Summer Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1271b8m643

MS-500 Exam Dumps - Microsoft 365 Security Administration

Question # 4

You install Azure ATP sensors on domain controllers.

You add a member to the Domain Admins group. You view the timeline in Azure ATP and discover that information regarding the membership change is missing.

You need to meet the security requirements for Azure ATP reporting.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 5

You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.

What should you include in the recommendation?

A.

a device compliance policy

B.

an access review

C.

a user risk policy

D.

a sign-in risk policy

Full Access
Question # 6

Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 7

You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.

Which other settings should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 8

Which policies apply to which devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 9

You need to meet the technical requirements for User9. What should you do?

A.

Assign the Privileged administrator role to User9 and configure a mobile phone number for User9

B.

Assign the Compliance administrator role to User9 and configure a mobile phone number for User9

C.

Assign the Security administrator role to User9

D.

Assign the Global administrator role to User9

Full Access
Question # 10

You are evaluating which finance department users will be prompted for Azure MFA credentials.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 11

Which role should you assign to User1?

A.

Global administrator

B.

User administrator

C.

Privileged role administrator

D.

Security administrator

Full Access
Question # 12

Which user passwords will User2 be prevented from resetting?

A.

User6 and User7

B.

User4 and User6

C.

User4 only

D.

User7 and User8

E.

User8 only

Full Access
Question # 13

You are evaluating which devices are compliant in Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 14

What should User6 use to meet the technical requirements?

A.

Supervision in the Security & Compliance admin center

B.

Service requests in the Microsoft 365 admin center

C.

Security & privacy in the Microsoft 365 admin center

D.

Data subject requests in the Security & Compliance admin center

Full Access
Question # 15

You need to create Group2.

What are two possible ways to create the group?

A.

an Office 365 group in the Microsoft 365 admin center

B.

a mail-enabled security group in the Microsoft 365 admin center

C.

a security group in the Microsoft 365 admin center

D.

a distribution list in the Microsoft 365 admin center

E.

a security group in the Azure AD admin center

Full Access
Question # 16

You have a Microsoft 365 subscription.

You create a supervision policy named Policy1, and you designate a user named User1 as the reviewer.

What should User1 use to view supervised communications?

A.

a team in Microsoft Teams

B.

the Security & Compliance admin center

C.

Outlook on the web

D.

the Exchange admin center

D18912E1457D5D1DDCBD40AB3BF70D5D

Full Access
Question # 17

You have an Azure Sentinel workspace.

You configure a rule to generate Azure Sentinel alerts when Azure Active Directory (Azure AD) Identity Protection detects risky sign-ins. You develop an Azure Logic Apps solution to contact users and verify whether reported risky sign-ins are legitimate.

You need to configure the workspace to meet the following requirements:

  • Call the Azure logic app when an alert is triggered for a risky sign-in.
  • To the Azure Sentinel portal, add a custom dashboard that displays statistics for risky sign-ins that are detected and resolved.

What should you configure in Azure Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 18

Your company plans to merge with another company.

A user named Debra Berger is an executive at your company.

You need to provide Debra Berger with all the email content of a user named Alex Wilber that contains the word merger.

To complete this task, sign in to the Microsoft 365 portal.

Full Access
Question # 19

You have a Microsoft 365 subscription that has Enable Security defaults set to No in Azure Active Directory (Azure AD).

You have a custom compliance manager template named Regulation1.

You have the assessments shown in the following table.

Assessment1 has the improvement actions shown in the following table.

Assessment2 has the improvement actions shown in the following table.

You perform the following actions:

  • For Assessment2, change the Test status of Establish a threat intelligence program to Implemented.
  • Enable multi-factor authentication (MFA) for all users.
  • Configure a privileged access policy.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 20

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the

tenant. Azure AD Connect has the following settings:

  • Source Anchor: objectGUID
  • Password Hash Synchronization: Disabled
  • Password writeback: Disabled
  • Directory extension attribute sync: Disabled
  • Azure AD app and attribute filtering: Disabled
  • Exchange hybrid deployment: Disabled
  • User writeback: Disabled

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.

Solution: You modify the Source Anchor settings.

Does that meet the goal?

A.

Yes

B.

No

Full Access
Question # 21

You have a Microsoft 365 E5 subscription.

You create a sensitivity label named Label 1 and publish Label1 to all users and groups.

You have the following files on a computer:

• File1.doc

• File2.docx

• File3.xlsx

• File4.txt

You need to identify which files can have Label1 applied. Which files should you identify?

A.

File2.docx only

B.

File1.doc. File2.docx. File3.xlsx. a

C.

File1 .doc. File2.docx, and File3.xlsx only

D.

File2.docx and File3.xlsx only

Full Access
Question # 22

You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:

  • Administrators must be notified when the Security administrator role is activated.
  • Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.

Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 23

Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit.

The synchronization schedule is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 24

You have a Microsoft 365 subscription.

You are creating a retention policy named Retention1 as shown in the following exhibit.

You apply Retention1 to SharePoint sites and OneDrive accounts.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 25

You have a Microsoft 365 subscription.

You create and run a content search from the Security & Compliance admin center.

You need to download the results of the content search.

What should you obtain first?

A.

an export key

B.

a password

C.

a certificate

D.

a pin

Full Access
Question # 26

You have a hybrid Azure Active Directory (Azure AD) tenant that has pass- through authentication enabled.

You plan to implement Azure AD identity Protection and enable the user risk policy.

You need to configure the environment to support the user risk policy.

A.

Enable password hash synchronization.

B.

Configure a conditional access policy.

C.

Enforce the multi-factor authentication (MFA) registration policy.

D.

Enable the sign-in risk policy.

Full Access
Question # 27

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

What should you do to meet the security requirements?

A.

Change the Assignment Type for Admin2 to Permanent

B.

From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2

C.

From the Azure Active Directory admin center, remove the Exchange administrator role to Admin1

D.

Change the Assignment Type for Admin1 to Eligible

Full Access
Question # 28

You need to resolve the issue that targets the automated email messages to the IT team.

Which tool should you run first?

A.

Synchronization Service Manager

B.

Azure AD Connect wizard

C.

Synchronization Rules Editor

D.

IdFix

Full Access
Question # 29

You need to recommend an email malware solution that meets the security requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 30

You need to recommend a solution for the user administrators that meets the security requirements for auditing.

Which blade should you recommend using from the Azure Active Directory admin center?

A.

Sign-ins

B.

Azure AD Identity Protection

C.

Authentication methods

D.

Access review

Full Access