Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 191:

  You have a Microsoft 365 subscription.

  You need to ensure that users can manually designate which content will be subject to data loss prevention (DLP) policies.

  What should you create first?

  A. A retention label in Microsoft Office 365

  B. A custom sensitive information type

  C. A Data Subject Request (DSR)

  D. A safe attachments policy in Microsoft Office 365

  Correct Answer: A

  A retention label in Microsoft Office 365

  Using a retention label as a condition in a DLP policy

  Using a retention label in a policy is only supported for items in SharePoint Online and OneDrive for Business.

  Support for sensitivity labels is coming

  You can currently use only a retention label as a condition, not a sensitivity label. We're currently working on support for using a sensitivity label in this condition.

  Types of sensitive information

  A DLP policy can help protect sensitive information, which is defined as a sensitive information type. Microsoft 365 includes definitions for many common sensitive information types across many different regions that are ready for you to use,

  such as a credit card number, bank account numbers, national ID numbers, and passport numbers.

  Source: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide

• Question 192:

  You have a Microsoft 365 subscription.

  You create a retention policy and apply the policy to Exchange Online mailboxes.

  You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible.

  What should you do?

  A. From Exchange Online PowerShell, run Start-RetentionAutoTagLearning

  B. From Exchange Online PowerShell, run Start-ManagedFolderAssistant

  C. From the Security and Compliance admin center, create a data loss prevention (DLP) policy

  D. From the Security and Compliance admin center, create a label policy

  Correct Answer: B

  There is a delay before retention policy applies.

  Start-ManagedFolderAssistant [email protected] will speed up the process.

  References:

  https://docs.microsoft.com/en-us/office365/securitycompliance/labels

• Question 193:

  You have a Microsoft 365 subscription.

  You create and run a content search from the Security and Compliance admin center.

  You need to download the results of the content search.

  What should you obtain first?

  A. an export key

  B. a password

  C. a certificate

  D. a pin

  Correct Answer: A

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results

• Question 194:

  You have a Microsoft 365 subscription.

  All users are assigned a Microsoft 365 E5 license.

  How long will auditing data be retained?

  A. 30 days

  B. 90 days

  C. 365 days

  D. 5 years

  Correct Answer: C

  For users assigned an Office 365 E5 or Microsoft 365 E5 license (or users with a Microsoft 365 E5 Compliance or Microsoft 365 E5 eDiscovery and Audit add-on license), audit records for Azure Active Directory, Exchange, and SharePoint activity are retained for one year by default. Organizations can also create audit log retention policies to retain audit records for activities in other services for up to one year. For users assigned any other (non-E5) Office 365 or Microsoft 365 license, audit records are retained for 90 days. For a list of Office 365 and Microsoft 365 subscriptions that support unified audit logging Source: https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide

• Question 195:

  You have a Microsoft 365 subscription.

  A security manager receives an email message every time a data loss prevention (DLP) policy match occurs.

  You need to limit alert notifications to actionable DLP events.

  What should you do?

  A. From the Security and Compliance admin center, modify the Policy Tips of a DLP policy.

  B. From the Cloud App Security admin center, apply a filter to the alerts.

  C. From the Security and Compliance admin center, modify the User overrides settings of a DLP policy.

  D. From the Security and Compliance admin center, modify the matched activities threshold of an alert policy.

  Correct Answer: D

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

• Question 196:

  You have a Microsoft 365 subscription.

  You have a Microsoft SharePoint Online site named Site1. The files in Site1 are protected by using Microsoft Azure Information Protection.

  From the Security and Compliance admin center, you create a label that designates personal data.

  You need to auto-apply the new label to all the content in Site1.

  What should you do first?

  A. From PowerShell, run Set-ManagedContentSettings.

  B. From PowerShell, run Set-ComplianceTag.

  C. From the Security and Compliance admin center, create a Data Subject Request (DSR).

  D. Remove Azure Information Protection from the Site1 files.

  Correct Answer: D

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/apply-labels-to-personal-data-in-office-365

• Question 197:

  You have a Microsoft 365 subscription.

  You need to be notified by email whenever an administrator starts an eDiscovery search.

  What should you do from the Microsoft 365 Compliance center?

  A. From Search and investigation, create a guided search.

  B. From Events, create an event.

  C. From Alerts, create an alert policy.

  D. From Search and investigation, create an eDiscovery case.

  Correct Answer: C

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

• Question 198:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution,

  while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You have a user named User1. Several users have full access to the mailbox of User1.

  Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

  When you search the audit log in Security and Compliance to identify who signed in to the mailbox of User1, the results are blank.

  You need to ensure that you can view future sign-ins to the mailbox of User1.

  You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true

  -AdminAuditLogCmdlets *Mailbox* command.

  Does that meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  References: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/set-adminauditlogconfig?view=exchange-ps

• Question 199:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution,

  while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You have a user named User1. Several users have full access to the mailbox of User1.

  Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

  When you search the audit log in Security and Compliance to identify who signed in to the mailbox of User1, the results are blank.

  You need to ensure that you can view future sign-ins to the mailbox of User1.

  You run the Set-AuditConfig -Workload Exchange command.

  Does that meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  References: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/set-auditconfig?view=exchange-ps

• Question 200:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution,

  while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 subscription.

  You have a user named User1. Several users have full access to the mailbox of User1.

  Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

  When you search the audit log in Security and Compliance to identify who signed in to the mailbox of User1, the results are blank.

  You need to ensure that you can view future sign-ins to the mailbox of User1.

  You run the Set-Maibox -Identity "User1" -AuditEnabled $true command.

  Does that meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  To enable audit logging: Set-Mailbox -Identity -AuditEnabled $true). After you do this, you can use audit log searches in the Microsoft Purview compliance portal or via the Office 365 Management Activity API.

  References: https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps