Microsoft MS-500 Microsoft 365 Security Administration Online Training
Microsoft MS-500 Online Training
The questions for MS-500 were last updated at Dec 20,2024.
- Exam Code: MS-500
- Exam Name: Microsoft 365 Security Administration
- Certification Provider: Microsoft
- Latest update: Dec 20,2024
Several users in your Microsoft 365 subscription report that they received an email message without the attachment. You need to review the attachments that were removed from the messages.
Which two tools can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . the Exchange admin center
- B . the Azure ATP admin center
- C . Microsoft Azure Security Center
- D . the Security & Compliance admin center
- E . Outlook on the web
A,D
Explanation:
References: https://docs.microsoft.com/en-us/office365/securitycompliance/manage-quarantined-messages-and-files
HOTSPOT
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: No
User1 will receive the two alerts classified as medium or higher. Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices. If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 2: No
User2 will receive the two alerts classified as medium or higher.
Email alerts are sent to all global admins, security admins and security readers Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices. If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 3: No
User3 will not receive alters.
Email alerts are sent to all global admins, security admins and security readers.
HOTSPOT
You have a Microsoft E5 subscription that contains two users named User 1 and User2.
You have a Microsoft SharePoint site named Site1.
Site1 stores files that contain IP addresses as shown in the following table.
User1 is assigned the SharePoint admin role for Site1. User2 is a member of Sile1. You create the data loss prevention (DLP)1 policy shown in the following exhibit.
For each of the following statements, select Yes if the statement is true: Otherwise, select No. NOTE: Each correct selection is worth one point.
CORRECT TEXT
You need to ensure that a user named Grady Archie can monitor the service health of your Microsoft 365 tenant. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft 365 portal.
✑ In the Microsoft 365 Admin Center, type Grady Archie into the Search for users, groups, settings or tasks search box.
✑ Select the Grady Archie user account from the search results.
✑ In the Roles section of the user account properties, click the Edit link.
✑ Select the Customized Administrator option. This will display a list of admin roles.
✑ Select the Service admin role.
✑ Click Save to save the changes.
You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune.
You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network.
What should you do first?
- A . From the Azure Active Directory admin center, create a new certificate
- B . Enable Application Proxy in Azure AD
- C . From Active Directory Administrative Center, create a Dynamic Access Control policy
- D . From the Azure Active Directory admin center, configure authentication methods
A
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/ad-ca-vpn-connectivitywindows10
You haw a Microsoft 365 subscription that contains the users shown in the following table.
You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group3.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
By default, self-service password reset is enabled for Directory writers and Security administrator but not for Azure Information Protection administrators and Cloud application administrators. Therefore, we must enable SSPR for User3 by applying it to Group2 and not Group3 as User4 is in Group3. User4 would thus be affected if we enable it on Group3.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences
You have a Microsoft 365 tenant.
You need to implement a policy to enforce the following requirements:
• If a user uses a Windows 10 device that is NOT hybrid Azure Active Directory (Azure AD) joined, the user must be allowed to connect to Microsoft SharePoint Online only from a web browser. The user must be prevented from downloading files or syncing files from SharePoint Online.
• If a user uses a Windows 10 device that is hybrid Azure AD joined, the user must be able connect to SharePoint Online from any client application, download files, and sync files.
What should you create?
- A . a conditional access policy in Azure AD that has Client apps conditions configured
- B . a compliance policy in Microsoft Endpoint Manager that has the Device Health settings configured
- C . a compliance policy in Microsoft Endpoint Manager that has the Device Properties settings configured
- D . a conditional access policy in Azure AD that has Session controls configured
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1.
The review has the following settings:
✑ Review name: Review1
✑ Start date: 01C15C2020
✑ Frequency: One time
✑ End date: 02C14C2020
✑ Users to review: Assigned to an application
✑ Scope: Everyone
✑ Applications: App1
✑ Reviewers: Members (self)
✑ Auto apply results to resource: Enable
✑ Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text
Description automatically generated
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
For contoso.com, you create a group naming policy that has the following configuration.
<Department> – <Group name>
You plan to create the groups shown in the following table.
Which users can be used to create each group? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
HOTSPOT
You have a Microsoft 365 E5 tenant that contains two users named User1 and User2 and a Microsoft SharePoint Online site named Site1 as shown in
For Site1, the users are assigned the roles shown in the following table.
You publish a retention label named Retention1 to Site1.
To which files can the users apply Retention1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
For User 1:
C. File1.docx, File2.docx, and File3.docx
For User 2:
B. File1.docx and File2.docx only
According to the article “Use retention labels to manage SharePoint document lifecycle”1, retention labels can be applied to all files in all document libraries, and all files at the root level that aren’t in a folder 1. The article “Learn about retention for SharePoint and OneDrive” 2 also confirms that all files stored in SharePoint or OneDrive sites can be retained by applying a retention label 2. Therefore, User 1, who has the Full Control permission level for Site1, can apply Retention1 to all three files in Site1.
However, User 2, who has the Read permission level for Site1, cannot apply Retention1 to File3.docx because it is located in a folder. According to the article “Learn about retention policies & labels to retain or delete” 3, users need at least Edit permissions on a SharePoint site or OneDrive account to apply a retention label manually 3. The Read permission level does not include Edit permissions. Therefore, User 2 can only apply Retention1 to File1.docx and File2.docx, which are at the root level of Site1.
Latest MS-500 Dumps Valid Version with 193 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
You know you need help when you are preparing for a hard exam like Microsoft 365 Security Administration. MS-500 Dumps PDF 2019 is the best source to get familiar with the latest exam patterns and terms. You can easily get a wide range of 2019 MS-500 Exam Questions at affordable rates from Testmayor. Check out the Free Demo to make sure the MS-500 Dumps are up to your demand. Get free 3-month updates with your purchase and a fabulous discount on using the coupon code.