Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 151:

  You have a Microsoft 365 subscription.

  You create a supervision policy named Policy1, and you designate a user named User1 as the reviewer.

  What should User1 use to view supervised communications?

  A. a team in Microsoft Teams

  B. the Security and Compliance admin center / the Microsoft 365 Compliance center

  C. Outlook on the web

  D. the Exchange admin center

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/supervision-policies?view=o365-worldwide

• Question 152:

  You have a Microsoft 365 E5 subscription.

  Some users are required to use an authenticator app to access Microsoft SharePoint Online.

  You need to view which users have used an authenticator app to access SharePoint Online.

  The solution must minimize costs.

  What should you do?

  A. From the Azure Active Directory admin center, view the sign-ins.

  B. From the Security and Compliance admin center, download a report.

  C. From the Azure Active Directory admin center, view the authentication methods.

  D. From the Azure Active Directory admin center, view the audit logs.

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

• Question 153:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription that contains 1,000 user mailboxes.

  An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.

  You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending email messages as User5.

  Solution: You assign the eDiscovery Manager role to Admin1, and then create a eDiscovery case.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  References: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019

• Question 154:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription that contains 1,000 user mailboxes.

  An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.

  You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending email messages as User5.

  Solution: You start a message trace, and then create a Data Subject Request (DSR) case.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  References: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019

• Question 155:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription that contains 1,000 user mailboxes.

  An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.

  You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending email messages as User5.

  Solution: You modify the permissions of the mailbox of User5, and then create an eDiscovery case.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  References: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019

• Question 156:

  You have a hybrid Microsoft Exchange Server organization. All users have Microsoft 365 E5 licenses.

  You plan to implement an Advanced Threat Protection (ATP) anti-phishing policy.

  You need to enable mailbox intelligence for all users.

  What should you do first?

  A. Configure attribute filtering in Microsoft Azure Active Directory Connect (Azure AD Connect)

  B. Purchase the ATP add-on

  C. Select Directory extension attribute sync in Microsoft Azure Active Directory Connect (Azure AD Connect)

  D. Migrate the on-premises mailboxes to Exchange Online

  Correct Answer: D

  Policies to configure anti-phishing protection settings are available in Microsoft 365 organizations with Exchange Online mailboxes, standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, and Microsoft Defender for Office 365 organizatio

  https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide

• Question 157:

  You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Intune.

  You need to enable Windows Defender Exploit Guard (Windows Defender EG) on the devices.

  Which type of device configuration profile should you use?

  A. Endpoint protection

  B. Device restrictions

  C. Identity protection

  D. Windows Defender ATP

  Correct Answer: A

  References: https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10

• Question 158:

  Several users in your Microsoft 365 subscription report that they received an email message without attachment.

  You need to review the attachments that were removed from the messages.

  Which two tools can you use? Each correct answer presents a complete solution.

  NOTE: Each correct selection is worth one point.

  A. the Exchange admin center

  B. the Azure ATP admin center

  C. Outlook on the web

  D. the Security and Compliance admin center

  E. Microsoft Azure Security Center

  Correct Answer: AD

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/manage-quarantined-messages-and-files

• Question 159:

  Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.

  The security logs of the servers are collected by using a third-party SIEM solution.

  You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.

  You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.

  What should you do?

  A. Configure Event Forwarding on the domain controllers

  B. Configure auditing in the Office 365 Security and Compliance center.

  C. Turn on Delayed updates for the Azure ATP sensors.

  D. Enable the Audit account management Group Policy setting for the servers.

  Correct Answer: A

  There are several versions of this question in the exam. The questions in the exam have two different correct answers:

  1.

  Integrate SIEM and Microsoft Defender for Identity

  2.

  Configure Event Forwarding on the domain controllers

  Other incorrect answer options you may see on the exam include the following:

  1.

  Configure Microsoft Defender for Identity notifications

  2.

  Modify the Domain synchronizer candidate settings on the Microsoft Defender for Identity sensors

  3.

  Configure auditing in the Microsoft 365 Defender portal

  Reference: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-forwarding

• Question 160:

  You have a Microsoft 365 subscription that uses a default domain name of fabrikam.com. You create a safe links policy, as shown in the following exhibit.

  

  Which URL can a user safely access from Microsoft Word Online?

  A. fabrikam.phishing.fabrikam.com

  B. malware.fabrikam.com

  C. fabrikam.contoso.com

  D. www.malware.fabrikam.com

  Correct Answer: D

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-a-custom-blocked-urls-list-wtih-atp