration Center and click the "Add Domain" button it takes you to the same location as if you would have clicked the "Domains" -> "Add domain" option from the Office 365 admin center.
So either A or B is technically correct, but if I had to choose one of the two I would select B. References:
100% Valid and Newest Version 70-346 Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/70-346/ (New 356 Q&As)