MS-500 Dumps To Pass Microsoft 365 Exam in One Day (Updated 329 Questions) [Q193-Q215]

MS-500 Dumps To Pass Microsoft 365 Exam in One Day (Updated 329 Questions)

MS-500 Exam Brain Dumps - Study Notes and Theory

Microsoft MS-500 certification exam is an excellent opportunity for professionals to showcase their expertise in Microsoft 365 security administration. Microsoft 365 Security Administration certification is recognized worldwide, and passing the exam can help professionals stand out in a competitive job market. Preparing for the exam requires a comprehensive understanding of Microsoft 365 security administration, and candidates can choose from a variety of resources to help them succeed.

Microsoft MS-500 exam is an essential certification for IT professionals who are looking to enhance their skills and knowledge in Microsoft 365 security administration. Microsoft 365 Security Administration certification demonstrates that the candidate has the necessary skills to secure Microsoft 365 enterprise environments and implement security best practices.

NEW QUESTION # 193
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. OneDrive stores files that are shared with external users. The files are configured as shown in the following table.

You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:
* Rulel:
* Conditions: Label 1, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 0
* Rule2:
* Conditions: Label 1 or Label2
* Actions: Restrict access to the content
* Priority: 1
* Rule3:
* Conditions: Label2, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 194
You need to ensure that administrators can publish a label that adds a footer to email messages and documents.
To complete this task, sign in to the Microsoft Office 365 portal.

Answer:

Explanation:
See explanation below.
Explanation
You need to configure a Sensitivity label.
* Go to the Security & Compliance Admin Center.
* Navigate to Classification > Sensitivity labels.
* Click on + Create a label to create a new label.
* Give the label a name and description then click Next.
* Leave the Encryption option as None and click Next.
* On the Content Marking page, tick the checkbox Add a footer.
* Click the Customize Text link and add the footer text and click Save (for the question, it doesn't matter what text you add).
* Click Next.
* Leave the Auto-labeling for Office apps off and click Next.
* Click the Submit button to save your changes.
* The label is now ready to be published. Click the Done button to exit the page and create the label.

NEW QUESTION # 195
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308

You need to ensure that a user named Allan Deyoung can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
* After signing in to the Microsoft 365 admin center, navigate to the Security & Compliance Center.
* In the left pane of the security and compliance center, select Permissions, and then select the checkbox next to eDiscovery Manager.
* On the eDiscovery Manager flyout page, do one of the following based on the eDiscovery permissions that you want to assign.
To make a user an eDiscovery Manager: Next to eDiscovery Manager, select Edit. In the Choose eDiscovery Manager section, select the Choose eDiscovery Manager hyperlink, and then select + Add.
Select the user (or users) you want to add as an eDiscovery manager, and then select Add. When you're finished adding users, select Done. Then, on the Editing Choose eDiscovery Manager flyout page, select Save to save the changes to the eDiscovery Manager membership.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwi

NEW QUESTION # 196
Your company has a Microsoft 365 subscription that contains the users shown in the following table.

The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP).
Windows Defender ATP includes the roles shown in the following table:

Windows Defender ATP contains the machine groups shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 197
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Four Windows 10 devices are joined to the tenant as shown in the following table.

On which devices can you use BitLocker To Go and on which devices can you turn on auto-unlock? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 198
You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 199
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Clock the Exhibit tab.)

In contoso.com, you create the users shown in the following table.

What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 200
Note: This question is part of series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might
have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure
AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the
tenant. Azure AD Connect has the following settings:
Source Anchor: objectGUID

Password Hash Synchronization: Disabled

Password writeback: Disabled

Directory extension attribute sync: Disabled

Azure AD app and attribute filtering: Disabled

Exchange hybrid deployment: Disabled

User writeback: Disabled

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?

A. No
B. Yes

Answer: A

NEW QUESTION # 201
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

You Plan to use the encryption report in Microsoft Endpoint Manager to view devices that have encryption enabled.
Which devices will be included in the encryption report?

A. Device1, Device2, Device 3 and Device 4
B. Device1 and Device4 Only
C. Device1, Device2 and Device4 Only
D. Device1 only
E. Device1 and Device2 Only

Answer: B

NEW QUESTION # 202
You need to enable and configure Microsoft Defender ATP to meet the security requirements. What should you do?

A. Configure port mirroring
B. Create the ForceDefenderPassiveModeregistry setting
C. Run WindowsDefenderATPOnboardingScript.cmd
D. Download and install the Microsoft Monitoring Agent

Answer: D

Explanation:
Explanation/Reference:
Implement and manage threat protection
Question Set 2

NEW QUESTION # 203
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.
A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.
You need to ensure that the external recipients can open protected email messages sent to them.
Solution: You modify the content expiration settings of the label.
Does this meet the goal?

A. No
B. Yes

Answer: A

NEW QUESTION # 204
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant.
Azure AD Connect has the following settings:
* Source Anchor: objectGUID
* Password Hash Synchronization: Disabled
* Password writeback: Disabled
* Directory extension attribute sync: Disabled
* Azure AD app and attribute filtering: Disabled
* Exchange hybrid deployment: Disabled
* User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?

A. Yes
B. No

Answer: A

Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/security/azure-ad-secure-steps

NEW QUESTION # 205
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You register devices in contoso.com as shown in the following table.

You create app protection policies in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy

NEW QUESTION # 206
You have a Microsoft 365 E5 subscription that uses Microsoft Endpoint Manager.
The Compliance policy settings are configured as shown in the following exhibit.

On February 25, 2020, you create the device compliance policies shown in the following table.

On March 1. 2020, users enroll Windows 10 devices in Microsoft Endpoint Manager as shown in the following table

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 207
You have a Microsoft 365 subscription that contains the users shown in the following table.

You enable self-service password reset for Group1 and configure security questions as the only authentication method for self-service password reset.
You need to identify which user must answer security questions to reset his password.
Which user should you identify?

A. User2
B. User1
C. User4
D. User3

Answer: D

NEW QUESTION # 208
You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 209
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Four Windows 10 devices are joined to the tenant as shown in the following table.

On which devices can you use BitLocker To Go and on which devices can you turn on auto-unlock? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 210
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
Microsoft Azure Active Directory (Azure AD) contains the users shown in the following table.

Microsoft Intune has two devices enrolled as shown in the following table:

Both devices have three apps named App1, App2, and App3 installed.
You create an app protection policy named ProtectionPolicy1 that has the following settings:
Protected apps: App1
Exempt apps: App2
Windows Information Protection mode: Block
You apply ProtectionPolicy1 to Group1 and Group3. You exclude Group2 from ProtectionPolicy1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 211
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
* Assignments: Include Group1, Exclude Group2
* Conditions: Sign in risk of Low and above
* Access: Allow access, Require password change
You need to identify how the policy affects User1 and User2.
What occurs when User1 and User2 sign in from an unfamiliar location? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 212
You have a Microsoft 365 subscription that uses a default name of litwareinc.com.
You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
References:
https://docs.microsoft.com/en-us/onedrive/manage-sharing

NEW QUESTION # 213
You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active Directory (Azure AD) tenant as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#when-office-apps-apply-content-marking-and-encryption

NEW QUESTION # 214
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.

You have the Privileged Access settings configured as shown in the following exhibit.

You have a privileged access policy that has the following settings:
* Policy name: New Transport Rule
* Policy type: Task
* Policy scope Exchange
* Approval Type: Manual
* Approver group: Group 1
User1 requests access to the New Transport Rule policy for a duration of two hours.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.