[Jun-2024 Newly Released] MS-500 Exam Questions For You To Pass [Q94-Q115]

[Jun-2024 Newly Released] MS-500 Exam Questions For You To Pass

Microsoft MS-500 Exam: Basic Questions With Answers

The MS-500 exam validates the candidate's skills in implementing and managing Microsoft 365 security and compliance solutions. It is a comprehensive exam that covers a wide range of security and compliance topics, including identity and access management, threat protection, data loss prevention, eDiscovery, and compliance management. Candidates who pass the MS-500 exam demonstrate their ability to configure and manage security and compliance features in Microsoft 365, as well as their understanding of security best practices.

 

NEW QUESTION # 94
You have a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) deployment that has the custom network indicators turned on. Microsoft Defender ATP protects two computers that run Windows
10 as shown in the following table.

Microsoft Defender ATP has the machine groups shown in the following table.

From Microsoft Defender Security Center, you create the URLs/Domains indicators shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 95
You have a Microsoft 365 subscription that include three users named User1, User2, and User3.
A file named File1.docx is stored in Microsoft OneDrive. An automated process updates File1.docx every minute.
You create an alert policy named Policy1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

NEW QUESTION # 96
You have the Microsoft conditions shown in the following table.

You have the Azure Information Protection labels shown in the following table.

You have the Azure Information Protection policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

NEW QUESTION # 97
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend removing User1 from the Compliance Manager Contributor role.
Does this meet the goal?

• A. No
• B. Yes

Answer: A

Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/working-with-compliance-manager

NEW QUESTION # 98
You have a Microsoft 365 tenant.
You create an attack surface reduction policy that uses an application control profile as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on theinformation presented in the graphic.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: themember will receive a security warning.
Group1 is included in the policy so SmartScreen will be enabled. SmartScreen will display a warning.
Box 2: the site will open without warning.
Group2 is excluded from the policy so SmartScreen will not be enabled.Therefore, no warning will be displayed.

NEW QUESTION # 99
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts?tabs=new
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings?tabs=new

NEW QUESTION # 100
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. All the devices in the tenant are managed by using Microsoft Intune.
You purchase a cloud app named App1 that supports session controls.
You need to ensure that access to App can be reviewed in real time.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/cloud-app-security/access-policy-aad

NEW QUESTION # 101
You have a Microsoft SharePoint Online sire named Site1 that contains the files shown in the following table.

You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.

You apply DLP1 to Site1.
Which policy tips will appear for File2?

• A. Tip3 only
• B. Tip2 only
• C. Tip1 and Tip2 only
• D. Tip1 only

Answer: B

NEW QUESTION # 102
You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization.
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email addresses that you intend to spoof belong to the Executive group members.
What should you do first?

• A. From the Azure ATP admin center, configure the primary workspace settings
• B. Migrate the Executive group members to Exchange Online
• C. Enable MFA for the Research group members
• D. From the Microsoft Azure portal, configure the user risk policy settings in Azure AD Identity Protection

Answer: C

Explanation:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulator

NEW QUESTION # 103
You have a Microsoft 365 subscription that contains three users named User1, User2. and User2. You have the named locations shown in the following table.

You configure an Azure Multi-Factor Authentication (MFA) trusted IP address range of 192.168.1.0/27. You have the Conditional Access policies shown in the following table.

The users have the IP addresses shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, se ect No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 104
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

NEW QUESTION # 105
Your company has a Microsoft 365 subscription.
The company does not permit users to enroll personal devices in mobile device management (MDM).
Users in the sales department have personal iOS devices.
You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant.
The users must be prevented from backing up the app's data to iCloud.
What should you create?

• A. a conditional access policy in Microsoft Azure Active Directory (Azure AD) that has a client apps condition
• B. a device compliance policy in Microsoft Intune
• C. a conditional access policy in Microsoft Azure Active Directory (Azure AD) that has a device state condition
• D. an app protection policy in Microsoft Intune

Answer: D

NEW QUESTION # 106
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table.

The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

You create an Azure Information Protection policy named Policy1.
You need to apply Policy1.
To which groups can you apply Policy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/information-protection/prepare

NEW QUESTION # 107
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.
A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.
You need to ensure that the external recipients can open protected email messages sent to them.
You modify the encryption settings of the label.
Does that meet the goal?

• A. No
• B. Yes

Answer: A

NEW QUESTION # 108
You need to configure threat detection for Active Directory. The solution must meet the security requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Topic 2, Fabrikam inc.
Overview
Fabrikam, Inc. is manufacturing company that sells products through partner retail stores. Fabrikam has 5,000 employees located in offices throughout Europe.
Existing Environment
Network Infrastructure
The network contains an Active Directory forest named fabrikam.com. Fabrikam has a hybrid Microsoft Azure Active Directory (Azure AD) environment.
The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription.
Problem Statements
Fabrikam identifies the following issues:
* Since last Friday, the IT team has been receiving automated email messages that contain "Unhealthy Identity Synchronization Notification" in the subject line.
* Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming.
Requirements
Planned Changes
Fabrikam plans to implement the following changes:
* Fabrikam plans to monitor and investigate suspicious sign-ins to Active Directory
* Fabrikam plans to provide partners with access to some of the data stored in Microsoft 365 Application Administration Fabrikam identifies the following application requirements for managing workload applications:
* User administrators will work from different countries
* User administrators will use the Azure Active Directory admin center
* Two new administrators named Admin1 and Admin2 will be responsible for managing Microsoft Exchange Online only Security Requirements Fabrikam identifies the following security requirements:
* Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed
* Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement
* Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations
* Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory
* Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location
* The location of the user administrators must be audited when the administrators authenticate to Azure AD
* Email messages that include attachments containing malware must be delivered without the attachment
* The principle of least privilege must be used whenever possible

NEW QUESTION # 109
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You discover that several security alerts are visible from the Microsoft Defender for Identity portal.
You need to identify which users in contoso.com can close the security alerts.
Which users should you identify?

• A. User3 only
• B. User3 and User4 only
• C. User1 only
• D. User1 and User3 only
• E. User1 and User2 only

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/role-groups

NEW QUESTION # 110
You have an Azure Sentinel workspace.
You configure a rule to generate Azure Sentinel alerts when Azure Active Directory (Azure AD) Identity Protection detects risky sign-ins. You develop an Azure Logic Apps solution to contact users and verify whether reported risky sign-ins are legitimate.
You need to configure the workspace to meet the following requirements:
Call the Azure logic app when an alert is triggered for a risky sign-in.
To the Azure Sentinel portal, add a custom dashboard that displays statistics for risky sign-ins that are detected and resolved.
What should you configure in Azure Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

NEW QUESTION # 111
You have a Microsoft 365 subscription.
A customer requests that you provide her with all documents that reference her by name.
You need to provide the customer with a copy of the content.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-office365

NEW QUESTION # 112
You have a Microsoft 365 E5 subscription.
From Microsoft Azure Active Directory (Azure AD), you create a security group named Group1. You add 10 users to Group1.
You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 113
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You register devices in contoso.com as shown in the following table.

You create app protection policies in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy

NEW QUESTION # 114
You have a Microsoft 365 E5 subscription.
All computers run Windows 10 and are onboarded to Windows Defender Advanced Threat Protection (Windows Defender ATP).
You create a Windows Defender machine group named MachineGroup1.
You need to enable delegation for the security settings of the computers in MachineGroup1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) group.
2 - From Windows Defender Security Center, create a role.
3 - From Windows Defender Security Center, configure the permissions for MachineGroup1.

NEW QUESTION # 115
......

New 2024 Realistic Free Microsoft MS-500 Exam Dump Questions and Answer: https://www.testbraindump.com/MS-500-exam-prep.html

MS-500 Practice Test Engine: Try These 329 Exam Questions: https://drive.google.com/open?id=1_ZthYXlk-eKKo6THxJGZkwvAk3VoHMQt