Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 131:

  You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.

  You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks:

  Create and run playbooks.

  Manage incidents.

  The solution must use the principle of least privilege.

  Which two roles should you assign? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Automation Operator

  B. Azure Sentinel responder

  C. Automation Runbook Operator

  D. Azure Sentinel contributor

  E. Logic App contributor

  Correct Answer: DE

  Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles

• Question 132:

  You have a Microsoft 365 subscription and a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) subscription. You have devices enrolled in Microsoft Endpoint Manager as shown in the following table:

  

  You integrate Microsoft Defender ATP and Endpoint Manager. You plan to evaluate the Microsoft Defender ATP risk level for the devices. You need to identify which devices can be evaluated. Which devices should you identify?

  A. Device1 and Device2 only

  B. Device1 only

  C. Device1 and Device3 only

  D. Device2 and Device3 only

  Correct Answer: B

  Microsoft Defender ATP supports Windows 10, Windows Server, macOSX, and Linux

  Reference:

  https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/ minimumrequirements

• Question 133:

  You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.

  All users in contoso.com use the Microsoft SharePoint Newsfeed.

  You need to ensure that all the users use the Yammer.com service.

  What should you do?

  A. From the Yammer admin center, modify the Usage Policy settings

  B. From the SharePoint admin center, modify the Enterprise Social Collaboration settings

  C. From the SharePoint admin center, modify the Connected Services settings

  D. From the Yammer admin center, modify the Configuration settings

  Correct Answer: B

  Office 365 includes two options for enterprise social features in SharePoint: Yammer and Newsfeed. The SharePoint administrator selects which option users see when they click Conversations in SharePoint. By default, users see Newsfeed.

  You can turn Yammer off or on for conversations in SharePoint by using the SharePoint Online admin center. You must be a global administrator to make this change.

  Reference:

  https://docs.microsoft.com/en-us/yammer/integrate-yammer-with-other-apps/yammer-and- newsfeed

• Question 134:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You have a user named User1. Several users have full access to the mailbox of User1.

  Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

  When you search the audit log in Security and Compliance to identify who signed in to the mailbox of User1, the results are blank.

  You need to ensure that you can view future sign-ins to the mailbox of User1.

  You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true

  -AdminAuditLogCmdlets *Mailbox*command.

  Does that meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/set-adminauditlogconfig?view=exchange-ps

• Question 135:

  You have a Microsoft 365 subscription that contains a user named User1.

  You plan to use Compliance Manager.

  You need to ensure that User1 can assign Compliance Manager roles to users. The solution must use the principle of least privilege.

  Which role should you assign to User1?

  A. Compliance Manager Assessor

  B. Global Administrator

  C. Portal Admin

  D. Compliance Manager Administrator

  Correct Answer: B

  The Global Admin can manage role assignments in Compliance Manager. Incorrect Answers:

  C: Portal Admin is for the now deprecated classic portal.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/working-with-compliance-manager?view=o365-worldwide

• Question 136:

  You have a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant that contains a user named User1.

  You have a Data Subject Request (DSR) case named Case1.

  You need to allow User1 to export the results of Case1. The solution must use the principle of least privilege.

  Which role should you assign to User1 for Case1?

  A. eDiscovery Manager

  B. Security Operator

  C. eDiscovery Administrator

  D. Global Reader

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-gdpr-data-subject-requests-with-the-dsr-case-tool?view=o365-worldwide#step-1-assign-ediscovery-permissions-to-potential-case-members

• Question 137:

  You have a Microsoft 365 subscription.

  You have a Data Subject Request (DSR) case named Case1.

  You need to ensure that Case1 includes all the email posted by the data subject to the Microsoft Exchange Online public folders.

  Which additional property should you include in the Content Search query?

  A. kind:externaldata

  B. itemclass:ipm.externaldata

  C. itemclass:ipm.post

  D. kind:email

  Correct Answer: C

  To ensure that the Data Subject Request (DSR) case named Case1 includes all the email posted by the data subject to the Microsoft Exchange Online public folders, you should include the property "itemclass:ipm.post" in the Content Search

  query. The "itemclass:ipm.post" property will search for items of the "Post" message class, which are used for messages posted to public folders.

  Option A, "kind:externaldata," is not relevant to searching for email messages posted to public folders.

  Option B, "itemclass:ipm.externaldata," is not relevant to searching for email messages posted to public folders. The "ipm.externaldata" message class is used for messages that contain links to external data sources.

  Option D, "kind:email," would not be sufficient to search for email messages posted to public folders. This property would only search for email messages in the mailbox of the data subject, not in public folders.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-gdpr-data-subject-requests-with-the-dsr-case-tool?view=o365-worldwide

• Question 138:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription that contains 1,000 user mailboxes.

  An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.

  You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending email messages as User5.

  Solution: You modify the privacy profile, and then create a Data Subject Request (DSR) case.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 139:

  You have an Azure Sentinel workspace.

  You need to manage incidents based on alerts generated by Microsoft Cloud App Security.

  What should you do first?

  A. From the Microsoft Defender for Cloud Apps portal, configure security extensions.

  B. From the Microsoft Defender for Cloud Apps portal, configure app connectors.

  C. From the Microsoft Defender for Cloud Apps portal, configure log collectors.

  D. From the Microsoft 365 Compliance admin center, add and configure a data connector.

  Correct Answer: A

  Integrating with Microsoft Sentinel:

  In the Defender for Cloud Apps portal, under the Settings cog, select Security extensions.

  https://learn.microsoft.com/en-us/defender-cloud-apps/siem-sentinel

• Question 140:

  You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector. You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks:

  1.

  Create and run playbooks.

  2.

  Manage incidents.

  The solution must use the principle of least privilege.

  Which two roles should you assign? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Automation Operator

  B. Azure Sentinel responder

  C. Automation Runbook Operator

  D. Azure Sentinel contributor

  E. Logic App contributor

  Correct Answer: DE

  https://docs.microsoft.com/en-us/azure/sentinel/roles

  Refer to the table

  Microsoft Sentinel Contributor + Logic App Contributor

  Create and run playbooks

  Manage incidents (dismiss, assign, etc.)

  Microsoft Sentinel roles and allowed actions

  The following table summarizes the Microsoft Sentinel roles and their allowed actions in Microsoft Sentinel.