• Home
  • Articles
  • MS-500 Pre-Exam Practice Tests (Updated 231 Questions) [Q138-Q161]

MS-500 Pre-Exam Practice Tests (Updated 231 Questions) [Q138-Q161]

Share

MS-500 Pre-Exam Practice Tests | (Updated 231 Questions)

Valid MS-500 Exam Q&A PDF - One Year Free Update

NEW QUESTION 138
You have a Microsoft 365 E5 subscription.
Users and device objects are added and removed daily. Users in the sales department frequently change their device.
You need to create three following groups:

The solution must minimize administrative effort.
What is the minimum number of groups you should create for each type of membership? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/users-groups-roles/groups-dyn

 

NEW QUESTION 139
Note: Thisquestion is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have acorrect solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Severalusers have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1,the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true
-AdminAuditLogCmdlets *Mailbox* command.
Does that meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/setadminauditlogc

 

NEW QUESTION 140
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 contains the folders shown in the following table.

At 09:00, you create a Microsoft Cloud App Security policy named Policy1 as shown in the following exhibit.

After you create Policy1, you upload files to Site1 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/cloud-app-security/data-protection-policies

 

NEW QUESTION 141
You have a Microsoft 365 subscription. All users use Microsoft Exchange Online.
Microsoft 365 is configured to use the default policy settings without any custom rules.
You manage message hygiene.
Where are suspicious email messages placed by default? To answer, drag the appropriate location to the correct message types. Each location may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:

Explanation

 

NEW QUESTION 142
You have a Microsoft 365 E5 subscription.
Users and device objects are added and removed daily. Users in the sales department frequently change their device.
You need to create three following groups:

The solution must minimize administrative effort.
What is the minimum number of groups you should create for each type of membership? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/users-groups-roles/groups-dyn

 

NEW QUESTION 143
You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 144
You have the Microsoft conditions shown in the following table.

You have the Azure Information Protection labels shown in the following table.

You have the Azure Information Protection policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

 

NEW QUESTION 145
You install Azure ATP sensors on domain controllers.
You add a member to the Domain Admins group. You view the timeline in Azure ATP and discover that information regarding the membership change is missing.
You need to meet the security requirements for Azure ATP reporting.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-advanced-audit-policy

 

NEW QUESTION 146
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You register devices in contoso.com as shown in the following table.

You create app protection policies in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy

 

NEW QUESTION 147
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to create a case that prevents the members of a group named Operations from deleting email messages that contain the word IPO.
To complete this task, sign in to the Microsoft Office 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. Navigate to the Security & Compliance Center.
2. In the Security & Compliance Center, click eDiscovery > eDiscovery, and then click Create a case.
3. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.

The new case is displayed in the list of cases on the eDiscovery page.
After you create a case, the next step is to add members to the case. The eDiscovery Manager who created the case is automatically added as a member. Members have to be assigned the appropriate eDiscovery permissions so they can access the case after you add them.
4. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
5. Click the name of the case that you want to add members to.
The Manage this case flyout page is displayed.

6. Under Manage members, click Add to add members to the case.You can also choose to add a role group to the case. Under Manage role groups, click Add.
7. In the list of people or role groups that can be added as members of the case, click the check box next to the names of the people or role groups that you want to add.
8. After you select the people or role groups to add as members of the group, click Add.In Manage this case, click Save to save the new list of case members.
9. Click Save to save the new list of case members.
You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for an Office 365 Group. Similarly, you can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
To create a hold for an eDiscovery case:
1. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
2. Click Open next to the case that you want to create the holds in.
3. On the Home page for the case, click the Hold tab.

4. On the Hold page, click Create.
5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.

6. (Optional) In the Description box, add a description of the hold.
7. Click Next.
8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.

a. Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams again.
to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.

a. In the box under Keywords, type a search query in the box so that only the content that meets the search criteria is placed on hold. You can specify keywords, message properties, or document properties, such as file names. You can also use more complex queries that use a Boolean operator, such as AND, OR, or NOT. If you leave the keyword box empty, then all content located in the specified content locations will be placed on hold.
b. Click Add conditions to add one or more conditions to narrow the search query for the hold. Each condition adds a clause to the KQL search query that is created and run when you create the hold. For example, you can specify a date range so that email or site documents that were created within the date ranged are placed on hold. A condition is logically connected to the keyword query (specified in the keyword box) by the AND operator. That means that items have to satisfy both the keyword query and the condition to be placed on hold.
9. After configuring a query-based hold, click Next.
10. Review your settings, and then click Create this hold.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide

 

NEW QUESTION 148
You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the SharePoint admin center, modify the Site Settings.
  • B. From the SharePoint admin center, modify the records management settings.
  • C. From the Cloud App Security admin center, create a file policy.
  • D. From the Compliance admin center, create a label.
  • E. From the Compliance admin center, publish a label.

Answer: D,E

Explanation:
Explanation
Explanation/Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/protect-sharepoint-online-files-with-office-365- labels-and-dlp

 

NEW QUESTION 149
You have a Microsoft 365 subscription that contains the users shown in the following table.

You create and enforce an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy that has the following settings:
* Assignments: Include Group1, Exclude Group2
* Conditions: User risk level of Medium and above
* Access: Allow access, Require password change
The users attempt to sign in. The risk level for each user is shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Yes.
User1 is in Group1 which the policy applies to.
Box 2: No
User2 is in Group2 which is excluded from the policy.
Box 3: No
User3 is in Group1 which is included in the policy and Group2 which is excluded from the policy. In this case, the exclusion wins so the policy does not apply to User3.

 

NEW QUESTION 150
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
Microsoft Azure Active Directory (Azure AD) contains the users shown in the following table.

Microsoft Intune has two devices enrolled as shown in the following table:

Both devices have three apps named App1, App2, and App3 installed.
You create an app protection policy named ProtectionPolicy1 that has the following settings:
* Protected apps: App1
* Exempt apps: App2
* Windows Information Protection mode: Block
You apply ProtectionPolicy1 to Group1 and Group3. You exclude Group2 from ProtectionPolicy1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 151
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that a user named Lee Gu can manage all the settings for Exchange Online. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Office 365 admin center.

Answer:

Explanation:
See explanation below.
* In the Exchange Administration Center (EAC), navigate to Permissions > Admin Roles.
* Select the group: Organization Management and then click on Edit.
* In the Members section, click on Add.
* Select the users, USGs, or other role groups you want to add to the role group, click on Add, and then click on OK.
* Click on Save to save the changes to the role group.
Reference:
https://help.bittitan.com/hc/en-us/articles/115008104507-How-do-I-assign-the-elevated-admin-role-Organization
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo

 

NEW QUESTION 152
You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?

  • A. Modify the retention period of the default audit retention policy.
  • B. Assign Microsoft 365 Enterprise E5 licenses to all users.
  • C. Create a custom audit retention policy.
  • D. Modify the record type of the default audit retention policy.

Answer: B

Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide

 

NEW QUESTION 153
Several users in your Microsoft 365 subscription report that they received an email message without the attachment. You need to review the attachments that were removed from the messages. Which two tools can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. the Security & Compliance admin center
  • B. Microsoft Azure Security Center
  • C. the Azure ATP admin center
  • D. Outlook on the web
  • E. the Exchange admin center

Answer: A,E

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/manage-quarantined-messages-and-files

 

NEW QUESTION 154
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User1.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

 

NEW QUESTION 155
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308









You need to protect against phishing attacks. The solution must meet the following requirements:
* Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
* As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.
2. Select Default Policy to refine it.
3. In the Impersonation section, select Edit.
4. Go to Add domains to protect and select the toggle to automatically include the domains you own.
5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the Quarantine message action.
Open the drop-down If email is sent by an impersonated domain and choose the Quarantine message action.
6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select
7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.
8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.
9. Choose Review your settings, make sure everything is correct, select , then Close.
Reference:
https://support.office.com/en-us/article/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=

 

NEW QUESTION 156
You have a Microsoft 365 E5 subscription.
All computers run Windows 10 and are onboarded to Windows Defender Advanced Threat Protection (Windows Defender ATP).
You create a Windows Defender machine group named MachineGroupl.
You need to enable delegation for the security settings of the computers in MachineGroupl.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

 

NEW QUESTION 157
You need to resolve the issue that targets the automated email messages to the IT team.
Which tool should you run first?

  • A. Azure AD Connect wizard
  • B. IdFix
  • C. Synchronization Service Manager
  • D. Synchronization Rules Editor

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization Overview Litware, Inc. is a financial company that has 1,000 users in its main office in Chicago and 100 users in a branch office in San Francisco.
Topic 1, Fabrikam inc.
Existing Environment
Network Infrastructure
The network contains an Active Directory forest named fabrikam.com. Fabrikam has a hybrid Microsoft Azure Active Directory (Azure AD) environment.
The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription.
Problem Statements
Fabrikam identifies the following issues:
Since last Friday, the IT team has been receiving automated email messages that contain "Unhealthy Identity Synchronization Notification" in the subject line.
Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming.
Requirements
Planned Changes
Fabrikam plans to implement the following changes:
Fabrikam plans to monitor and investigate suspicious sign-ins to Active Directory Fabrikam plans to provide partners with access to some of the data stored in Microsoft 365 Application Administration Fabrikam identifies the following application requirements for managing workload applications:
User administrators will work from different countries
User administrators will use the Azure Active Directory admin center
Two new administrators named Admin1 and Admin2 will be responsible for managing Microsoft Exchange Online only Security Requirements Fabrikam identifies the following security requirements:
Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location The location of the user administrators must be audited when the administrators authenticate to Azure AD Email messages that include attachments containing malware must be delivered without the attachment The principle of least privilege must be used whenever possible

 

NEW QUESTION 158
You have a Microsoft 365 subscription.
You create a retention label named Label1 as shown in the following exhibit.

You publish Label1 to SharePoint sites.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels

 

NEW QUESTION 159
You need to recommend a solution that meets the technical and security requirements for sharing data with the partners.
What should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Assign the Global administrator role to User1
  • B. Assign the Guest inviter role to User1
  • C. Modify the External collaboration settings in the Azure Active Directory admin center
  • D. Create an access review

Answer: B,C

Explanation:
Explanation/Reference:
Implement and manage information protection
Question Set 2

 

NEW QUESTION 160
You need torecommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 161
......

Microsoft 365 Security Administration Free Update Certification Sample Questions: https://www.prepawayexam.com/Microsoft/braindumps.MS-500.ete.file.html

Trend for Microsoft MS-500 pdf dumps before actual exam: https://drive.google.com/open?id=1gNEOJTjDck_Mw7Lkp5eNDKXC-lhqMsLA

Related Articles

more
Microsoft MS-500 Certification Practice Exam