Microsoft MS-500 Microsoft 365 Security Administration Online Training
Microsoft MS-500 Online Training
The questions for MS-500 were last updated at Dec 22,2024.
- Exam Code: MS-500
- Exam Name: Microsoft 365 Security Administration
- Certification Provider: Microsoft
- Latest update: Dec 22,2024
You have a Microsoft 365 tenant.
You have 500 computers that run Windows 10.
You plan to monitor the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP) after the computers are enrolled in Microsoft Intune.
You need to ensure that the computers connect to Windows Defender ATP.
How should you prepare Intune for Windows Defender ATP?
- A . Configure an enrollment restriction
- B . Create a device configuration profile
- C . Create a conditional access policy
- D . Create a Windows Autopilot deployment profile
B
Explanation:
Reference: https://docs.microsoft.com/en-us/intune/advanced-threat-protection
A user stores the following files in Microsoft OneDrive:
✑ File.docx
✑ ImportantFile.docx
✑ File_Important.docx
You create a Microsoft Cloud App Security file policy Policy1 that has the filter shown in the following exhibit.
To which files does Policy1 apply?
- A . File_Important.docx only
- B . File.docx, ImportantFile.docx, and File_Important.docx
- C . File.docx only
- D . ImportantFile.docx only
- E . File.docx and File_Important.docx only
B
Explanation:
Reference: https://docs.microsoft.com/en-us/cloud-app-security/file-filters
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant.
Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?
- A . Yes
- B . No
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You configure the Security Operator role in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.
You add assignments to the Security Operator role as shown in the following table.
Which users can activate the Security Operator role?
- A . User2 only
- B . User3 only
- C . Used and User2 only
- D . User2 and User3 only
- E . User1, User2, and User3
HOTSPOT
You have a Microsoft 365 subscription.
You create a retention label named Label1 as shown in the following exhibit.
You publish Label1 to SharePoint sites.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
References: https://docs.microsoft.com/en-us/office365/securitycompliance/labels
You have a Microsoft 365 subscription that contains the users shown in the following table.
You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You create a conditional access policy for User1, User2, and User3,
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?
- A . Modify the retention period of the default audit retention policy.
- B . Create a custom audit retention policy.
- C . Assign Microsoft 365 Enterprise E5 licenses to all users.
- D . Modify the record type of the default audit retention policy.
C
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide
You have a Microsoft 365 subscription that includes a user named Admin1.
You need to ensure that Admin1 can preserve all the mailbox content of users, including their deleted items.
The solution must use the principle of least privilege.
What should you do?
- A . From the Microsoft 365 admin center, assign the Exchange administrator role to Admin1.
- B . From the Exchange admin center, assign the Discovery Management admin role to Admin1.
- C . From the Azure Active Directory admin center, assign the Service administrator role to Admin1.
- D . From the Exchange admin center, assign the Recipient Management admin role to Admin1.
C
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels#what-label-policies-can-do
You have a Microsoft 365 E5 subscription without a Microsoft Azure subscription.
Some users are required to use an authenticator app to access Microsoft SharePoint Online.
You need to view which users have used an authenticator app to access SharePoint Online. The solution must minimize costs.
What should you do?
- A . From the Enterprise applications blade of the Azure Active Directory admin center, view the audit logs
- B . From Azure Log Analytics, query the logs
- C . From the Azure Active Directory admin center, view the audit logs
- D . From the Enterprise applications blade of the Azure Active Directory admin center, view the sign-ins
You have a Microsoft 365 subscription for a company named Contoso, Ltd. All data is in Microsoft 365.
Contoso works with a partner company named Litware, Inc. Litware has a Microsoft 365 subscription.
You need to allow users at Contoso to share files from Microsoft OneDrive to specific users at Litware.
Which two actions should you perform from the OneDrive admin center? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Increase the permission level for OneDrive External sharing
- B . Modify the Links settings
- C . Change the permissions for OneDrive External sharing to the least permissive level
- D . Decrease the permission level for OneDrive External sharing
- E . Modify the Device access settings
- F . Modify the Sync settings
B,D
Explanation:
References: https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
You know you need help when you are preparing for a hard exam like Microsoft 365 Security Administration. MS-500 Dumps PDF 2019 is the best source to get familiar with the latest exam patterns and terms. You can easily get a wide range of 2019 MS-500 Exam Questions at affordable rates from Testmayor. Check out the Free Demo to make sure the MS-500 Dumps are up to your demand. Get free 3-month updates with your purchase and a fabulous discount on using the coupon code.