[Aug-2024] Use Real MS-500 Dumps Free Sample Questions and Practice Test Engine [Q131-Q155]

[Aug-2024] Use Real MS-500 Dumps Free Sample Questions and Practice Test Engine

Pass Microsoft MS-500 exam - questions - convert Tets Engine to PDF

NEW QUESTION # 131
You have a Microsoft 365 subscription that includes a user named Admin1.
You need to ensure that Admin1 can preserve all the mailbox content of users, including their deleted items.
The solution must use the principle of least privilege.
What should you do?

• A. From the Exchange admin center, assign the Discovery Management admin role to Admin1.
• B. From the Exchange admin center, assign the Recipient Management admin role to Admin1.
• C. From the Azure Active Directory admin center, assign the Service administrator role to Admin1.
• D. From the Microsoft 365 admin center, assign the Exchange administrator role to Admin1.

Answer: C

Explanation:
Explanation
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels#what-label-policies-can-do

NEW QUESTION # 132
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
The User Administrator role is configured in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.

You make User4 eligible for the User Administrator role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 133
You have a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) deployment that has the custom network indicators turned on. Microsoft Defender ATP protects two computers that run Windows 10 as shown in the following table.

Microsoft Defender ATP has the machine groups shown in the following table.

From Microsoft Defender Security Center, you create the URLs/Domains indicators shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 134
You have a Microsoft 365 subscription.
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and syncing files.
What should you do?

• A. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
• B. Run the Set-SPOTenantcmdlet and specify the -ConditionalAccessPolicyparameter.
• C. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy
• D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy

Answer: B

Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps
https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices Manage governance and compliance features in Microsoft 365 Testlet 1 This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, and New York.
The company has the offices shown in the following table.

Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft
365.
Existing Environment
Infrastructure
The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.
The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.
Each client computer has a single volume.
Each office connects to the Internet by using a NAT device. The offices have the IP addresses shown in the following table.

Named locations are defined in Azure AD as shown in the following table.

From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.
Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.
The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Customer Lockbox is enabled in Microsoft 365.
Microsoft Intune Configuration
The devices enrolled in Intune are configured as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The Mark devices with no compliance policy assigned as setting is set to Compliant.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
* Use the principle of least privilege
* Enable User1 to assign the Reports reader role to users
* Ensure that User6 approves Customer Lockbox requests as quickly as possible
* Ensure that User9 can enable and configure Azure AD Privileged Identity Management

NEW QUESTION # 135
You need to recommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 136
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308









You need to create an Azure Information Protection label to meet the following requirements:
* Content must expire after 21 days.
* Offline access must be allowed for 21 days only.
* Documents must be protected by using a cloud key.
* Authenticated users must be able to view content only.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. If you haven't already done so, open a new browser window and sign in to the Azure portal. Then navigate to the Azure Information Protection pane.
For example, in the search box for resources, services, and docs: Start typing Information and select Azure Information Protection.
2. From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you want to change.
On the Label pane, locate Set permissions for documents and emails containing this label, and select Protect.
3. Select Protection.
4. On the Protection pane, select Azure (cloud key).
5. Select Set permissions to define new protection settings in this portal.
6. If you selected Set permissions for Azure (cloud key), this option lets you select users and usage rights.
To specify the users that you want to be able to open protected documents and emails, select Add permissions.
Then on the Add permissions pane, select the first set of users and groups who will have rights to use the content that will be protected by the selected label:
* Choose Select from the list where you can then add all users from your organization by selecting Add
<organization name> - All members. This setting excludes guest accounts. Or, you can select Add any authenticated users, or browse the directory.
When you choose all members or browse the directory, the users or groups must have an email address. In a production environment, users and groups nearly always have an email address, but in a simple testing environment, you might need to add email addresses to user accounts or groups.
* Change the File Content Expiration setting to 21 days.
* Change the Allow offline access setting to 21 days.
When you have finished configuring the permissions and settings, click OK.
This grouping of settings creates a custom template for the Azure Rights Management service. These templates can be used with applications and services that integrate with Azure Rights Management.
7. Click OK to close the Protection pane and see your choice of User defined or your chosen template display for the Protection option in the Label pane.
8. On the Label pane, click Save.
9. On the Azure Information Protection pane, use the PROTECTION column to confirm that your label now displays the protection setting that you want:
* A check mark if you have configured protection.
* An x mark to denote cancellation if you have configured a label to remove protection.
* A blank field when protection is not set.
When you clicked Save, your changes are automatically available to users and services. There's no longer a separate publish option.
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection

NEW QUESTION # 137
You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft Sentinel to create incidents based on:
* Azure Active Directory (Azure AD) Identity Protection alerts
* Correlated events from the DeviceProcessEvents table
Which analytic rule types should you use for each incident type? To answer, drag the appropriate rule types to the correct incident types. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:

Explanation

NEW QUESTION # 138
You create a data loss prevention (DLP) policy as shown in the following shown:

What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?

• A. The email message is sent without a notification
• B. The user receives a notification and can send the email message
• C. The user receives a notification and cannot send the email message
• D. The email message is blocked silently

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

NEW QUESTION # 139
You need to create Group3.
What are two possible ways to create the group?

• A. a security group in the Azure AD admin center
• B. a mail-enabled security group in the Microsoft 365 admin center
• C. a distribution list in the Microsoft 365 admin center
• D. a security group in the Microsoft 365 admin center
• E. an Office 365 group in the Microsoft 365 admin center

Answer: C,E

Explanation:
Topic 3, Contoso, Ltd
Existing Environment
Infrastructure
The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.
The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.
Each client computer has a single volume.
Each office connects to the Internet by using a NAT device. The offices have the IP addresses shown in the following table.

Named locations are defined in Azure AD as shown in the following table.

From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.
Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.
The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Customer Lockbox is enabled in Microsoft 365.
Microsoft Intune Configuration
The devices enrolled in Intune are configured as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The Mark devices with no compliance policy assigned as setting is set to Compliant.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Use the principle of least privilege
Enable User1 to assign the Reports reader role to users
Ensure that User6 approves Customer Lockbox requests as quickly as possible Ensure that User9 can implement Azure AD Privileged Identity Management

NEW QUESTION # 140
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Youcreate and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
Assignments: Include Group1, Exclude Group2
Conditions: Sign in risk of Low and above
Access: Allow access, Require password multi-factor authentication
You need to identify how the policy affects User1 and User2.
What occurs when each user signs in from an anonymous IP address? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 141
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

NEW QUESTION # 142
You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains three groups named Group!, Group2. and Group3 and the users shown in the following table.

You create a new access package as shown in the following exhibit.
You have a Microsoft 365 E5 subscription that uses Microsoft Endpoint Manager. The Compliance policy settings are configured as shown in the following exhibit.
These settings configure the way the compliance service treats devices. Each device evaluates these as a "Built-in Device Compliance Policy", which is reflected in device monitoring.

Answer:

Explanation:

NEW QUESTION # 143
You need to configure threat detection for Active Directory. The solution must meet the security requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION # 144
You create a data loss prevention (DLP) policy as shown in the following shown:

What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?

• A. The email message is sent without a notification
• B. The user receives a notification and can send the email message
• C. The user receives a notification and cannot send the email message
• D. The email message is blocked silently

Answer: B

Explanation:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

NEW QUESTION # 145
You have an on-premises Hyper-V infrastructure that contains the following:
An Active Directory domain
A domain controller named Server1
A member server named Server2
A security policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.
You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.
What should you configure on each server? To answer, drag the appropriate components to the correct servers.
Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

7

Answer:

Explanation:

Explanation

NEW QUESTION # 146
You have Microsoft 365subscription.
You need to be notified by email whenever an administrator starts an ediscovery search What should you do from the Security & Compliance admin center?

• A. From Reports, create a managed schedule
• B. From ediscovery orate an eDiscovery case
• C. Prom Alerts, create an alert policy.
• D. From Search & investigation, create a guided search.

