Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 171:

  You have a Microsoft 365 subscription for a company named Contoso, Ltd. All data is in Microsoft 365.

  Contoso works with a partner company named Litware, Inc. Litware has a Microsoft 365 subscription.

  You need to allow users at Contoso to share files from Microsoft OneDrive to specific users at Litware.

  Which two actions should you perform from the OneDrive admin center? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Increase the permission level for OneDrive External sharing

  B. Modify the Links settings

  C. Change the permissions for OneDrive External sharing to the least permissive level

  D. Decrease the permission level for OneDrive External sharing

  E. Modify the Device access settings

  F. Modify the Sync settings

  Correct Answer: BD

  References: https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off

• Question 172:

  Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.

  A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.

  You need to ensure that the external recipients can open protected email messages sent to them.

  Solution: You modify the content expiration settings of the label.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 173:

  Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.

  A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.

  You need to ensure that the external recipients can open protected email messages sent to them.

  Solution: You modify the encryption settings of the label.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  https://techcommunity.microsoft.com/t5/security-compliance-and-identity/secure-external-collaboration-using-sensitivity-labels/ba-p/1680498 for the entie method of sending sensitivity labelled doc to ext domain.

• Question 174:

  Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection.

  You add CompanyConfidential to a global policy.

  A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.

  You need to ensure that the external recipients can open protected email messages sent to them.

  Solution: You create a new label in the global policy and instruct the user to resend the email message.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

• Question 175:

  You have a Microsoft 365 subscription that includes a user named User1.

  You have a conditional access policy that applies to Microsoft Exchange Online. The conditional access policy is configured to use Conditional Access App Control.

  You need to create a Microsoft Cloud App Security policy that blocks User1 from printing from Exchange Online.

  Which type of Cloud App Security policy should you create?

  A. an app permission policy

  B. an activity policy

  C. a Cloud Discovery anomaly detection policy

  D. a session policy

  Correct Answer: D

  Enforce read-only mode for external users in real time

  Prevent company data from being exfiltrated by external users, by blocking print and copy/paste activities in real-time, utilizing Cloud App Security's session controls.

  References:

  https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad

• Question 176:

  You have a Microsoft 365 subscription.

  You need to create data loss prevention (DLP) queries in Microsoft SharePoint Online to find sensitive data stored in sites.

  Which type of site collection should you create first?

  A. Records Center

  B. eDiscovery Center

  C. Enterprise Search Center

  D. Document Center

  Correct Answer: B

  Reference: https://support.office.com/en-us/article/overview-of-data-loss-prevention-in-sharepoint-server-2016-80f907bb-b944-448d-b83d-8fec4abcc24c

• Question 177:

  You create a data loss prevention (DLP) policy as shown in the following exhibit:

  

  What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?

  A. The user receives a notification and can send the email message

  B. The user receives a notification and cannot send the email message

  C. The email message is sent without a notification

  D. The email message is blocked silently

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

• Question 178:

  You have a Microsoft 365 subscription.

  Some users access Microsoft SharePoint Online from unmanaged devices.

  You create a conditional access policy in Azure Active Directory.

  You need to prevent the users from downloading, printing, and syncing files.

  What should you do?

  A. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection user risk policy.

  B. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy.

  C. From the SharePoint admin center, configure the Access control settings.

  D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy.

  Correct Answer: C

  As a SharePoint or global admin in Microsoft 365, you can use the Access control page of the SharePoint admin center or the Set-SPOTenant

  ConditionalAccessPolicy cmdlet to block or limit access to SharePoint and OneDrive content from unmanaged devices.

  Note:

  There are several versions of this question in the exam. The question has two possible correct answers:

  1.

  Run the Set-SPOTenant cmdlet and specify the -ConditionalAccessPolicy parameter.

  2.

  From the SharePoint admin center, configure the Access control settings. Other incorrect answer options you may see on the exam include the following:

  1.

  From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection user risk policy.

  2.

  From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy

  Reference: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

• Question 179:

  You have a Microsoft 365 subscription.

  Some users access Microsoft SharePoint Online from unmanaged devices.

  You need to prevent the users from downloading, printing, and syncing files.

  What should you do?

  A. Run the Set-SPODataConnectionSetting cmdlet and specify the AssignmentCollection parameter

  B. From the SharePoint admin center, configure the Access control settings

  C. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy

  D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy

  Correct Answer: D

  References: https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

• Question 180:

  You have a Microsoft 365 subscription.

  The Global administrator role is assigned to your user account. You have a user named Admin1.

  You create an eDiscovery case named Case1.

  You need to ensure that Admin1 can view the results of Case1.

  What should you do first?

  A. From the Azure Active Directory admin center, assign a role group to Admin1.

  B. From the Microsoft 365 admin center, assign a role to Admin1.

  C. From Security and Compliance admin center, assign a role group to Admin1.

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/assign-ediscovery-permissions