Pass Your MS-500 Dumps as PDF Updated on 2024 With 329 Questions [Q171-Q195]

Pass Your MS-500 Dumps as PDF Updated on 2024 With 329 Questions

Microsoft MS-500 Real Exam Questions and Answers FREE

NEW QUESTION # 171
Which policies apply to which devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 172
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Clock the Exhibit tab.)

In contoso.com, you create the users shown in the following table.

What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 173
How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 174
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Clock the Exhibit tab.)

In contoso.com, you create the users shown in the following table.

What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 175
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Clock the Exhibit tab.)

In contoso.com, you create the users shown in the following table.

What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 176
You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown in the following table.

Policy1 if configured as showing in the following exhibit.

Policy2 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies?redirectSourcePath=%252fen-

NEW QUESTION # 177
You have a Microsoft 365 E5 subscription.
You implement Advanced Threat Protection (ATP) safe attachments policies for all users.
User reports that email messages containing attachments take longer than expected to be received.
You need to reduce the amount of time it takes to receive email messages that contain attachments. The
solution must ensure that all attachments are scanned for malware. Attachments that have malware must
be blocked.
What should you do from ATP?

A. Add a condition
B. Add an exception
C. Set the action to Block
D. Set the action to Dynamic Delivery

Answer: D

Explanation:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/dynamic-delivery-and-previewing

NEW QUESTION # 178
You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.
You need to identify the following:
* Rules that are applied without Triggering a policy alert
* The top 10 files that have matched DLP policies
* Alerts that are miscategorized
Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 179
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1.
You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two actions should you use in the search? To answer, select the appropriate activities in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

NEW QUESTION # 180
You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.
All users in contoso.com use the Microsoft SharePoint Newsfeed.
You need to ensure that all the users use the Yammer.com service.
What should you do?

A. From the Yammer admin center, modify the Usage Policy settings
B. From the Yammer admin center, modify the Configuration settings
C. From the SharePoint admin center, modify the Connected Services settings
D. From the SharePoint admin center, modify the Enterprise Social Collaboration settings

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/yammer/integrate-yammer-with-other-apps/yammer-and-newsfeed

NEW QUESTION # 181
You need to create Group2.
What are two possible ways to create the group?

A. a mail-enabled security group in the Microsoft 365 admin center
B. a security group in the Microsoft 365 admin center
C. a distribution list in the Microsoft 365 admin center
D. an Office 365 group in the Microsoft 365 admin center
E. a security group in the Azure AD admin center

Answer: B,E

Explanation:
Topic 2, Fabrikam inc.
Overview
Fabrikam, Inc. is manufacturing company that sells products through partner retail stores. Fabrikam has 5,000 employees located in offices throughout Europe.
Existing Environment
Network Infrastructure
The network contains an Active Directory forest named fabrikam.com. Fabrikam has a hybrid Microsoft Azure Active Directory (Azure AD) environment.
The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription.
Problem Statements
Fabrikam identifies the following issues:
* Since last Friday, the IT team has been receiving automated email messages that contain "Unhealthy Identity Synchronization Notification" in the subject line.
* Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming.
Requirements
Planned Changes
Fabrikam plans to implement the following changes:
* Fabrikam plans to monitor and investigate suspicious sign-ins to Active Directory
* Fabrikam plans to provide partners with access to some of the data stored in Microsoft 365 Application Administration Fabrikam identifies the following application requirements for managing workload applications:
* User administrators will work from different countries
* User administrators will use the Azure Active Directory admin center
* Two new administrators named Admin1 and Admin2 will be responsible for managing Microsoft Exchange Online only Security Requirements Fabrikam identifies the following security requirements:
* Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed
* Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement
* Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations
* Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory
* Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location
* The location of the user administrators must be audited when the administrators authenticate to Azure AD
* Email messages that include attachments containing malware must be delivered without the attachment
* The principle of least privilege must be used whenever possible

NEW QUESTION # 182
You are evaluating which finance department users will be prompted for Azure MFA credentials.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
YES, YES, NO.
Named locations can't have a private IP range, look at
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
"User IP address The IP address that is used in policy evaluation is the public IP address of the user. For devices on a private network, this IP address is not the client IP of the user's device on the intranet, it is the address used by the network to connect to the public internet."

NEW QUESTION # 183
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You configure the Security Operator role in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.

You add assignments to the Security Operator role as shown in the following table.

Which users can activate the Security Operator role?

A. User2 only
B. User3 only
C. User2 and User3 only
D. Used and User2 only
E. User1,User2, and User3

Answer: C

NEW QUESTION # 184
You have a Microsoft 365 subscription.
You need to ensure that users can manually designate which content will be subject to data loss prevention (DLP) policies.
What should you create first?

A. A safe attachments policy in Microsoft Office 365
B. A custom sensitive information type
C. A Data Subject Request (DSR)
D. A retention label in Microsoft Office 365

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/manage-gdpr-data-subject-requests-with-thedsr-case-tool#more-information-about-using-the-dsr-case-tool

NEW QUESTION # 185
Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership#suppor

NEW QUESTION # 186
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308

You need to ensure that a user named Allan Deyoung receives incident reports when email messages that contain data covered by the U.K. Data Protection Act are sent outside of your organization.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
1. In the Security & Compliance Center > left navigation > Data loss prevention > Policy > + Create a policy.
2. Choose the U.K. Data Protection Act template > Next.
3. Name the policy > Next.
4. Choose All locations in Office 365 > Next.
5. At the first Policy Settings step just accept the defaults,
6. After clicking Next, you'll be presented with an additional Policy Settings page Deselect the Show policy tips to users and send them an email notification option.
Select the Detect when content that's being shared contains option, and configure the number instances to be 10.
Select the Send incident reports in email option.
Select the Choose what to include in the report and who receives it link to add Allan Deyoung as a recipient.
7. > Next
8. Select the option to turn on the policy right away > Next.
9. Click Create to finish creating the policy.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide

NEW QUESTION # 187
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
Assignments: Include Group1, Exclude Group2
Conditions: Sign in risk of Low and above
Access: Allow access, Require password change
You need to identify how the policy affects User1 and User2.
What occurs when User1 and User2 sign in from an unfamiliar location? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 188
You have a Microsoft 365 E5 subscription that uses Microsoft Endpoint Manager.
The Compliance policy settings are configured as shown in the following exhibit.

On February 25, 2020, you create the device compliance policies shown in the following table.

On March 1. 2020, users enroll Windows 10 devices in Microsoft Endpoint Manager as shown in the following table

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Yes
Device2 is in Group2 so Policy2 applies.
Device2 is not compliant with Policy2. However, the device won't be marked as non-compliant until 10 days after the device was enrolled.
Box 2: Yes
Device1 is in Group1 and Group2 so both Policy1 and Policy2 apply.
Device1 is compliant with Policy1 but non-compliant with Policy2. However, the device won't be marked as non-compliant until 10 days after the device was enrolled.
Box 3: No
Device1 is in Group1 and Group2 so both Policy1 and Policy2 apply.
Device1 is compliant with Policy1 but non-compliant with Policy2.
March 12this more than 10 days after the device was enrolled so it will now be marked as non-compliant by Policy2.

NEW QUESTION # 189
You have a Microsoft 365 subscription.
You need to include a custom sensitive information type in Data Subject Request (DSR) cases.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/customize-a-built-in-sensitive-information-type?view

NEW QUESTION # 190
You have a Microsoft 365 subscription that uses a default name of litwareinc.com.
You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/onedrive/manage-sharing

NEW QUESTION # 191
You have a Microsoft 365 subscription.
A customer requests that you provide her with all documents that reference her by name.
You need to provide the customer with a copy of the content.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-office365

NEW QUESTION # 192
You have a Microsoft 365 subscription.
You need to include a custom sensitive information type in Data Subject Request (DSR) cases.
Which four actions should you perform in sequence? To answer, move the appropriate actions from thelist of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/customize-a-built-in-sensitive-information-type?vie

NEW QUESTION # 193
You have a Microsoft 365 subscription that contains the users shown in the following table.

You implement Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
From PIM, you review the Application Administrator role and discover the users shown in the following table.

The Application Administrator role is configured to use the following settings in PIM:
* Maximum activation duration: 1 hour
* Notifications: Disable
* Incident/Request ticket: Disable
* Multi-Factor Authentication: Disable
* Require approval: Enable
* Selected approver: No results
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 194
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that email messages in Exchange Online and documents in SharePoint Online are retained for eight years.
To complete this task, sign in to the Microsoft Office 365 admin center.