Answer: C

NEW QUESTION # 147
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308









You need to ensure that a user named Allan Deyoung receives incident reports when email messages that contain data covered by the U.K. Data Protection Act are sent outside of your organization.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
1. In the Security & Compliance Center > left navigation > Data loss prevention > Policy > + Create a policy.
2. Choose the U.K. Data Protection Act template > Next.
3. Name the policy > Next.
4. Choose All locations in Office 365 > Next.
5. At the first Policy Settings step just accept the defaults,
6. After clicking Next, you'll be presented with an additional Policy Settings page Deselect the Show policy tips to users and send them an email notification option.
Select the Detect when content that's being shared contains option, and configure the number instances to be 10.
Select the Send incident reports in email option.
Select the Choose what to include in the report and who receives it link to add Allan Deyoung as a recipient.
7. > Next
8. Select the option to turn on the policy right away > Next.
9. Click Create to finish creating the policy.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide

NEW QUESTION # 148
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You have the devices shown in the following table.

You have the Microsoft Defender for Endpoint portal roles shown in the following table.

You have the Microsoft Defender for Endpoint device groups shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 149
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
Assignments: Include Group1, Exclude Group2
Conditions: Sign in risk of Low and above
Access: Allow access, Require password multi-factor authentication
You need to identify how the policy affects User1 and User2.
What occurs when each user signs in from an anonymous IP address? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 150
You have a Microsoft 365 E5 subscription.
Users and device objects are added and removed daily. Users in the sales department frequently change their device.
You need to create three following groups:

The solution must minimize administrative effort.
What is the minimum number of groups you should create for each type of membership? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/users-groups-roles/groups-dyn

NEW QUESTION # 151
You have an on-premises Hyper-V infrastructure that contains the following:
An Active Directory domain
A domain controller named Server1
A member server named Server2
A security policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.
You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.
What should you configure on each server? To answer, drag the appropriate components to the correct servers.
Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

7

Answer:

Explanation:

Explanation

NEW QUESTION # 152
You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown in the following table.

Policy1 if configured as showing in the following exhibit.

Policy2 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies?redirectSourcePath=%252fen-

NEW QUESTION # 153
You have a Microsoft 365 subscription that contains a user named User.

You enroll devices in Microsoft Intune as shown in the following table.
Each device has two line of business apps named App1 and App2 installed.

You create application control policies targeted to all the app types in Microsoft Endpoint Manager as shown in the following table.

For each of the following statements, Select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 154
You have a Microsoft 365 E5 subscription.
Users and device objects are added and removed daily. Users in the sales department frequently change their device.
You need to create three following groups:

The solution must minimize administrative effort.
What is the minimum number of groups you should create for each type of membership? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/users-groups-roles/groups-dynamic-membership.md

NEW QUESTION # 155
......

Microsoft MS-500 (Microsoft 365 Security Administration) certification exam is an excellent choice for IT professionals who are looking to demonstrate their expertise in managing security and compliance solutions for Microsoft 365 enterprise environments. Microsoft 365 Security Administration certification exam measures the candidate's ability to implement and manage security and compliance solutions for Microsoft 365 and hybrid environments. MS-500 exam is designed to validate the skills and knowledge required to secure Microsoft 365 enterprise environments and provide an understanding of compliance and data protection standards.

Microsoft MS-500 certification exam is designed to validate the skills and knowledge of IT professionals who are responsible for securing Microsoft 365 enterprise environments. Microsoft 365 Security Administration certification is intended for those who work as security administrators, security analysts, and information protection specialists. MS-500 exam covers a range of topics such as implementing and managing identity and access, implementing and managing threat protection, and implementing and managing information protection.

To prepare for the Microsoft MS-500 exam, candidates should have a good understanding of Microsoft 365 security features and capabilities. They should also have experience in implementing and managing security and compliance solutions for Microsoft 365 environments. Candidates can prepare for the exam by taking online training courses, attending instructor-led training sessions, and using practice tests and study guides.

 

Pass Your MS-500 Exam Easily - Real MS-500 Practice Dump Updated Aug 21, 2024: https://www.pdfvce.com/Microsoft/MS-500-exam-pdf-dumps.html

2024 Realistic Verified Free Microsoft MS-500 Exam Questions: https://drive.google.com/open?id=1K9jiZZleu2j5phwuKD_rCwFZTN48tQPq