March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Microsoft MS-500 Microsoft 365 Security Administration Exam Practice Test

Note! Following MS-500 Exam is Retired now. Please select the alternative replacement for your Exam Certification.
Page: 1 / 33
Total 327 questions

Microsoft 365 Security Administration Questions and Answers

Question 1

You need to meet the technical requirements for User9. What should you do?

Options:

A.

Assign the Privileged administrator role to User9 and configure a mobile phone number for User9

B.

Assign the Compliance administrator role to User9 and configure a mobile phone number for User9

C.

Assign the Security administrator role to User9

D.

Assign the Global administrator role to User9

Question 2

What should User6 use to meet the technical requirements?

Options:

A.

Supervision in the Security & Compliance admin center

B.

Service requests in the Microsoft 365 admin center

C.

Security & privacy in the Microsoft 365 admin center

D.

Data subject requests in the Security & Compliance admin center

Question 3

You are evaluating which devices are compliant in Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 3

Options:

Question 4

You are evaluating which finance department users will be prompted for Azure MFA credentials.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 4

Options:

Question 5

Which policies apply to which devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 5

Options:

Question 6

Which user passwords will User2 be prevented from resetting?

Options:

A.

User6 and User7

B.

User4 and User6

C.

User4 only

D.

User7 and User8

E.

User8 only

Question 7

Which role should you assign to User1?

Options:

A.

Global administrator

B.

User administrator

C.

Privileged role administrator

D.

Security administrator

Question 8

Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 8

Options:

Question 9

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 contains 100 users and has dynamic user membership.

All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.

You create a sensitivity label named Label and publish Label 1 as the default label for Group!.

You need to ensure that the users in Group1 must apply Label! to their email and documents.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Install the Azure Information Protection unified labeling client on the Windows 10 devices.

B.

From the Microsoft 365 Compliance center, modify the settings of the Label1 policy.

C.

Install the Active Directory Rights Management Services (AD RMS) client on the Windows 10 devices.

D.

From the Microsoft 365 Compliance center, create an auto-labeling policy.

E.

From the Azure Active Directory admin center, set Membership type for Group1 to Assigned.

Question 10

You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.

You need to identify the following:

• Rules that are applied without Triggering a policy alert

• The top 10 files that have matched DLP policies

• Alerts that are miscategorized

Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question # 10

Options:

Question 11

You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.

Question # 11

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question # 11

Options:

Question 12

You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.

Question # 12

You plan to use Microsoft 365 Attack Simulator.

You need to identify the users against which you can use Attack Simulator.

Which users should you identify?

Options:

A.

User1 and User3 only

B.

User1, User2, User3, and User4

C.

User3 only

D.

User3 and User4 only

Question 13

You have a Microsoft SharePoint Online sire named Site1 that contains the files shown in the following table.

Question # 13

You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.

Question # 13

You apply DLP1 to Site1.

Which policy tips will appear for File2?

Options:

A.

Tip1 only

B.

Tip2 only

C.

Tip3 only

D.

Tip1 and Tip2 only

Question 14

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Question # 14

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:

  • Assignments: Include Group1, Exclude Group2
  • Conditions: Sign in risk of Low and above
  • Access: Allow access, Require password change

You need to identify how the policy affects User1 and User2.

What occurs when User1 and User2 sign in from an unfamiliar location? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 14

Options:

Question 15

You have a Microsoft 365 E5 subscription.

You implement Advanced Threat Protection (ATP) safe attachments policies for all users.

User reports that email messages containing attachments take longer than expected to be received.

You need to reduce the amount of time it takes to receive email messages that contain attachments. The

solution must ensure that all attachments are scanned for malware. Attachments that have malware must be blocked.

What should you do from ATP?

Options:

A.

Set the action to Block

B.

Add an exception

C.

Add a condition

D.

Set the action to Dynamic Delivery

Question 16

You have a Microsoft 365 subscription that contains the groups shown in the following exhibit.

Question # 16

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.

Question # 16

Options:

Question 17

You have a Microsoft 365 subscription.

You have a Data Subject Request (DSR) case named Case1.

You need to ensure that Case1 includes all the email posted by the data subject to the Microsoft Exchange Online public folders.

Which additional property should you include in the Content Search query?

Options:

A.

kind:externaldata

B.

itemclass:ipm.externaldata

C.

itemclass:ipm.post

D.

kind:email

Question 18

You have a Microsoft 365 subscription that uses a default name of litwareinc.com.

You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.

Question # 18

Question # 18

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question # 18

Options:

Question 19

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.

You need to allow a user named User1 to view ATP reports in the Threat management dashboard.

Which role provides User1with the required role permissions?

Options:

A.

Security reader

B.

Message center reader

C.

Compliance administrator

D.

Information Protection administrator

Question 20

You have a Microsoft 365 subscription.

A customer requests that you provide her with all documents that reference her by name.

You need to provide the customer with a copy of the content.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 20

Options:

Question 21

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password

Question # 21

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

admin@LODSe00019@onmicrosoft.com

Microsoft 365 Password: #HSP.ug?$p6un

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support only:

Lab instance: 11122308

Question # 21

Question # 21

Question # 21

Question # 21

Question # 21

Question # 21

Question # 21

Question # 21

Question # 21

You need to protect against phishing attacks. The solution must meet the following requirements:

  • Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
  • As many phishing email messages as possible must be identified.

