MS 500

Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
NO.1 You have a Microsoft 365 subscription.

You are creating a retention policy named Retention1 as shown in the following exhibit.
You apply Retention1 to SharePoint sites and OneDrive accounts.

Use the drop-down menus to select the answer choice that completes each statement based on the
information presented in the graphic.
NOTE: Each correct selection is worth one point.
2 from Freecram.net.
Get Latest & Valid MS-500 Exam's Question and Answers 1
https://www.freecram.net/exam/MS-500-microsoft-365-security-administration-e9791.html
Answer:
NO.2 You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active
Directory (Azure AD) tenant as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-
apps?view=o365-worldwide#when-office-apps-apply-content-marking-and-encryption
NO.3 You need to ensure that unmanaged mobile devices are quarantined when the devices
attempt to connect to Exchange Online.
To complete this task, sign in to the Microsoft 365 portal.
Answer:
You need to configure the Exchange ActiveSync Access Settings.
Go to the Exchange admin center.
Click on Mobile in the left navigation pane.
On the Mobile Device Access page, click the Edit button in the Exchange ActiveSync Access Settings
area.
Select the Quarantine option under When a mobile device that isn't managed by a rule or personal
exemption connects to Exchange.
Optionally, you can configure notifications to be sent to administrators and a message to be sent to
the mobile device user when a device is quarantined.
Click Save to save the changes.
NO.4 You have a Microsoft 365 subscription that contains 50 devices- The devices are enrolled in
Microsoft Endpomt Manager and have Microsoft Defender for Endpoint enabled. You need to
identify devices that have a pending offline scan. What should you do?
A. From the Microsoft Endpoint Manager admin center, review the Detected malware report
B. From the Microsoft 365 Defender portal, review the Threat analytics dashboard
C. From the Microsoft 365 Defender portal, review the Threat & Vulnerability Management
dashboard.
D. From the Microsoft Endpoint Manager admin center, review the Antivirus agent status report.
Answer: C
NO.5 You create an Azure Sentinel workspace.

You configure Azure Sentinel to ingest data from Azure Active Directory (Azure AD).
In the Azure Active Directory admin center, you discover Azure AD Identity Protection alerts. The
Azure Sentinel workspace shows the status as shown in the following exhibit.
In Azure Log Analytics, you can see Azure AD data in the Azure Sentinel workspace.
What should you configure in Azure Sentinel to ensure that incidents are created for detected
threats?
A. data connectors
B. Analytics rules
C. hunting queries
D. workbooks
Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom
NO.6 You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to identify which users can perform the following actions:
Configure a user risk policy.
View the risky users report.
Which users should you identify? To answer, select the appropriate options in the answer area.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-
protection
NO.7 You have a Microsoft 365 ES subscription linked to an Azure Active Directory (Azure AD) tenant
The tenant contains a user named User1 and multiple Windows 10 devices. The deuces are Azure AD
joined and protected by using BitLocker Drive Encryption (BitLocker).
You need to ensure that User1 can perform tip following actions:
View BitLocker recovery keys.
Configure the usage location for the users in tenant.
The solution must use the principle of least privilege.

Which two roles should you assign to User' in the Microsoft 365 admin center? To answer, select the
appropriate roles in the answer are a.
Each correct selection is one point.
Answer:
Intune Admin & User Admin role
NO.8 You have a Microsoft 365 E5 subscription that uses Azure Active Directory (Azure AD)
Privileged identity Management (PIM). A user named User! is eligible for the User Account
Administrator role. You need User! to request to activate the User Account Administrator role. From
where should User1 request to activate the role?
A. the Azure Active Directory admin center
B. the Microsoft 365 admin center
C. the Microsoft 365 Defender portal
D. the My Access portal
Answer: A
NO.9 Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section.
This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a
set of tasks in a live environment. While most functionality will be available to you as it would be in a
live environment, some functionality (e.g., copy and paste, ability to navigate to external websites)
will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't
matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You
can use as much time as you would like to complete each lab. But, you should manage your time
appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in
the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be
able to return to the lab.
Username and password
Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password
below.
Microsoft 365 Username:
admin@LODSe00019@onmicrosoft.com
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308
You need to ensure that all links to malware.contoso.com within documents stored in Microsoft
Office 365 are blocked when the documents are accessed from Office 365 ProPlus applications.
To complete this task, sign in to the Microsoft 365 admin center.
Answer:
1. After signing in to the Microsoft 365 admin center, navigate to Threat management, choose Policy
> Safe Links.
2. In the Policies that apply to the entire organization section, select Default, and then choose Edit
(the Edit button resembles a pencil).
3. In the Block the following URLs section, add the malware.contoso.com link.
4. In the Settings that apply to content except email section, select all the options.
5. Choose Save.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-
policies?view=o365-worldwide
NO.10 You have a Microsoft 365 E5 subscription and an Sentinel workspace named Sentinel1.
You need to launch the Guided investigation - Process Alerts notebooks= in Sentinel.
What should you create first?
A. a Kusto query
B. an Azure Machine learning workspace
C. a Log Analytic workspace
D. an Azure logic app
Answer: B
NO.11 Note: This question is part of series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure
Information Protection.
You add CompanyConfidential to a global policy.
A user protects an email message by using CompanyConfidential and sends the label to several
external recipients. The external recipients report that they cannot open the email message.
You need to ensure that the external recipients can open protected email messages sent to them.
Solution: You create a new label in the global policy and instruct the user to resend the email
message.
Does this meet the goal?
A. No
B. Yes
Answer: B
NO.12 You company has a Microsoft 36S E5 subscription and a hybrid Azure active Directory named
contoso.com.
Contoso.com includes the following users:
You configure Password protection for Contoso.com as shown in the following exhibit.
Answer:

You receive a General Data Protection Regulation (GDPR) request for the custom dictionary of a user.
From the Compliance admin center you need to create a content search.
How should you configure the content search1?
A. Condition: File type Operator: Equals any of Value: dic
B. Condition: Title Operator: Equals any of Value: Normal.dot
C. Condition: Type Operator. Equals any of Value: Office Roaming Service
D. Condition: Type Operator: Equals any of Value: Documents
Answer: C
From the Microsoft 365 admin center, you create a new user.
You plan to assign the Reports reader role to the user.
You need to see the permissions of the Reports reader role.
Which admin center should you use?
A. Cloud App Security
B. Security & Compliance
C. Azure Active Directory
D. Microsoft 365
Answer: C
NO.15 You have a Microsoft 365 E5 subscription.

You create a sensitivity label named Label 1 and publish Label1 to all users and groups.
You have the following files on a computer:
* File1.doc
* File2.docx
* File3.xlsx
* File4.txt
You need to identify which files can have Label1 applied. Which files should you identify?
A. File1.doc. File2.docx. File3.xlsx. a
B. File1 .doc. File2.docx, and File3.xlsx only
C. File2.docx only
D. File2.docx and File3.xlsx only
Answer: B
NO.16 You haw a Microsoft 365 subscription.

You have a Microsoft SharePoint Online site named Site1.
You have a Data Subject Request X>SR1 case named Case' that searches Site1.
You create a new sensitive information type.
You need to ensure that Case1 returns all the documents that contain the new sensitive information
type.
What should you do?
A. From Site1. modify the search dictionary.
B. From the Compliance admin center, create a new Content search.
C. From Site1. initiate a re-indexing of Site1.
D. From the Compliance admin center, create a new Search by ID List.
Answer: C
NO.17 You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are
managed by using Microsoft Intune.
You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will
allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-
premises network.
What should you do first?
A. Enable Application Proxy in Azure AD
B. From the Azure Active Directory admin center, create a new certificate
C. From the Azure Active Directory admin center, configure authentication methods
D. From Active Directory Administrative Center, create a Dynamic Access Control policy
Answer: B
Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/ad-ca-vpn-
connectivitywindows10
NO.18 Your network contains an on-premises Active Directory domain named contoso.com. The
domain contains the groups shown in the following table.
The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the
groups shown in the following table.
You create an Azure Information Protection policy named Policy1.

