Microsoft MS-500 Exam Questions Instant Access

Question 1

You need to enable and configure Microsoft Defender for Endpoint to meet the security requirements. What should you do?

AConfigure port mirroring

BCreate the ForceDefenderPassiveMode registry setting

CDownload and install the Microsoft Monitoring Agent

DRun WindowsDefenderATPOnboardingScripc.cmd

Answer : C

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, and New York.

The company has the offices shown in the following table.

Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365.

Question 2

You have a Microsoft 365 subscription.

You need to ensure that users can manually designate which content will be subject to data loss prevention (DLP) policies.

What should you create first?

AA retention label in Microsoft Office 365

BA custom sensitive information type

CA Data Subject Request (DSR)

DA safe attachments policy in Microsoft Office 365

Answer : A

https://docs.microsoft.com/en-us/office365/securitycompliance/manage-gdpr-data-subject-requests-with-thedsr-case-tool#more-information-about-using-the-dsr-case-tool

Question 3

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.

The security logs of the servers are collected by using a third-party SIEM solution.

You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.

What should you do?

AConfigure Event Forwarding on the domain controllers

BConfigure auditing in the Office 365 Security & Compliance center.

CTurn on Delayed updates for the Azure ATP sensors.

DEnable the Audit account management Group Policy setting for the servers.

Answer : A

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-forwarding

Question 4

You have a Microsoft 365 Enterprise E5 subscription.

You use Windows Defender Advanced Threat Protection (Windows Defender ATP).

You need to integrate Microsoft Office 365 Threat Intelligence and Windows Defender ATP.

Where should you configure the integration?

AFrom the Microsoft 365 admin center, select Settings, and then select Services & add-ins.

BFrom the Security & Compliance admin center, select Threat management, and then select Explorer.

CFrom the Microsoft 365 admin center, select Reports, and then select Security & Compliance.

DFrom the Security & Compliance admin center, select Threat management and then select Threat
tracker.

Answer : B

https://docs.microsoft.com/en-us/office365/securitycompliance/integrate-office-365-ti-with-wdatp

Question 5

Your network contains an on-premises Active Directory domain. The domain contains servers that run

Windows Server and have advanced auditing enabled.

The security logs of the servers are collected by using a third-party SIEM solution.

You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.

What should you do?

AConfigure auditing in the Office 365 Security & Compliance center.

BTurn off Delayed updates for the Azure ATP sensors.

CModify the Domain synchronizer candidate's settings on the Azure ATP sensors.

DIntegrate SIEM and Azure ATP.

Answer : C

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5

Question 6

Which IP address space should you include in the MFA configuration?

A131.107.83.0/28

B192.168.16.0/20

C172.16.0.0/24

D192.168.0.0/20

Answer : B

Question 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You have a user named User1. Several users have full access to the mailbox of User1.

Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.

You run the Set-MailboxFolderPermission --Identity "User1" -User User1@contoso.com --AccessRights Owner command.

Does that meet the goal?

AYes

BNo

Answer : B

https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps

Microsoft 365 Security Administration MS-500 Exam Questions