The solution must apply to the current SMTP domain names and any domain names added later.

To complete this task, sign in to the Microsoft 365 admin center.

Options:

Question 22

You have a Microsoft 365 E5 subscription.

You create a sensitivity label named Label 1 and publish Label1 to all users and groups.

You have the following files on a computer:

• File1.doc

• File2.docx

• File3.xlsx

• File4.txt

You need to identify which files can have Label1 applied. Which files should you identify?

Options:

A.

File2.docx only

B.

File1.doc. File2.docx. File3.xlsx. a

C.

File1 .doc. File2.docx, and File3.xlsx only

D.

File2.docx and File3.xlsx only

Question 23

Your company uses Microsoft Azure Advanced Threat Protection (ATP).

You enable the delayed deployment of updates for an Azure ATP sensor named Sensor1.

How long after the Azure ATP cloud service is updated will Sensor1 be updated?

Options:

A.

7 days

B.

24 hours

C.

1 hour

D.

48 hours

E.

12 hours

Question 24

Your company plans to merge with another company.

A user named Debra Berger is an executive at your company.

You need to provide Debra Berger with all the email content of a user named Alex Wilber that contains the word merger.

To complete this task, sign in to the Microsoft 365 portal.

Options:

Question 25

You have a Microsoft 365 subscription. All users use Microsoft Exchange Online.

Microsoft 365 is configured to use the default policy settings without any custom rules.

You manage message hygiene.

Where are suspicious email messages placed by default? To answer, drag the appropriate location to the correct message types. Each location may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Question # 25

Options:

Question 26

You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.

Which other settings should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 26

Options:

Question 27

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

Question # 27

What should you do to meet the security requirements?

Options:

A.

Change the Assignment Type for Admin2 to Permanent

B.

From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2

C.

From the Azure Active Directory admin center, remove the Exchange administrator role to Admin1

D.

Change the Assignment Type for Admin1 to Eligible

Question 28

You need to recommend an email malware solution that meets the security requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 28

Options:

Question 29

You need to recommend a solution for the user administrators that meets the security requirements for auditing.

Which blade should you recommend using from the Azure Active Directory admin center?

Options:

A.

Sign-ins

B.

Azure AD Identity Protection

C.

Authentication methods

D.

Access review

Question 30

You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.

What should you include in the recommendation?

Options:

A.

a device compliance policy

B.

an access review

C.

a user risk policy

D.

a sign-in risk policy

Question 31

You need to recommend a solution that meets the technical and security requirements for sharing data with the partners.

What should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Create an access review.

B.

Assign the Global administrator role to User1.

C.

Assign the Guest inviter role to User1.

D.

Modify the External collaboration settings in the Azure Active Directory admin center.

Question 32

NO: 7

You need to resolve the issue that targets the automated email messages to the IT team.

Which tool should you run first?

Options:

A.

Synchronization Service Manager

B.

Azure AD Connect wizard

C.

Synchronization Rules Editor

D.

IdFix

Question 33

You install Azure ATP sensors on domain controllers.

You add a member to the Domain Admins group. You view the timeline in Azure ATP and discover that information regarding the membership change is missing.

You need to meet the security requirements for Azure ATP reporting.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 33

Options:

Question 34

You need to configure threat detection for Active Directory. The solution must meet the security requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 34

Options:

Question 35

You need to implement Windows Defender ATP to meet the security requirements. What should you do?

Options:

A.

Configure port mirroring

B.

Create the ForceDefenderPassiveMode registry setting

C.

Download and install the Microsoft Monitoring Agent

D.

Run WindowsDefenderATPOnboardingScript.cmd

Question 36

You need to enable and configure Microsoft Defender for Endpoint to meet the security requirements. What should you do?

Options:

A.

Configure port mirroring

B.

Create the ForceDefenderPassiveMode registry setting

C.

Download and install the Microsoft Monitoring Agent

D.

Run WindowsDefenderATPOnboardingScripc.cmd

Question 37

Which IP address space should you include in the MFA configuration?

Options:

A.

131.107.83.0/28

B.

192.168.16.0/20

C.

172.16.0.0/24

D.

192.168.0.0/20

Question 38

You need to create Group3.

What are two possible ways to create the group?

Options:

A.

an Office 365 group in the Microsoft 365 admin center

B.

a mail-enabled security group in the Microsoft 365 admin center

C.

a security group in the Microsoft 365 admin center

D.

a distribution list in the Microsoft 365 admin center

E.

a security group in the Azure AD admin center

Question 39

How should you configure Group3? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 39

Options:

Question 40

You need to create Group2.

What are two possible ways to create the group?

Options:

A.

an Office 365 group in the Microsoft 365 admin center

B.

a mail-enabled security group in the Microsoft 365 admin center

C.

a security group in the Microsoft 365 admin center

D.

a distribution list in the Microsoft 365 admin center

E.

a security group in the Azure AD admin center

Question 41

How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 41

Options:

Page: 1 / 33
Total 327 questions