2021 Latest Microsoft 365 Security Administration MS-500 Sample Questions

2021 Latest Microsoft 365 Security Administration MS-500 Sample Questions

MS-500 exam is the only exam needed to get the Microsoft 365 Certified: Security Administrator Associate Certification. It is is suitable for candidates familiar with Microsoft 365 and hybrid environments together with the ability to possess the skills to implement, manage, and monitor security and compliance solutions.

This MS-500 Sample Questions are designed to provide you with information on the Microsoft 365 Security Administration test. These sample questions will help you get familiar with the kind of questions that will appear on the MS-500 certification test, as well as the difficulty level of those questions. FreeTestShare will be your best choice if you want to obtain more Microsoft MS-500 test questions with verified answers for the actual exam.

Page 1 of 7

1. HOTSPOT

You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.





A user named User1 is configured to receive alerts from Azure AD Identity Protection.

You create users in contoso.com as shown in the following table.





The users perform the sign-ins shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.



2. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.



Username and password





Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

admin@[email protected]

Microsoft 365 Password: &=Q8v@2qGzYz

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support only:

Lab instance: 11032396

You need to ensure that group owners renew their Office 365 groups every 180 days.

To complete this task, sign in to the Microsoft Office 365 admin center.

3. You have a Microsoft 365 subscription.

You have a Microsoft SharePoint Online site named Site1.

You have a Data Subject Request (DSR) case named Case1 that searches Site1.

You create a new sensitive information type.

You need to ensure that Case1 returns all the documents that contain the new sensitive information type.

What should you do?

4. Topic 3, Contoso, Ltd



This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.



To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.



At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.



To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.



Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The company has the offices shown in the following table.







Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365.



Existing Environment

Infrastructure

The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.

The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.

Each client computer has a single volume.

Each office connects to the Internet by using a NAT device.

The offices have the IP addresses shown in the following table.





Named locations are defined in Azure AD as shown in the following table.







From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.

Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.

The tenant contains the users shown in the following table.







The tenant contains the groups shown in the following table.







Customer Lockbox is enabled in Microsoft 365.



Microsoft Intune Configuration

The devices enrolled in Intune are configured as shown in the following table.





The device compliance policies in Intune are configured as shown in the following table.





The device compliance policies have the assignments shown in the following table.





The Mark devices with no compliance policy assigned as setting is set to Compliant.



Requirements

Technical Requirements

Contoso identifies the following technical requirements:

✑ Use the principle of least privilege

✑ Enable User1 to assign the Reports reader role to users

✑ Ensure that User6 approves Customer Lockbox requests as quickly aspossible

✑ Ensure that User9 can implement Azure AD Privileged Identity Management



HOTSPOT

You are evaluating which devices are compliant in Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.



5. Your company has a main office and a Microsoft 365 subscription.

You need to enforce Microsoft Azure Multi-Factor Authentication (MFA) by using conditional access for all users who are NOT physically present in the office.

What should you include in the configuration?

6. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure

Information Protection.

You add CompanyConfidential to a global policy.

A user protects an email message by using CompanyConfidential and sends the label to several external

recipients. The external recipients report that they cannot open the email message.

You need to ensure that the external recipients can open protected email messages sent to them.

Solution: You modify the encryption settings of the label.

Does this meet the goal?

7. You need to enable and configure Microsoft Defender for Endpoint to meet the security requirements .

What should you do?

8. You have a Microsoft 365 subscription.

You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware.

You need to configure the retention duration for the attachments in quarantine.

Which type of threat management policy should you create from the Security&Compliance admin center?

9. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.





You add internal as a blocked word in the group naming policy for contoso.com.

You add Contoso- as prefix in the group naming policy for contoso.com.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.



10. You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Intune.

You need to enable Windows Defender Exploit Guard (Windows Defender EG) on the devices.

Which type of device configuration profile should you use?


 

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *