Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 21:

  You have a Microsoft 365 Enterprise E5 subscription.

  You use Microsoft Defender for Endpoint.

  You plan to use Microsoft 365 Attack simulator.

  What is a prerequisite for running Attack simulator?

  A. Enable multi-factor authentication (MFA).

  B. Configure Microsoft Defender for Office 365.

  C. Create a Conditional Access App Control policy for accessing Microsoft 365.

  D. Integrate Microsoft 365 Threat Intelligence and Microsoft Defender for Endpoint.

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulator

• Question 22:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your on-premises network contains a server that runs Windows Server 2019, computers that run Windows 10, macOS, or Linux, and a firewall that utilizes syslog.

  You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. All the computers are onboarded to Microsoft Defender for Endpoint.

  You are implementing Microsoft Defender for Cloud Apps.

  You need to discover which cloud apps are accessed from the computers.

  Solution: You install an Azure Arc agent on the workstations.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 23:

  You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.

  You need to use a Fusion rule template to detect multistage attacks in which users sign in by using compromised credentials, and then delete multiple files from Microsoft OneDrive.

  Based on the Fusion rule template, you create an active rule that has the default settings.

  What should you do next?

  A. Add data connectors.

  B. Add a workbook.

  C. Add a playbook.

  D. Create a custom rule template.

  Correct Answer: B

  MeasureUp prep test states it is a workbook. They are the official Microsoft Test Partner. Reference: https://docs.microsoft.com/en-gb/azure/azure-monitor/platform/workbooks-overview

• Question 24:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your on-premises network contains a server that runs Windows Server 2019, computers that run Windows 10, macOS, or Linux, and a firewall that utilizes syslog.

  You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. All the computers are onboarded to Microsoft Defender for Endpoint.

  You are implementing Microsoft Defender for Cloud Apps.

  You need to discover which cloud apps are accessed from the computers.

  Solution: You install a Microsoft Defender for Identity sensor on the server.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  No, installing a Microsoft Defender for Identity sensor on the server will not meet the goal of discovering which cloud apps are accessed from the computers.

  Microsoft Defender for Identity is a cloud-based solution that helps you protect your organization from advanced threats by detecting suspicious activities and attacks. It works by monitoring user activities and authentication events in your organization's Active Directory environment. It does not provide information on the cloud apps accessed from the computers.

  To discover which cloud apps are accessed from the computers, you should use Microsoft Cloud App Security (MCAS) which is part of Microsoft Defender for Cloud Apps. MCAS provides visibility into the cloud apps accessed from your network and allows you to control access to those apps. You can use MCAS to discover cloud apps that are used in your organization and identify potential risks associated with those apps. To do this, you need to configure MCAS to collect logs from the firewall that utilizes syslog and analyze those logs to identify the cloud apps accessed from the computers.

• Question 25:

  You have a Microsoft 365 E5 subscription.

  You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites:

  1.

  web1.contoso.com

  2.

  web2.contoso.com

  The solution must minimize administrative effort.

  To what should you set the Service domains setting for Endpoint DLP?

  A. web1.contoso.com and web2.contoso.com

  B. contoso.com

  C. *.contoso.com

  D. web*.contoso.com

  Correct Answer: A

  an * is a wildcard for example : *.contoso.com wil include evrything befor .contoso.com and will be blocked web*.contoso.com web1wil be blocked web2 wil be blocked web3 wil be blocked

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about

• Question 26:

  You have a Microsoft 365 tenant that uses Azure Information Protection to encrypt sensitive content.

  You plan to implement Microsoft Defender for Cloud Apps to inspect protected files that are uploaded to Microsoft OneDrive for Business.

  You need to ensure that all Azure Information Protection-protected files can be scanned by using Defender for Cloud Apps.

  Which two actions should you perform? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy that contains an exception for content that contains a sensitive information type.

  B. From the Microsoft Defender for Cloud Apps portal, enable file monitoring of software as a service (SaaS) apps.

  C. From the Microsoft Defender for Cloud Apps portal, create an OAuth app policy for apps that have the Have full access to user files permission.

  D. From the Azure Active Directory admin center, grant Microsoft Defender for Cloud Apps permission to read all the protected content of the tenant.

  Correct Answer: AD

• Question 27:

  You have a Microsoft 365 subscription.

  You need to be notified by email whenever an administrator starts an eDiscovery search.

  What should you do from the Microsoft 365 Compliance center?

  A. From Policies, create an alert policy.

  B. From Content search, create a new search.

  C. From eDiscovery, create an eDiscovery case.

  D. From Records management, create event type.

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

• Question 28:

  Your company has a Microsoft 365 E5 subscription that uses Microsoft Defender for identity.

  You plan to create a detection exclusion in Microsoft Defender for Identity.

  What should you use to create the detection exclusion?

  A. Microsoft Defender for Identity portal

  B. Microsoft 365 Compliance center

  C. Microsoft Defender for Cloud Apps portal

  D. Microsoft 365 Defender portal

  Correct Answer: D

  https://learn.microsoft.com/en-us/defender-for-identity/exclusions

• Question 29:

  You have a Microsoft 365 E5 subscription.

  You need to use Attack simulation training to launch a credential harvest simulation.

  For which Microsoft 365 workloads can you create a payload?

  A. Microsoft Exchange Online only

  B. Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive

  C. Microsoft Teams and Exchange Online only

  D. Microsoft SharePoint Online and OneDrive only

  Correct Answer: A

  Create a payload, select a payload type.

  On the Select type page, the only value that you can currently select is Email.

  Incorrect:

  Not A, Not B, Not C: Payloads cannot be created for Microsoft Exchange Online.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-payloads

• Question 30:

  You have a Microsoft 365 E5 subscription.

  You need to use Microsoft Defender for Cloud Apps to identify documents stored in Microsoft SharePoint Online that contain proprietary information.

  What should you create in Defender for Cloud Apps?

  A. an app connector and a file policy

  B. an app connector and an app discovery policy

  C. a data source and an app discovery policy

  D. a data source and a file policy

  Correct Answer: A

  You connect Microsoft Defender for Cloud Apps to your existing Office 365 account using the app connector API. This connection gives you visibility into and control over Office 365 (including SharePoint Online) use.

  The File policy is used for Information protection: File policies enable you to scan your cloud apps for specified files or file types (shared, shared with external domains), data (proprietary information, personal data, credit card information, and

  other types of data) and apply governance actions to the files (governance actions are cloud-app specific).

  Reference:

  https://docs.microsoft.com/en-us/defender-cloud-apps/connect-office-365 https://docs.microsoft.com/en-us/defender-cloud-apps/control-cloud-apps-with-policies