1. Home
  2. Microsoft
  3. MS-500

Microsoft 365 Security Administration

Exam Details

  • Exam Code
    :MS-500
  • Exam Name
    :Microsoft 365 Security Administration
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :367 Q&As
  • Last Updated
    :Sep 11, 2023

Microsoft Microsoft Certifications MS-500 Questions & Answers

  • Question 111:

    You have a hybrid Microsoft 365 deployment that contains the Windows 10 devices shown in the following table.

    You assign a Microsoft Endpoint Manager disk encryption policy that automatically and silently enables BitLocker Drive Encryption (BitLocker) on all the devices. Which devices will have BitLocker enabled?

    A. Device1, Device2, and Device3

    B. Device2 only

    C. Device1 and Device2 only

    D. Device2 and Device3 only

  • Question 112:

    You have a Microsoft 365 subscription that contains the users shown in the following table.

    You enable self-service password reset for Group1 and configure security questions as the only authentication method for self-service password reset.

    You need to identity which user must answer security questions to reset their password.

    Which user should you identify?

    A. User1

    B. User2

    C. User3

    D. User4

  • Question 113:

    You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

    You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.

    Solution: You enable SSPR for Group1.

    Does that meet the goal?

    A. Yes

    B. No

  • Question 114:

    You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

    You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.

    Solution: You enable SSPR for Group2.

    Does that meet the goal?

    A. Yes

    B. No

  • Question 115:

    You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

    You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.

    Solution: You enable SSPR for Group3.

    Does that meet the goal?

    A. Yes

    B. No

  • Question 116:

    You have a Microsoft 365 E5 subscription.

    You plan to create a conditional access policy named Policy1.

    You need to be able to use the sign-in risk level condition in Policy1.

    What should you do first?

    A. Connect Microsoft Endpoint Manager and Microsoft Defender for Endpoint.

    B. From the Azure Active Directory admin center, configure the Diagnostics settings.

    C. From the Endpoint Management admin center, create a device compliance policy.

    D. Onboard Azure Active Directory (Azure AD) Identity Protection.

  • Question 117:

    You have a Microsoft 365 tenant.

    From the Azure Active Directory admin center, you review the Risky sign-ins report as shown in the following exhibit.

    You need to ensure that you can see additional details including the risk level and the risk detection type. What should you do?

    A. Purchase Microsoft 365 Enterprise E5 licenses.

    B. Activate an instance of Microsoft Defender for Identity.

    C. Configure Diagnostic settings in Azure Active Directory (Azure AD).

    D. Deploy Azure Sentinel and add a Microsoft Office 365 connector.

  • Question 118:

    You have a Microsoft 365 E3 subscription.

    You plan to audit all Microsoft Exchange Online user and admin activities.

    You need to ensure that all the Exchange audit log records are retained for one year.

    What should you do?

    A. Modify the retention period of the default audit retention policy.

    B. Create a custom audit retention policy.

    C. Assign Microsoft 365 Enterprise E5 licenses to all users.

    D. Modify the record type of the default audit retention policy.

  • Question 119:

    You have a Microsoft 365 tenant.

    You have a database that stores customer details. Each customer has a unique 13-digit identifier that consists of a fixed pattern of numbers and letters. You need to implement a data loss prevention (DLP) solution that meets the following requirements:

    1.

    Email messages that contain a single customer identifier can be sent outside your company.

    2.

    Email messages that contain two or more customer identifiers must be approved by the company's data privacy team. Which two components should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

    A. a sensitive information type

    B. a sensitivity label

    C. a retention label

    D. a DLP policy

    E. a mail flow rule

  • Question 120:

    You have several Conditional Access policies that block noncompliant devices from connecting to services.

    You need to identity which devices are blocked by which policies.

    What should you use?

    A. the Setting compliance report in the Microsoft Endpoint Manager admin center

    B. Sign-ins in the Azure Active Directory admin center

    C. Activity log in the Cloud App Security admin center

    D. Audit logs in the Azure Active Directory admin center

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your MS-500 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.