MS-500 Online Practice Questions and Answers

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You register devices in contoso.com as shown in the following table.

You create app protection policies in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.

You create the audit retention policies shown in the following table.

The users perform the following actions:

1.

User1 renames a Microsoft SharePoint Online site.

2.

User2 sends an email message.

How long will the audit log records be retained for each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains three groups named Group1, Group2, and Group3 and the users shown in the following table.

You create a new access package as shown in the following exhibit.

You assign Package1 on June 1, 2021, by using die following configurations:

1.

Select users: User1, User2, User3

2.

Select policy: Initial policy

3.

Assignment starts: June 1, 2021

4.

Assignment ends: July 1, 2021

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Hot Area:

SIMULATION

Your company plans to merge with another company.

A user named Debra Berger is an executive at your company.

You need to provide Debra Berger with all the email content of a user named Alex Wilber that contains the word merger. To complete this task, sign in to the Microsoft 365 portal.

You have a hybrid Microsoft 365 environment.

All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed. All the computers are joined to Active Directory.

You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft.

What should you do?

A. On Server1, run readinessreportcreator.exe

B. Configure a registry entry on Server1

C. Configure a registry entry on the computers

D. On the computers, run tdadm.exe

You have a Microsoft 365 subscription.

A security manager receives an email message every time a data loss prevention (DLP) policy match occurs.

You need to limit alert notifications to actionable DLP events.

What should you do?

A. From the Security and Compliance admin center, modify the Policy Tips of a DLP policy.

B. From the Cloud App Security admin center, apply a filter to the alerts.

C. From the Security and Compliance admin center, modify the User overrides settings of a DLP policy.

D. From the Security and Compliance admin center, modify the matched activities threshold of an alert policy.

You recently created and published several labels policies in a Microsoft 365 subscription.

You need to view which labels were applied by users manually and which labels were applied automatically.

What should you do from the Microsoft 365 Compliance center?

A. From Search and investigation, select Content search

B. From Data governance, select Events

C. From Search and investigation, select eDiscovery

D. From Reports, select Dashboard

You have a Microsoft 365 subscription.

Some users access Microsoft SharePoint Online from unmanaged devices.

You create a conditional access policy in Azure Active Directory.

You need to prevent the users from downloading, printing, and syncing files.

What should you do?

A. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection user risk policy.

B. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy.

C. From the SharePoint admin center, configure the Access control settings.

D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy.

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.

A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.

You need to ensure that the external recipients can open protected email messages sent to them.

Solution: You modify the encryption settings of the label.

Does this meet the goal?

A. Yes

B. No

You have an Azure Active Directory (Azure AD) tenant that has a Microsoft 365 subscription

You recently configured the tenant to require multi factor authentication (MFA) for risky sign ins

You need to review the users who required MFA.

What should you do?

A. From the Microsoft 365 admin center, review a Security and Compliance report.

B. From the Azure Active Directory admin center, download the sign-ms to a CSV file

C. From the Microsoft 365 Compliance admin center, run an audit log search and download the results to a CSV file

D. From the Azure Active Directory admin center, review the Authentication methods activities.

You plan to deploy a new Microsoft 365 Subscription that will contain 500 users.

You need to ensure that the following actions are performed the users sign in to the subscription

Evaluate the users' risk level based on their location and travel. Require high-risk users to sign in by using Azure Multi-Factor Authentication (Azure MFA).

The solution must minimize cost.

Which license should you assign to each user?

A. Microsoft 365 Business Premium

B. Microsoft 365 E3

C. Enterprise Mobility + Security E3

D. Microsoft 365 ES

Your company has a Microsoft 365 E5 subscription that uses Microsoft Defender for identity.

You plan to create a detection exclusion in Microsoft Defender for Identity.

What should you use to create the detection exclusion?

A. Microsoft Defender for Identity portal

B. Microsoft 365 Compliance center

C. Microsoft Defender for Cloud Apps portal

D. Microsoft 365 Defender portal

You have a Microsoft 365 E5 subscription.

A customer requests access to all his personal data.

You need to manage the customer's request.

What should you do first?

A. Create a content search.

B. Enable sharing with external users.

C. Set Require approval for all data access requests to On for Customer Lockbox.

D. Create a Data Subject Request (DSR) case.

Which user passwords will User2 be prevented from resetting?

A. User6 and User7

B. User4 and User6

C. User4 only

D. User7 and User8

E. User8 only

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

What should you do to meet the security requirements?

A. Change the Assignment Type for Admin2 to Permanent

B. From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2

C. From the Azure Active Directory admin center, remove the Exchange administrator role to Admin1

D. Change the Assignment Type for Admin1 to Eligible