MS-500 Online Practice Questions and Answers

HOTSPOT

You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

OneDrive stores files that are shared with external users. The files are configured as shown in the following table.

You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:

Rule1:

7.

Conditions: Label1, Detect content that's shared with people outside my organization

8.

Actions: Restrict access to the content for external users

9.

User notifications: Notify the user who last modified the content 10.User overrides: On 11.Priority: 0

Rule2:

12.Conditions: Label1 or Label2

13.Actions: Restrict access to the content

14.Priority: 1

Rule3:

15.Conditions: Label2, Detect content that's shared with people outside my organization

16.Actions: Restrict access to the content for external users 17.User notifications: Notify the user who last modified the content 18.User overrides: On 19.Priority: 2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:

1.

Administrators must be notified when the Security administrator role is activated.

2.

Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.

Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You add internal as a blocked word in the group naming policy for contoso.com.

You add Contoso-as prefix in the group naming policy for contoso.com.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

You have a Microsoft 365 subscription.

A user reports that changes were made to several files in Microsoft OneDrive.

You need to identify which files were modified by which users in the user's OneDrive.

What should you do?

A. From the Azure Active Directory admin center, open the audit log

B. From the OneDrive admin center, select Device access

C. From Security and Compliance, perform an eDiscovery search

D. From Microsoft Cloud App Security, open the activity log

You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. From the Cloud App Security admin center, create a file policy.

B. From the SharePoint admin center, modify the Site Settings.

C. From the SharePoint admin center, create a label.

D. From the SharePoint admin center, modify the records management settings.

E. From the Security admin center, publish a label.

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.

The security logs of the servers are collected by using a third-party SIEM solution.

You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.

What should you do?

A. Turn off Delayed updates for the Microsoft Defender for Identity sensors.

B. Configure auditing in the Microsoft 365 Compliance center.

C. Turn on Delayed updates for the Microsoft Defender for Identity sensors.

D. Integrate SIEM and Microsoft Defender for Identity.

You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.

All users in contoso.com use the Microsoft SharePoint Newsfeed.

You need to ensure that all the users use the Yammer.com service.

What should you do?

A. From the Yammer admin center, modify the Usage Policy settings

B. From the SharePoint admin center, modify the Enterprise Social Collaboration settings

C. From the SharePoint admin center, modify the Connected Services settings

D. From the Yammer admin center, modify the Configuration settings

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.

The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.

For User1, you select Confirm user compromised.

User1 can still sign in.

You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.

Solution: You configure the user risk policy to block access when the user risk level is high.

Does this meet the goal?

A. Yes

B. No

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You configure the Security Operator role in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.

You add assignments to the Security Operator role as shown in the following table.

Which users can activate the Security Operator role?

A. User2 only

B. User3 only

C. User1 and User2 only

D. User2 and User3 only

E. User1, User2, and User3

Which role should you assign to User1?

A. Global administrator

B. User administrator

C. Privileged role administrator

D. Security administrator