MS-500 Questions and Answers

You haw a Microsoft 365 subscription.

You receive a General Data Protection Regulation (GOPR) request for the custom dictionary of a user From The Compliance admin center you need to create a content search, should you configure the content search?

You have a Microsoft 365 E5 subscription that contains 500 Windows 10 devices The subscription uses Microsoft Defender for Endpoint and is integrated with Microsoft Endpoint Manager. AJI the devices have Defender for Endpoint deployed.

You create a Conditional Access policy as shown in the following table.

You need to ensure that devices that have a machine risk score of high are blocked. What should you do in Microsoft Endpoint Manager?

You are evaluating which finance department users will be prompted for Azure MFA credentials.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You need to ensure that a user named Grady Archie can monitor the service health of your Microsoft 365 tenant. The solution must use the principle of least privilege.

To complete this task, sign in to the Microsoft 365 portal.

What should User6 use to meet the technical requirements?

You need to meet the technical requirements for User9. What should you do?

Which role should you assign to User1?

Which policies apply to which devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure Acme Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You discover several security alerts are visible from the Microsoft Defender for Identity portal.

You need to identify which users m contoso.com can dose the security Alerts. Which users should you identify?

You have a Microsoft 365 E5 subscription that contains a user named User1.

User1 needs to be able to create Data Subject Requests (DSRs) in the Microsoft 365 compliance center.

To which role or role group should you add User1?

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the

tenant. Azure AD Connect has the following settings:

• Source Anchor: objectGUID
• Password Hash Synchronization: Disabled
• Password writeback: Disabled
• Directory extension attribute sync: Disabled
• Azure AD app and attribute filtering: Disabled
• Exchange hybrid deployment: Disabled
• User writeback: Disabled

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.

Solution: You modify the Source Anchor settings.

Does that meet the goal?

Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are evaluating which devices are compliant in Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Which user passwords will User2 be prevented from resetting?

You need to create Group3.

What are two possible ways to create the group?

You need to configure threat detection for Active Directory. The solution must meet the security requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

How should you configure Group3? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

What should you do to meet the security requirements?

You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.

Which other settings should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the technical and security requirements for sharing data with the partners.

What should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You need to recommend an email malware solution that meets the security requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You install Azure ATP sensors on domain controllers.

You add a member to the Domain Admins group. You view the timeline in Azure ATP and discover that information regarding the membership change is missing.

You need to meet the security requirements for Azure ATP reporting.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to resolve the issue that targets the automated email messages to the IT team.

Which tool should you run first?

You need to recommend a solution for the user administrators that meets the security requirements for auditing.

Which blade should you recommend using from the Azure Active Directory admin center?

You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.

What should you include in the recommendation?