Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 251:

  SIMULATION

  You need to configure your organization to automatically quarantine all phishing email messages. To complete this task, sign in to the Microsoft 365 portal.

  Correct Answer: See explanation below.

  You need to edit the Anti-Phishing policy.

  1.

  Go to the Office 365 Security and Compliance admin center.

  2.

  Navigate to Threat Management > Policy > ATP Anti-Phishing.

  3.

  Click on Default Policy.

  4.

  In the Impersonation section, click Edit.

  5.

  Go to the Actions section.

  6.

  In the If email is sent by an impersonated user: box, select Quarantine the message from the drop-down list.

  7.

  In the If email is sent by an impersonated domain: box, select Quarantine the message from the drop-down list.

  8.

  Click Save to save the changes.

  9.

  Click Close to close the anti-phishing policy window.

• Question 252:

  SIMULATION

  You need to implement a solution to manage when users select links in documents or email messages from Microsoft Office 365 ProPlus applications or Android devices. The solution must meet the following requirements:

  1.

  Block access to a domain named fabrikam.com

  2.

  Store information when the users select links to fabrikam.com

  To complete this task, sign in to the Microsoft 365 portal.

  Correct Answer: See explanation below.

  You need to configure a Safe Links policy.

  1.

  Go to the Office 365 Security and Compliance admin center.

  2.

  Navigate to Threat Management > Policy > Safe Links.

  3.

  In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.

  4.

  In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.

  5.

  In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.

  6.

  Click Save to save the changes.

  Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-linkspolicies?view=o365-worldwide

• Question 253:

  SIMULATION

  You need to ensure that a user named Grady Archie can monitor the service health of your Microsoft 365 tenant. The solution must use the principle of least privilege. To complete this task, sign in to the Microsoft 365 portal.

  Correct Answer: See explanation below.

  You need to assign the Service Administrator role to Grady Archie.

  1.

  In the Microsoft 365 Admin Center, type Grady Archie into the Search for users, groups, settings or tasks search box.

  2.

  Select the Grady Archie user account from the search results.

  3.

  In the Roles section of the user account properties, click the Edit link.

  4.

  Select the Customized Administrator option. This will display a list of admin roles.

  5.

  Select the Service admin role.

  6.

  Click Save to save the changes.

  Reference: https://docs.microsoft.com/en-us/office365/enterprise/view-service-health

• Question 254:

  SIMULATION

  You need to ensure that all users must change their password every 100 days.

  To complete this task, sign in to the Microsoft 365 portal.

  Correct Answer: See explanation below.

  You need to configure the Password Expiration Policy.

  1.

  Sign in to the Microsoft 365 Admin Center.

  2.

  In the left navigation pane, expand the Settings section then select the Settings option.

  3.

  Click on Security and Privacy.

  4.

  Select the Password Expiration Policy.

  5.

  Ensure that the checkbox labelled Set user passwords to expire after a number of days is ticked.

  6.

  Enter 100 in the Days before passwords expire field.

  7.

  Click Save changes to save the changes.

• Question 255:

  SIMULATION

  You need to ensure that unmanaged mobile devices are quarantined when the devices attempt to connect to Exchange Online. To complete this task, sign in to the Microsoft 365 portal.

  Correct Answer: See explanation below.

  You need to configure the Exchange ActiveSync Access Settings.

  1.

  Go to the Exchange admin center.

  2.

  Click on Mobile in the left navigation pane.

  3.

  On the Mobile Device Access page, click the Edit button in the Exchange ActiveSync Access Settings area.

  4.

  Select the Quarantine option under When a mobile device that isn't managed by a rule or personal exemption connects to Exchange.

  5.

  Optionally, you can configure notifications to be sent to administrators and a message to be sent to the mobile device user when a device is quarantined.

  6.

  Click Save to save the changes.

• Question 256:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and a sensitivity label named Label1.

  The external sharing settings for Site1 are configured as shown in the Site1 exhibit. (Click the Site1 tab.)

  

  The external sharing settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)

  

  Label 1 is applied to Site1.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes

  The Sensitive label setting of Label1 in the second exhibit 2overrides the setting in exhibit 1.

  Box 2: No Box 3: No

• Question 257:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.

  You add the users to the roles and the role group as shown in the following table.

  

  From the Microsoft Purview compliance portal, you perform an audit log search for the Added member to Role activity. Which role assignments will be returned for each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 258:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that contains the users and groups shown in the following table.

  

  You create the communication compliance policy as shown in the exhibit. (Click the Exhibit tab.) Four emails are sent as shown in the following table.

  

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 259:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that contains a user named User1 and the groups shown in the following table.

  

  You have the Compliance Manager improvement action shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Assign improvement actions

  To begin implementation work on an improvement action, you can do the work yourself or assign it to another user. The assigned person could be:

  A business policy owner

  An IT implementer

  Another employee with responsibility to perform the task

  Once you identify the appropriate assignee, be sure they hold a sufficient Compliance Manager role to perform the work. Then follow the steps below to assign the improvement action:

  From the improvement actions details page, select Assign action on the left of the screen.

  The Assign to user flyout pane shows a Suggested people list of users. You can select the user from the list, or type the email address of the person you want to assign it to.

  Select Assign. The assigned user will receive an email explaining that the improvement action has been assigned to them, with a direct link to the improvement action.

• Question 260:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains three groups named Group1, Group2, and Group3 and the users shown in the following table.

  

  You create a new access package as shown in the following exhibit.

  

  You assign Package1 on June 1, 2021, by using die following configurations:

  1.

  Select users: User1, User2, User3

  2.

  Select policy: Initial policy

  3.

  Assignment starts: June 1, 2021

  4.

  Assignment ends: July 1, 2021

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes

  Box 2: No Lifecycle, Access package assignments expires: After 10 days

  Box 3: Yes The access package resource roles includes: Group3 Member Note: Entitlement management introduces to Azure AD the concept of an access package. An access package is a bundle of all the resources with the access a user needs to work on a project or perform their task. Access packages are used to govern access for your internal employees, and also users outside your organization. Here are the types of resources you can manage user's access to, with entitlement management:

  1.

  Membership of Azure AD security groups

  2.

  Membership of Microsoft 365 Groups and Teams

  3.

  Assignment to Azure AD enterprise applications, including SaaS applications and custom-integrated applications that support federation/single sign-on and/or provisioning

  4.

  Membership of SharePoint Online sites

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview