Microsoft Microsoft Certifications MS-500 Questions & Answers

• Question 81:

  Your network contains an on-premises Active Directory domain named contoso.local that has a forest functional level of Windows Server 2008 R2.

  You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

  You plan to install Azure AD Connect and enable single sign-on (SSO).

  You need to prepare the domain to support SSO. The solution must minimize administrative effort.

  What should you do?

  A. Raise the forest functional level to Windows Server 2016.

  B. Modify the UPN suffix of all domain users.

  C. Populate the mail attribute of all domain users.

  D. Rename the domain.

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide

• Question 82:

  You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

  

  You configure the Security Operator role in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.

  

  You add assignments to the Security Operator role as shown in the following table.

  

  Which users can activate the Security Operator role?

  A. User2 only

  B. User3 only

  C. User1 and User2 only

  D. User2 and User3 only

  E. User1, User2, and User3

  Correct Answer: D

• Question 83:

  You create an Azure Sentinel workspace.

  You configure Azure Sentinel to ingest data from Azure Active Directory (Azure AD).

  In the Azure Active Directory admin center, you discover Azure AD Identity Protection alerts. The Azure Sentinel workspace shows the status as shown in the following exhibit.

  

  In Azure Log Analytics, you can see Azure AD data in the Azure Sentinel workspace.

  What should you configure in Azure Sentinel to ensure that incidents are created for detected threats?

  A. data connectors

  B. rules

  C. workbooks

  D. hunting queries

  Correct Answer: B

  To get Identity Protection Alerts, you must have Identity Protection Connectors (defender for identity soon) and Azure AD premium P2 licence

  Reference: https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom

• Question 84:

  You have a Microsoft 365 E5 subscription that has Microsoft 365 Defender enabled.

  You plan to deploy a third-party app named App1 that will receive alert data from Microsoft 365 Defender.

  Which format will Microsoft 365 Defender use to send the alert data to App1?

  A. JSON

  B. ZIP

  C. XML

  D. CSV

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts?view=o365-worldwide

• Question 85:

  You have a Microsoft 365 E5 subscription and an Sentinel workspace named Sentinel1. You need to launch the Guided investigation Process Alerts notebooks = in Sentinel. What should you create first?

  A. a Log Analytic workspace

  B. a Kusto query

  C. an Azure Machine learning workspace

  D. an Azure logic app

  Correct Answer: C

• Question 86:

  You have a Microsoft 365 E5 subscription that has Microsoft Defender for Cloud Apps enabled. You need to create an alert in Defender for Cloud Apps when source code is shared externally.

  Which type of policy should you create?

  A. Cloud Discovery anomaly detection

  B. file

  C. access

  D. activity

  Correct Answer: B

  Detect externally shared source code

  Detect when files that contain content that might be source code are shared publicly or are shared with users outside of your organization.

  Prerequisites

  You must have at least one app connected using app connectors.

  Steps

  1.

  On the Policies page, create a new File policy.

  2.

  Select and apply the policy template Externally shared source code

  3.

  Optional: Customize the list of file Extensions to match your organization's source code file extensions.

  4.

  Optional: Set the Governance actions to be taken on files when a violation is detected. The governance actions available vary between services. For example, in Box, Send policy-match digest to file owner and Put in admin quarantine.

  5.

  Select and apply the policy template Reference: https://docs.microsoft.com/en-us/defender-cloud-apps/policies-information-protection#detect-externally-shared-source-code

• Question 87:

  You have several Conditional Access policies that block noncompliant devices from connecting to services.

  You need to identify which devices are blocked by which policies.

  What should you use?

  A. the Device compliance report in the Microsoft Endpoint Manager admin center

  B. the Device compliance trends report in the Microsoft Endpoint Manager admin center

  C. Activity log in the Cloud App Security admin center

  D. the Conditional Access Insights and Reporting workbook in the Azure Active Directory admin center

  Correct Answer: D

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting

• Question 88:

  You have a Microsoft 365 subscription named contoso.com.

  You need to configure Microsoft OneDrive for Business external sharing to meet the following requirements:

  1.

  Enable file sharing for users that have a Microsoft account.

  2.

  Block file sharing for anonymous users. What should you do?

  A. From Advanced settings for external sharing, select Allow or block sharing with people on specific domains and add contoso.com.

  B. From the External sharing settings for OneDrive, select Only people in your organization.

  C. From the External sharing settings for OneDrive, select Existing external users.

  D. From the External sharing settings for OneDrive, select New and existing external users.

  Correct Answer: D

  Reference: https://www.sharepointdiary.com/2020/09/enable-external-sharing-in-onedrive-for-business.html

• Question 89:

  You have a hybrid Azure Active Directory (Azure AD) tenant that has pass- through authentication enabled.

  You plan to implement Azure AD identity Protection and enable the user risk policy.

  You need to configure the environment to support the user risk policy.

  What should you do first?

  A. Enable password hash synchronization.

  B. Configure a conditional access policy.

  C. Enforce the multi-factor authentication (MFA) registration policy.

  D. Enable the sign-in risk policy.

  Correct Answer: A

• Question 90:

  You need to create an Azure Information Protection label to meet the following requirements:

  1.

  Content must expire after 21 days.

  2.

  Offline access must be allowed for 21 days only.

  3.

  Documents must be protected by using a cloud key.

  4.

  Authenticated users must be able to view content only.

  To complete this task, sign in to the Microsoft 365 admin center.

  Correct Answer: See explanation below.

  1.

  If you haven't already done so, open a new browser window and sign in to the Azure portal. Then navigate to the Azure Information Protection pane. For example, in the search box for resources, services, and docs: Start typing Information and select Azure Information Protection.

  2.

  From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you want to change. On the Label pane, locate Set permissions for documents and emails containing this label, and select Protect.

  3.

  Select Protection.

  4.

  On the Protection pane, select Azure (cloud key).

  5.

  Select Set permissions to define new protection settings in this portal.

  6.

  If you selected Set permissions for Azure (cloud key), this option lets you select users and usage rights.

  To specify the users that you want to be able to open protected documents and emails, select Add permissions. Then on the Add permissions pane, select the first set of users and groups who will have rights to use the content that will be

  protected by the selected label:

  Choose Select from the list where you can then add all users from your organization by selecting Add - All members. This setting excludes guest accounts. Or, you can select Add any authenticated users, or

  browse the directory.

  When you choose all members or browse the directory, the users or groups must have an email address. In a production environment, users and groups nearly always have an email address, but in a simple testing environment, you might

  need to add email addresses to user accounts or groups.

  Change the File Content Expiration setting to 21 days.

  Change the Allow offline access setting to 21 days.

  When you have finished configuring the permissions and settings, click OK.

  This grouping of settings creates a custom template for the Azure Rights Management service. These templates can be used with applications and services that integrate with Azure Rights Management.

  7.

  Click OK to close the Protection pane and see your choice of User defined or your chosen template display for the Protection option in the Label pane.

  8.

  On the Label pane, click Save.

  9.

  On the Azure Information Protection pane, use the PROTECTION column to confirm that your label now displays the protection setting that you want:

  A check mark if you have configured protection.

  An x mark to denote cancellation if you have configured a label to remove protection.

  A blank field when protection is not set.

  When you clicked Save, your changes are automatically available to users and services. There's no longer a separate publish option.

  Reference: https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection