This page was exported from Valid Premium Exam [ http://premium.validexam.com ] Export date:Fri Sep 20 1:08:45 2024 / +0000 GMT ___________________________________________________ Title: [Dec 16, 2022] Fully Updated Microsoft 365 (MS-500) Certification Sample Questions [Q117-Q136] --------------------------------------------------- [Dec 16, 2022] Fully Updated Microsoft 365 (MS-500) Certification Sample Questions Latest Microsoft MS-500 Real Exam Dumps PDF NO.117 Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection.You add CompanyConfidential to a global policy.A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.You need to ensure that the external recipients can open protected email messages sent to them.Solution: You create a new label in the global policy and instruct the user to resend the email message.Does this meet the goal?  Yes  No NO.118 You have a Microsoft 365 subscription that uses a default name of litwareinc.com.You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/onedrive/manage-sharingNO.119 You are evaluating which finance department users will be prompted for Azure MFA credentials.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE:Each correct selection is worth one point. ExplanationYES, YES, NO.Namedlocations can’t have a private IP range, lookathttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition“User IP address The IP address that is used in policy evaluation is the public IP address of the user. For devices on a private network, this IP address is not the client IP of the user’s device on the intranet, it is the address used by the network to connect to the public internet.”NO.120 You have a Microsoft 365 E5 subscription that contains a user named User1.The Azure Active Directory (Azure AD) Identity Protection risky users report identities User1.For User1, you select Confirm user compromised.User1 can still sign in.You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.Solution: You configure the user risk policy to block access when the user risk level is high.Does this meet the goal?  Yes  No NO.121 You have a Microsoft 365 subscription that uses a default domain name of contoso.com.Microsoft Azure Active Directory (Azure AD) contains the users shown in the following table.Microsoft Intune has two devices enrolled as shown in the following table:Both devices have three apps named App1, App2, and App3 installed.You create an app protection policy named ProtectionPolicy1 that has the following settings:Protected apps: App1Exempt apps: App2Windows Information Protection mode: BlockYou apply ProtectionPolicy1 to Group1 and Group3. You exclude Group2 from ProtectionPolicy1.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. NO.122 You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.Which other settings should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationNO.123 You need to configure threat detection for Active Directory. The solution must meet the security requirements.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Topic 2, Fabrikam inc.Existing EnvironmentNetwork InfrastructureThe network contains an Active Directory forest named fabrikam.com. Fabrikam has a hybrid Microsoft Azure Active Directory (Azure AD) environment.The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription.Problem StatementsFabrikam identifies the following issues:Since last Friday, the IT team has been receiving automated email messages that contain “Unhealthy Identity Synchronization Notification” in the subject line.Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming.RequirementsPlanned ChangesFabrikam plans to implement the following changes:Fabrikam plans to monitor and investigate suspicious sign-ins to Active Directory Fabrikam plans to provide partners with access to some of the data stored in Microsoft 365 Application Administration Fabrikam identifies the following application requirements for managing workload applications:User administrators will work from different countriesUser administrators will use the Azure Active Directory admin centerTwo new administrators named Admin1 and Admin2 will be responsible for managing Microsoft Exchange Online only Security Requirements Fabrikam identifies the following security requirements:Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location The location of the user administrators must be audited when the administrators authenticate to Azure AD Email messages that include attachments containing malware must be delivered without the attachment The principle of least privilege must be used whenever possibleNO.124 You have the Microsoft conditions shown in the following table.You have the Azure Information Protection labels shown in the following table.You have the Azure Information Protection policies shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No. ExplanationNO.125 Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.Username and passwordUse the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:admin@LODSe00019@onmicrosoft.comMicrosoft 365 Password: #HSP.ug?$p6unIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support only:Lab instance: 11122308You need to create an Azure Information Protection label to meet the following requirements:* Content must expire after 21 days.* Offline access must be allowed for 21 days only.* Documents must be protected by using a cloud key.* Authenticated users must be able to view content only.To complete this task, sign in to the Microsoft 365 admin center. See explanation below.Explanation1. If you haven’t already done so, open a new browser window and sign in to the Azure portal. Then navigate to the Azure Information Protection pane.For example, in the search box for resources, services, and docs: Start typing Information and select Azure Information Protection.2. From the Classifications > Labels menu option: On the Azure Information Protection – Labels pane, select the label you want to change.On the Label pane, locate Set permissions for documents and emails containing this label, and select Protect.3. Select Protection.4. On the Protection pane, select Azure (cloud key).5. Select Set permissions to define new protection settings in this portal.6. If you selected Set permissions for Azure (cloud key), this option lets you select users and usage rights.To specify the users that you want to be able to open protected documents and emails, select Add permissions.Then on the Add permissions pane, select the first set of users and groups who will have rights to use the content that will be protected by the selected label:* Choose Select from the list where you can then add all users from your organization by selecting Add<organization name> – All members. This setting excludes guest accounts. Or, you can select Add any authenticated users, or browse the directory.When you choose all members or browse the directory, the users or groups must have an email address. In a production environment, users and groups nearly always have an email address, but in a simple testing environment, you might need to add email addresses to user accounts or groups.