Answer:

Explanation:
NB: For our purposes, the retention period will be 8 years.
For retaining email messages in Exchange Online:
Step 1: Create a retention tag
1. Navigate to the Exchange Admin Center
2. Navigate to Compliance management > Retention tags, and then click Add +
3. Select one of the following options:
* Applied automatically to entire mailbox (default): Select this option to create a default policy tag (DPT).
You can use DPTs to create a default deletion policy and a default archive policy, which applies to all items in the mailbox.
* Applied automatically to a specific folder: Select this option to create a retention policy tag (RPT) for a default folder such as Inbox or Deleted Items.
* Applied by users to items and folders (Personal): Select this option to create personal tags. These tags allow Outlook and Outlook on the web (formerly known as Outlook Web App) users to apply archive or deletion settings to a message or folders that are different from the settings applied to the parent folder or the entire mailbox.
4. The New retention tag page title and options will vary depending on the type of tag you selected. Complete the following fields:
* Name: Enter a name for the retention tag. The tag name is for display purposes and doesn't have any impact on the folder or item a tag is applied to. Consider that the personal tags you provision for users are available in Outlook and Outlook on the web.
* Apply this tag to the following default folder: This option is available only if you selected Applied automatically to a specific folder.
* Retention action: Select one of the following actions to be taken after the item reaches its retention
* period:
* Delete and Allow Recovery: Select this action to delete items but allow users to recover them using the Recover Deleted Items option in Outlook or Outlook on the web. Items are retained until the deleted item retention period configured for the mailbox database or the mailbox user is reached.
* Permanently Delete: Select this option to permanently delete the item from the mailbox database.
* Move to Archive: This action is available only if you're creating a DPT or a personal tag. Select this action to move items to the user's In-Place Archive.
* Retention period: Select one of the following options:
* Never: Select this option to specify that items should never be deleted or moved to the archive.
* When the item reaches the following age (in days): Select this option and specify the number of days to retain items before they're moved or deleted. The retention age for all supported items except Calendar and Tasks is calculated from the date an item is received or created. Retention age for Calendar and Tasks items is calculated from the end date.
* Comment: User this optional field to enter any administrative notes or comments. The field isn't displayed to users.
Step 2: Create a retention policy
1. Navigate to Compliance management > Retention policies, and then click Add +
2. In New Retention Policy, complete the following fields:
* Name: Enter a name for the retention policy.
* Retention tags: Click Add + to select the tags you want to add to this retention policy.
A retention policy can contain the following tags:
* One DPT with the Move to Archive action.
* One DPT with the Delete and Allow Recovery or Permanently Delete actions.
* One DPT for voice mail messages with the Delete and Allow Recovery or Permanently Delete actions.
* One RPT per default folder such as Inbox to delete items.
* Any number of personal tags.
Step 3: Apply a retention policy to mailbox users
After you create a retention policy, you must apply it to mailbox users. You can apply different retention policies to different set of users.
* Navigate to Recipients > Mailboxes.
* In the list view, use the Shift or Ctrl keys to select multiple mailboxes.
* In the details pane, click More options.
* Under Retention Policy, click Update.
* In Bulk Assign Retention Policy, select the retention policy you want to apply to the mailboxes, and then click Save.
For retaining documents in SharePoint Online
Access Security & Compliance Admin Center
1. Navigate to the Office 365 Admin Centers

2. From the list of available Admin Centers, click on Security & Compliance

How to create and publish a Retention Policy on a SharePoint site
Now that we are in the Security & Compliance Admin Center, we are ready to create and publish a Retention Policy on a SharePoint site.Under Data Governance, click Retention

1. Hit Create button to create new Retention Policy

2. Give your policy a name and description. Hit Next

3. On the next screen is where you set up the logic. You can configure how many days, months, or years to retain the content for, specify whether you want the math (retention period) to be calculated from the Created Date or Last Modified Date. Lastly, you can also specify whether you want to keep or delete content after the Retention period expires. Hit Next

4. On the next screen, you get to choose where to apply the policy. You can apply it to email (Exchange), SharePoint sites, OneDrive accounts as well as Office 365 Groups.

5. In my case, I applied a policy to a single Office 365 Group Site

6. On a final screen, you need to review and confirm the settings and click Create this policy button. It is imperative to note the message you get to see at the bottom. It warns you that content might be deleted as soon as the policy takes effect according to the logic you set up in previous steps.

References:
https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/create-a-re
https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/apply-reten
https://sharepointmaven.com/how-to-set-a-retention-policy-on-a-sharepoint-site/