You need to apply Policy1.
To which groups can you apply Policy1? To answer, select the appropriate options in the answer area
.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/prepare
NO.19 You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD)
tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the
following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they
do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer,
select the appropriate options in the answer area.
Answer:
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-
how-to-configure-security-alerts?tabs=new
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-
how-to-change-default-settings?tabs=new
NO.20 Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some question
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a
lower risk level.
Solution: You configure the sign-in risk policy to block access when the sign-in risk level is high.
A. No
B. Yes
Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-
protection-investigate-risk
NO.21 You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices
are managed by using Microsoft Intune.
You need to enable Windows Defender Exploit Guard (Windows Defender EG) on the devices.
Which type of device configuration profile should you use?
A. Device restrictions
B. Identity protection
C. Endpoint protection
D. Windows Defender ATP
Answer: C
Reference:
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
NO.22 You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a
tower risk level.
Solution: From the Access settings, you select Block access for User1.
A. Yes
B. No
Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-
protection-investigate-risk
NO.23 Which user passwords will User2 be prevented from resetting?

A. User8 only
B. User4 only
C. User7 and User8
D. User6 and User7
E. User4 and User6
Answer: B
NO.24 Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some questions
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed
them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of
User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true
-AdminAuditLogCmdlets *Mailbox* command.
Does that meet the goal?
A. No
B. Yes
Answer: Set-Mailbox -Identity "User1" -Auditenabled $true
Reference:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-
audit/setadminauditlogconfig?view=exchange-ps
NO.25 You have a Microsoft 365 subscription that uses a default domain name of litwareinc.com.
You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.
Answer:
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
NO.26 You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure
AD) tenant named contoso.com. The tenant contains three groups named Group!, Group2. and
Group3 and the users shown in the following table.
You create a new access package as shown in the following exhibit.

You have a Microsoft 365 E5 subscription that uses Microsoft Endpoint Manager. The Compliance
policy settings are configured as shown in the following exhibit.
These settings configure the way the compliance service treats devices. Each device evaluates these
as a "Built-in Device Compliance Policy", which is reflected in device monitoring.
Answer:

You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware.
You need to configure the retention duration for the attachments in quarantine.
Which type of threat management policy should you create from the Security&Compliance admin
center?
A. DKIM
B. Anti-spam
C. Anti-malware
D. ATP anti-phishing
Answer: B
You create a retention policy and apply the policy to Exchange Online mailboxes.
You need to ensure that the retention policy tags can be assigned to mailbox items as soon as
possible.
What should you do?
A. From Exchange Online PowerShell, run Start-RetentionAutoTagLearning
B. From Exchange Online PowerShell, run Start-ManagedFolderAssistant
C. From the Security & Compliance admin center, create a data loss prevention (DLP) policy
D. From the Security & Compliance admin center, create a label policy
Answer: B
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels

MS 500

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MS 500

Uploaded by

Copyright:

Available Formats

Free Exam/Cram Practice Materials - Best Exam Practice Materials

IT Certification Guaranteed, The Easy Way!

NO.1 You have a Microsoft 365 subscription.

You apply Retention1 to SharePoint sites and OneDrive accounts.

NO.5 You create an Azure Sentinel workspace.

The solution must use the principle of least privilege.

Intune Admin & User Admin role

Use the following login credentials as needed:

NO.13 You have a Microsoft 365 subscription.

NO.14 You have a Microsoft 365 subscription.

NO.15 You have a Microsoft 365 E5 subscription.

NO.16 You haw a Microsoft 365 subscription.

You create an Azure Information Protection policy named Policy1.

NO.23 Which user passwords will User2 be prevented from resetting?

You create a new access package as shown in the following exhibit.

NO.27 You have a Microsoft 365 subscription.

NO.28 You have a Microsoft 365 subscription.

You might also like