* Change the File Content Expiration setting to 21 days.* Change the Allow offline access setting to 21 days.When you have finished configuring the permissions and settings, click OK.This grouping of settings creates a custom template for the Azure Rights Management service. These templates can be used with applications and services that integrate with Azure Rights Management.7. Click OK to close the Protection pane and see your choice of User defined or your chosen template display for the Protection option in the Label pane.8. On the Label pane, click Save.9. On the Azure Information Protection pane, use the PROTECTION column to confirm that your label now displays the protection setting that you want:* A check mark if you have configured protection.* An x mark to denote cancellation if you have configured a label to remove protection.* A blank field when protection is not set.When you clicked Save, your changes are automatically available to users and services. There’s no longer a separate publish option.Reference:https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protectionNO.126 You need to resolve the issue that targets the automated email messages to the IT team.Which tool should you run first?  Synchronization Service Manager  Azure AD Connect wizard  Synchronization Rules Editor  IdFix ExplanationReferences:https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronizationNO.127 You have a Microsoft 365 Enterprise E5 subscription.You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to useMicrosoft Office 365 Attack simulator.What is a prerequisite for running Attack simulator?  Enable multi-factor authentication (MFA)  Configure Advanced Threat Protection (ATP)  Create a Conditional Access App Control policy for accessing Office 365  Integrate Office 365 Threat Intelligence and Windows Defender ATP Explanation/Reference:Reference:https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulatorNO.128 You have a Microsoft 365 subscription.You have a Microsoft SharePoint Online site named Site1.The files in Site1 are protected by using Microsoft Azure Information Protection.From the Security & Compliance admin center, you create a label that designates personal data.You need to auto-apply the new label to all the content in Site1.What should you do first?  From PowerShell, run Set-ManagedContentSettings.  From PowerShell, run Set-ComplianceTag.  From the Security & Compliance admin center, create a Data Subject Request (DSR).  Remove Azure Information Protection from the Site1 files. Reference:https://docs.microsoft.com/en-us/office365/securitycompliance/apply-labels-to-personal-data-in-office-365NO.129 You have a Microsoft 365 subscription that uses a default domain name of litwareinc.com.You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit. Reference:https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-offNO.130 You have a Microsoft 365 subscription that contains the users shown in the following table.You enable self-service password reset for Group1 and configure security questions as the only authentication method for self-service password reset.You need to identify which user must answer security questions to reset his password.Which user should you identify?  User1  User2  User3  User4 NO.131 You install Azure ATP sensors on domain controllers.You add a member to the Domain Admins group. You view the timeline in Azure ATP and discover that information regarding the membership change is missing.You need to meet the security requirements for Azure ATP reporting.What should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-advanced-audit-policyNO.132 Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.Username and passwordUse the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:admin@LODSe244001@onmicrosoft.comMicrosoft 365 Password: &=Q8v@2qGzYzIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support only:Lab instance: 11032396You need to ensure that each user can join up to five devices to Azure Active Directory (Azure AD).To complete this task, sign in to the Microsoft Office 365 admin center. See explanation below.* After signing into the Microsoft 365 admin center, click Admin centers > Azure Active Directory > Devices.* Navigate to Device Settings.* Set the Users may join devices to Azure AD setting to All.* Set the Additional local administrators on Azure AD joined devices setting to None.* Set the Users may register* Leave the Require Multi-Factor Auth to join devices setting on it default setting.* Set the Maximum number of devices* Set the Users may sync settings and app data across devices All.* Click the Save button at the top left of the screen.Reference:https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portalhttps://docs.microsoft.com/en-us/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365?vNO.133 Which role should you assign to User1?  Global administrator  User administrator  Privileged role administrator  Security administrator NO.134 How should you configure Group3? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. NO.135 You have a Microsoft 365 subscription.You need to ensure that users can manually designate which content will be subject to data loss prevention (DLP) policies.What should you create first?  A retention label in Microsoft Office 365  A custom sensitive information type  A Data Subject Request (DSR)  A safe attachments policy in Microsoft Office 365 ExplanationReferences:https://docs.microsoft.com/en-us/office365/securitycompliance/manage-gdpr-data-subject-requests-with-thedsr-cNO.136 Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.You need to ensure that the external recipients can open protected email messages sent to them.Solution: You modify the encryption settings of the label.Does this meet the goal?  Yes  No  Loading … Microsoft MS-500 Dumps - Secret To Pass in First Attempt: https://www.validexam.com/MS-500-latest-dumps.html --------------------------------------------------- Images: https://premium.validexam.com/wp-content/plugins/watu/loading.gif https://premium.validexam.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-12-16 16:44:34 Post date GMT: 2022-12-16 16:44:34 Post modified date: 2022-12-16 16:44:34 Post modified date GMT: 2022-12-16 16:44:34