ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 57 discussion

Actual exam question from Microsoft's MS-100
Question #: 57
Topic #: 4
[All MS-100 Questions]

HOTSPOT -
You have a Microsoft 365 subscription that uses a default domain named litwareinc.com. The subscription has a Microsoft SharePoint site collection named
Collection1.
From the Azure Active Directory admin center, you configure the External collaboration settings as shown in the External Collaboration Settings exhibit.

From the SharePoint admin center, you configure the sharing settings as shown in the SharePoint Sharing exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
In the first exhibit, ג€Deny invitations to the specified domainsג€ is selected and fabrikam.com is listed. This means that no one can send an invitation to fabrikam.com. Therefore, you cannot share the files in Collection1 to [email protected].

Box 2: No -
As noted above, ג€Deny invitations to the specified domainsג€ is selected and fabrikam.com is listed. This means that no one can send an invitation to fabrikam.com.
Therefore, you cannot share Collection1 to [email protected].

Box 3: Yes -
External sharing is enabled for any domain except contoso.com (and fabrikam.com due to the 'deny invitations' setting).
Blocking sharing to contoso.com does not block sharing to us.contoso.com. Therefore, you can share Collection1 to [email protected].
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
by Fegoseen at April 3, 2021, 8:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
melatocaroca
Highly Voted 4 years ago
Wildcard for fabrikan*.com will not work, Wildcards are not supported for domain entries. So Answer IMHO, must be YYY References https://docs.microsoft.com/en-us/sharepoint/restricted-domains-sharing https://docs.microsoft.com/en-us/azure/frontdoor/front-door-wildcard-domain#:~:text=Azure%20DNS%20supports%20wildcard%20records,(from%20the%20wildcard%20domain). https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide
upvoted 17 times
michszym
3 years, 11 months ago
Agree, I've tested it in my tenant, when used wildcard I'm still able to share to that domain.
upvoted 6 times
Azreal_75
3 years, 10 months ago
Meaning the wildcard didn't work in so much that adding a blocked domain of domain*.com didn;t prevent invites being sent to domain1.com? Surely the fact that wildcards are not supported should be sufficient justification in itself for us to assume that the configuration in the 1st exhibit is invalid and wouldn't do anything? I hate the way microsoft does this sort of thing! :D
upvoted 4 times
...
...
ewa_44
2 years, 6 months ago
Wildcards are supported for domain entries under external collaboration settings, which is where they are set in this example. Denying invites to fabrikam*.com will ensure you cannot send invites to fabrikam.com and fabrikam1.com users. Wildcards are not supported in SharePoint domain entries. However, none are used in this question. us.contoso.com is not blocked, only contoso.com is blocked. Therefore answer provided of NNY is correct.
upvoted 3 times
...
...
Fegoseen
Highly Voted 4 years, 3 months ago
The answer is not correct. It should be N-Y-N. Fabrikam1.com is not the same domain as Fabrikam.com. Only Fabrikam.com is blocked. So [email protected] is allowed and can be invited and share collection1. Lastly, us.contoso.com is a subdomain of contoso.com. When you block a top-level domain, it will automatically block the subdomains. However, you can block a subdomain and it would not affect the top-level domain. You could see a reference below https://github.com/MicrosoftDocs/office-docs-powershell/issues/2413
upvoted 13 times
jkklim
3 years, 6 months ago
please go and test before putting up answers here. domain*.com will block invite. Therefore it is NNY
upvoted 13 times
stoneface
3 years, 6 months ago
tested on my tenant, NNY seems the correct answer, correct me if am wrong
upvoted 7 times
...
...
Razuli
4 years, 2 months ago
see the wildcard "*" inside of fabrikam*.com, answer is n, n, y as far as I am aware
upvoted 8 times
...
nzboy123
4 years, 2 months ago
The answer is correct. In the picture, the blocked domain is Fabrikam*.com meaning anything after Fabrikam is blocked, therefore Fabrikam1 is blocked and the user is not able to share.
upvoted 14 times
wonap
4 years, 2 months ago
shouldn't the third be on NO if you can't share with contoso.com?
upvoted 2 times
gladi
4 years, 2 months ago
External sharing is enabled for any domain except contoso.com. Blocking sharing to contoso.com does not block sharing to us.contoso.com. Therefore, you can share Collection1 to [email protected].
upvoted 4 times
...
...
Azreal_75
3 years, 10 months ago
The syntax is incorrect though, wildcards can be used but only to the left of a domain name if separated by a "." to denote a subdomain, or to the right of a domain name of separated by a "/" to denote a path. Either way the syntax in the exhibit is wrong and *should* not work.
upvoted 2 times
...
...
...
thehighlandcow
Most Recent 2 years, 2 months ago
I have just tested this. Edited Azure AD external collaboration settings, blocked domain = gmail*.com - After enabling this, I cannot invite guest users with domain of gmail.com (I know this is not part of the question, but just writing this to confirm what happens) Created site collection and couple test docs. - External sharing setting set to what is shown, only I have blocked sharing to protonmail.com - I can share files to anyone at gmail.com - I cannot share files to anyone at protonmail.com - I can share to email of us.protonmail.com - After sharing file to my gmail account, I received the email and could open the document after signing in with the gmail address used when sharing, and after entering a verification code. Please test yourselves and let me know if I'm wrong here, but from my testing, answers should be YYY
upvoted 1 times
...
Startkabels
2 years, 7 months ago
It is YYY, read the documentation referred to and especially the link in that article to Restricted doman sharing: https://learn.microsoft.com/en-us/sharepoint/restricted-domains-sharing Twice on that page you can read in a purple box: Wildcards are not supported for domain entries. Period, so no need to link to unrelated documentation about tenant allow/block list or whatever cause that is something completely different. Box 1: Yes, cause the Fabrikam*.com entry is invalid Box 2: Yes, cause the Fabrikam*.com entry is invalid Box 3: Yes, cause us.contoso.com should be added seperately
upvoted 2 times
...
reastman66
2 years, 7 months ago
Answers are still correct. Wildcards are supported so a quick test on inviting a guest user worked as described.
upvoted 3 times
...
n0t_a_good_t1m3
2 years, 7 months ago
on exam three days ago
upvoted 3 times
...
qari
2 years, 8 months ago
it must be YYY , according to the exibit invitation for Fabrikam is preventet and sharing for the contoso.
upvoted 1 times
...
Kainzor
2 years, 11 months ago
Answer is: YYY Wildcards are not supported for domain entries, therefore it would work
upvoted 1 times
...
Stiobhan
3 years, 1 month ago
Think we need to pay attention to the link from MallonoX - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#url-syntax-for-the-tenant-allowblock-list Hard to argue with that.
upvoted 1 times
...
Nilz76
3 years, 2 months ago
A similar question to this was in my exam on 06/April/2022. I passed.
upvoted 2 times
...
joergsi
3 years, 5 months ago
The answer is YYY https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#url-syntax-for-the-tenant-allowblock-list - Wildcards (*) are allowed in the following scenarios: A left wildcard must be followed by a period to specify a subdomain. For example, *.contoso.com is allowed; *contoso.com is not allowed. => fabrikam*.com is not allowed! - The tilde (~) character is available in the following scenarios: A left tilde implies a domain and all subdomains. For example ~contoso.com includes contoso.com and *.contoso.com. because the ~ is not been used: => contoso.com would be blocked => us.contoso.com would NOT be blocked!
upvoted 2 times
...
Davidchercm
3 years, 5 months ago
i thought contoso.com is under blocked domain . why is it a yes ?
upvoted 1 times
...
shifaneesa
3 years, 5 months ago
the answer is correct!
upvoted 2 times
...
TashaGirl
3 years, 5 months ago
100% Y N Y In my tenant: gimai*.com is blocked contoso.com is blocked Guest invite sent to: gmail.com IS BLOCKED gimai.com IS ALLOWED (INVITE SENT, USER CREATED) us.contoso.com IS ALLOWED (INVITE SENT, USER CREATED)
upvoted 1 times
TashaGirl
3 years, 5 months ago
Wrong, sorry! Moderator please remove altogether
upvoted 2 times
...
...
FreddyLao
3 years, 6 months ago
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#url-syntax-for-the-tenant-allowblock-list Actually the answer should be Y-Y-N fabrikam*.com is not a valid syntax so 1 & 2 is YES. us.contoso.com is blcoked by contoso.com read the URL entry scenarios carefully
upvoted 2 times
...
davem90
3 years, 7 months ago
N-N-Y is correct, blocking fabrikam*.com means that fabrikam.com and fabrikam1.com are both not allowed. Just test it, easy peasy lemon squeezy!
upvoted 4 times
...
MallonoX_111
3 years, 7 months ago
the fabrikam*.com entry is invalid and would be ignored https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#url-syntax-for-the-tenant-allowblock-list
upvoted 3 times
ewa_44
2 years, 6 months ago
Did you test it because the syntax works just fine.
upvoted 2 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel