Tested Material Used To MS-500 Test Engine Exam Questions in here [Aug-2021]
Penetration testers simulate MS-500 exam PDF
NEW QUESTION 129
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
User1 will receive the two alerts classified as medium or higher.
Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 2: No
User2 will receive the two alerts classified as medium or higher.
Email alerts are sent to all global admins, security admins and security readers Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 3: No
User3 will not receive alters.
Email alerts are sent to all global admins, security admins and security readers.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-r
NEW QUESTION 130
You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answerpresents part of the solution.
NOTE:Each correct selection is worth one point.
- A. From the SharePoint & Compliance admin center, create a label.
- B. From the SharePoint admin center, modify the Site Settings.
- C. From the SharePoint admin center, modify the records management settings.
- D. From the Security & Compliance admin center, publish a label.
- E. From the Cloud App Security admin center, create a file policy.
Answer: A,D
Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/protect-sharepoint-online-files-with-office-365-
NEW QUESTION 131
You have a Microsoft 365 subscription.
You enable auditing for the subscription.
You plan to provide a user named Auditor with the ability to review audit logs.
You add Auditor to the Global administrator role group.
Several days later, you discover that Auditor disabled auditing.
You remove Auditor from the Global administrator role group and enable auditing.
- A. Security operator
- B. Security administrator
- C. Compliance administrator
- D. Security reader
Answer: C
NEW QUESTION 132
You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 133
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. OneDrive stores files that are shared with external users. The files are configured as shown in the following table.
You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:
* Rulel:
* Conditions: Label 1, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 0
* Rule2:
* Conditions: Label 1 or Label2
* Actions: Restrict access to the content
* Priority: 1
* Rule3:
* Conditions: Label2, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 134
You have a Microsoft 365 subscription.
You have a Microsoft SharePoint Online site named Site1.
The files in Site1 are protected by using Microsoft Azure Information Protection.
From the Security & Compliance admin center, you create a label that designates personal data.
You need to auto-apply the new label to all the content in Site1.
What should you do first?
- A. From PowerShell, run Set-ManagedContentSettings.
- B. Remove Azure Information Protection from the Site1 files.
- C. From the Security & Compliance admin center, create a Data Subject Request (DSR).
- D. From PowerShell, run Set-ComplianceTag.
Answer: B
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/apply-labels-to-personal-data-in-office-365
NEW QUESTION 135
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that each user can join up to five devices to Azure Active Directory (Azure AD).
To complete this task, sign in to the Microsoft Office 365 admin center.
Answer:
Explanation:
See explanation below.
* After signing into the Microsoft 365 admin center, click Admin centers > Azure Active Directory > Devices.
* Navigate to Device Settings.
* Set the Users may join devices to Azure AD setting to All.
* Set the Additional local administrators on Azure AD joined devices setting to None.
* Set the Users may register
* Leave the Require Multi-Factor Auth to join devices setting on it default setting.
* Set the Maximum number of devices
* Set the Users may sync settings and app data across devices All.
* Click the Save button at the top left of the screen.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
https://docs.microsoft.com/en-us/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365?v
NEW QUESTION 136
You have a Microsoft 365 subscription.
You need to create data loss prevention (DLP) queries in Microsoft SharePoint Online to find sensitive data stored in sites.
Which type of site collection should you create first?
- A. Enterprise Search Center
- B. Document Center
- C. eDiscovery Center
- D. Records Center
Answer: C
Explanation:
Explanation/Reference:
https://support.office.com/en-us/article/overview-of-data-loss-prevention-in-sharepoint-server-2016-80f907bb- b944-448d-b83d-8fec4abcc24c
NEW QUESTION 137
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that group owners renew their Office 365 groups every 180 days.
To complete this task, sign in to the Microsoft Office 365 admin center.
Answer:
Explanation:
Set group expiration
1. Open the Azure AD admin center with an account that is a global administrator in your Azure AD organization.
2. Select Groups, then select Expiration to open the expiration settings.
3. On the Expiration page, you can:
* Set the group lifetime in days. You could select one of the preset values, or a custom value (should be
31 days or more).
* Specify an email address where the renewal and expiration notifications should be sent when a group has no owner.
* Select which Office 365 groups expire. You can set expiration for:
* All Office 365 groups
* A list of Selected Office 365 groups
* None to restrict expiration for all groups
Save your settings when you're done by selecting Save.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-lifecycle
NEW QUESTION 138
You have a Microsoft 365 subscription that contains 1,000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You assign the eDiscovery Manager role to Admin1, and then create an eDiscovery case.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
References:
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019
NEW QUESTION 139
You need to recommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 140
You have a Microsoft 365 subscription.
You create a retention policy and apply the policy to Exchange Online mailboxes.
You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible.
What should you do?
- A. From Exchange Online PowerShell, run Start-RetentionAutoTagLearning
- B. From the Security & Compliance admin center, create a label policy
- C. From the Security & Compliance admin center, create a data loss prevention (DLP) policy
- D. From Exchange Online PowerShell, run Start-ManagedFolderAssistant
Answer: B
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
NEW QUESTION 141
You view Compliance Manager as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud
NEW QUESTION 142
You have a Microsoft 365 subscription.
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and syncing files.
What should you do?
- A. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy
- B. Run the Set-SPOTenant cmdlet and specify the -ConditionalAccessPolicy parameter.
- C. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
- D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy
Answer: B
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps
https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
NEW QUESTION 143
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback
NEW QUESTION 144
You have a Microsoft 365 E5 subscription.
All computers run Windows 10 and are onboarded to Windows Defender Advanced Threat Protection (Windows Defender ATP).
You create a Windows Defender machine group named MachineGroupl.
You need to enable delegation for the security settings of the computers in MachineGroupl.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
NEW QUESTION 145
You are evaluating which finance department users will be prompted for Azure MFA credentials.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 146
You need to recommend a solution for the user administrators that meets the security requirements for auditing.
Which blade should you recommend using from the Azure Active Directory admin center?
- A. Azure AD Identity Protection
- B. Authentication methods
- C. Access review
- D. Sign-ins
Answer: D
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
Topic 1, Fabrikam inc.
Overview
Fabrikam, Inc. is manufacturing company that sells products through partner retail stores. Fabrikam has 5,000 employees located in offices throughout Europe.
Existing Environment
Network Infrastructure
The network contains an Active Directory forest named fabrikam.com. Fabrikam has a hybrid Microsoft Azure Active Directory (Azure AD) environment.
The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription.
Problem Statements
Fabrikam identifies the following issues:
* Since last Friday, the IT team has been receiving automated email messages that contain "Unhealthy Identity Synchronization Notification" in the subject line.
* Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming.
Requirements
Planned Changes
Fabrikam plans to implement the following changes:
* Fabrikam plans to monitor and investigate suspicious sign-ins to Active Directory
* Fabrikam plans to provide partners with access to some of the data stored in Microsoft 365 Application Administration Fabrikam identifies the following application requirements for managing workload applications:
* User administrators will work from different countries
* User administrators will use the Azure Active Directory admin center
* Two new administrators named Admin1 and Admin2 will be responsible for managing Microsoft Exchange Online only Security Requirements Fabrikam identifies the following security requirements:
* Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed
* Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement
* Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations
* Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory
* Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location
* The location of the user administrators must be audited when the administrators authenticate to Azure AD
* Email messages that include attachments containing malware must be delivered without the attachment
* The principle of least privilege must be used whenever possible
NEW QUESTION 147
......
Authentic Best resources for MS-500 Online Practice Exam: https://www.fast2test.com/MS-500-premium-file.html
Get the superior quality MS-500 Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1XFxNFng_2wGMNOhPg9feu1bmndVu6oD6