This page was exported from Actual Test Materials [ http://blog.actualtests4sure.com ] Export date:Fri Nov 15 20:51:28 2024 / +0000 GMT ___________________________________________________ Title: [Q126-Q149] Tested Material Used To MS-500 Test Engine Exam Questions in here [Feb-2023] --------------------------------------------------- Tested Material Used To MS-500 Test Engine Exam Questions in here [Feb-2023] Penetration testers simulate MS-500 exam PDF Why Take the Microsoft MS-500 Exam? As new technologies are released, the demand for certified individuals continues to increase. The more experience you have with the features of Windows Server, the stronger your career will be. The MS-500 exam will help you get there. Relevant courses and training materials will help you to prepare for the test and pass it. It's also worth keeping in mind that the MCSE is being discontinued and Microsoft will be replacing it with new exams focused on Windows Server 2012 R2. This means that the exam will provide valuable experience and knowledge to individuals who take it. As these exams become more widely used over time, the value of certification will only increase.   QUESTION 126You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.You need to allow a user named User1 to view ATP reports in the Threat management dashboard.Which role provides User1 with the required role permissions?  Security administrators  Exchange administrator  Compliance administrator  Message center reader Explanation/Reference:https://docs.microsoft.com/en-us/office365/securitycompliance/view-reports-for-atp#what-permissions-are- needed-to-view-the-atp-reportsQUESTION 127次の図に示すように、管理者はAzure AD特権ID管理を構成します。セキュリティ要件を満たすためにあなたは何をすべきですか?  Admin2の割り当ての種類を固定に変更します。  Azure Active Directory管理センターから、Exchange管理者の役割をAdmin2に割り当てます。  Azure Active Directory管理センターから、Exchange管理者の役割をAdmin1に削除します。  Admin1の割り当ての種類を[適格]に変更します。 テストレット1概要Fabrikam、Inc.は、パートナー小売店を通じて製品を販売する製造会社です。 Fabrikamは持っていますヨーロッパ全域のオフィスに5,000人の従業員がいます。既存の環境ネットワークインフラネットワークにはfabrikam.comという名前のActive Directoryフォレストが含まれています。 FabrikamはハイブリッドMicrosoftを持っていますAzure Active Directory(Azure AD)環境。同社は特定のアプリケーション用にいくつかのオンプレミスサーバーを維持していますが、ほとんどのエンドユーザーはアプリケーションは、Microsoft 365 E5サブスクリプションによって提供されます。問題ステートメントFabrikamは以下の問題を指摘しています。先週の金曜日以来、ITチームは “Unhealthy”を含む自動電子メールメッセージを受信しています。件名の「Identity Synchronization Notification」を参照してください。マルウェアを含む電子メールの添付ファイルを最近開いたユーザーが何人かありました。削除するプロセスマルウェアは時間がかかりました。必要条件計画された変更Fabrikamは以下の変更を実装する予定です。Fabrikamは、Active Directoryへの疑わしいサインインを監視および調査する計画です。Fabrikamは、パートナーにMicrosoft 365に保存されている一部のデータへのアクセスを提供する計画です。アプリケーション管理Fabrikamは、ワークロードアプリケーションを管理するための以下のアプリケーション要件を識別しています。ユーザー管理者はさまざまな国から働きますユーザー管理者はAzure Active Directory管理センターを使用しますAdmin1とAdmin2という2人の新しい管理者がMicrosoftの管理を担当します。Exchange Onlineのみセキュリティ要件Fabrikamは、以下のセキュリティ要件を確認しています。ユーザー管理者によるAzure Active Directory管理センターへのアクセスは、毎回確認する必要があります。七日間。管理者が3日以内にアクセス要求に応答しない場合、アクセス権は削除されましたMicrosoft 365のワークロードを管理するユーザーは、一度に3時間まで。グローバル管理者はこの要件から除外する必要があります。ユーザーが会社のデータを表示するために外部ユーザーを招待できないようにする必要があります。グローバル管理者のみUser1というユーザーは招待状を送信できる必要がありますAzure Advanced Threat Protection(ATP)は、機密性を高めるためにセキュリティグループの変更をキャプチャする必要があります。Active DirectoryのDomain Adminsなどのグループワークロード管理者は、ワークロード管理者からサインインするときに多要素認証(MFA)を使用する必要があります。匿名またはなじみのない場所管理者がAzureに認証されるときにユーザー管理者の場所を監査する必要があります。広告マルウェアを含む添付ファイルを含む電子メールメッセージは、マルウェアなしで配信する必要があります。愛着可能な限り最小限の特権の原則を使用する必要がありますQUESTION 128You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.You need to allow a user named User1 to view ATP reports in the Threat management dashboard.Which roleprovides User1with the required role permissions?  Security reader  Message center reader  Compliance administrator  Information Protection administrator Reference:https://docs.microsoft.com/en-us/office365/securitycompliance/view-reports-for-atp#what-permissions-areneedQUESTION 129Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription that contains the users shown in the following table.You discover that all the users in the subscription can access Compliance Manager reports.The Compliance Manager Reader role is not assigned to any users.You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.Solution: You recommend assigning the Compliance Manager Reader role to User1.Does this meet the goal?  Yes  No QUESTION 130You have a Microsoft 365 subscription.Some users access Microsoft SharePoint Online from unmanaged devices.You need to prevent the users from downloading, printing, and syncing files.What should you do?  Run the Set-SPOTenantcmdlet and specify the -ConditionalAccessPolicyparameter.  From the Security & Compliance admin center, create a data loss prevention (DLP) policy.  From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy  From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy Explanation/Reference:References:https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-pshttps://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices Manage governance and compliance features in Microsoft 365 Testlet 1 This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewContoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, and New York.The company has the offices shown in the following table.Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft365.Existing EnvironmentInfrastructureThe network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.Each client computer has a single volume.Each office connects to the Internet by using a NAT device. The offices have the IP addresses shown in the following table.Named locations are defined in Azure AD as shown in the following table.From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.The tenant contains the users shown in the following table.The tenant contains the groups shown in the following table.Customer Lockbox is enabled in Microsoft 365.Microsoft Intune ConfigurationThe devices enrolled in Intune are configured as shown in the following table.The device compliance policies in Intune are configured as shown in the following table.The device compliance policies have the assignments shown in the following table.The Mark devices with no compliance policy assigned as setting is set to Compliant.RequirementsTechnical RequirementsContoso identifies the following technical requirements:* Use the principle of least privilege* Enable User1 to assign the Reports reader role to users* Ensure that User6 approves Customer Lockbox requests as quickly as possible* Ensure that User9 can enable and configure Azure AD Privileged Identity ManagementQUESTION 131Note: This question is part of series of questions that present the same scenario. Each question inthe series contains a unique solution that might meet the stated goals. Some question sets mighthave more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (AzureAD) tenant named contoso.com.You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and thetenant. Azure AD Connect has the following settings:Source Anchor: objectGUIDPassword Hash Synchronization: DisabledPassword writeback: DisabledDirectory extension attribute sync: DisabledAzure AD app and attribute filtering: DisabledExchange hybrid deployment: DisabledUser writeback: DisabledYou need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.Solution: You modify the Source Anchor settings.Does that meet the goal?  Yes  No QUESTION 132You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown in the following table.Policy1 if configured as showing in the following exhibit.Policy2 is configured as shown in the following exhibit.For each of the following statements, select Yes if the statement is true. Otherwise, select No. ExplanationReference:https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies?redirectSourcePath=%252fen-QUESTION 133Your company has a Microsoft 365 subscription that contains the users shown in the following table.The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP).Windows Defender ATP includes the roles shown in the following table:Windows Defender ATP contains the machine groups shown in the following table:For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationQUESTION 134You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:Assignments: Include Group1, Exclude Group2Conditions: Sign in risk of Low and aboveAccess: Allow access, Require password multi-factor authenticationYou need to identify how the policy affects User1 and User2.What occurs when each user signs in from an anonymous IP address? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. QUESTION 135How should you configure Group3? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. QUESTION 136You have a Microsoft 365 subscription that includes a user named Admin1.You need to ensure that Admin1 can preserve all the mailbox content of users, including their deleted items.The solution must use the principle of least privilege.What should you do?  From the Microsoft 365 admin center, assign the Exchange administrator role to Admin1.  From the Exchange admin center, assign the Discovery Management admin role to Admin1.  From the Azure Active Directory admin center, assign the Service administrator role to Admin1.  From the Exchange admin center, assign the Recipient Management admin role to Admin1. QUESTION 137Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription that contains the users shown in the following table.You discover that all the users in the subscription can access Compliance Manager reports.The Compliance Manager Reader role is not assigned to any users.You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.Solution: You recommend modifying the licenses assigned to User5.Does this meet the goal?  Yes  No QUESTION 138Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table.The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.You create an Azure Information Protection policy named Policy1.You need to apply Policy1.To which groups can you apply Policy1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/information-protection/prepareQUESTION 139You have a Microsoft 365 subscription.You need to include a custom sensitive information type in Data Subject Request (DSR) cases.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – Connect to the Security & Compliance admin,,,,,2 – Export the current rules as an XML file3 – Modify the file4 – Upload the fileReference:https://docs.microsoft.com/en-us/microsoft-365/compliance/customize-a-built-in-sensitive-information-type?view=o365-worldwideQUESTION 140You have a Microsoft 365 tenant that uses Azure Information Protection to encrypt sensitive content.You plan to implement Microsoft Cloud App Security to inspect protected files that are uploaded to Microsoft OneDrive for Business.You need to ensure that at Azure Information Protection-protected files can be scanned by using Cloud App Security Which two actions should you perform7 Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  From the Cloud App Security admin center, enable file monitoring of software as a service (SaaS) apps.  From the Cloud App Security admin center, create an OAuth app policy for apps that have the Have full access to user files permission  From the Microsoft 365 compliance admin center create a data loss prevention (EXP) policy that contains an exception for content that contains a sensitive information type.  From the Azure Active Directory admin center, grant Cloud App Security permission to read all the protected content of the tenant QUESTION 141You have a Microsoft 365 E5 subscription.From Microsoft Azure Active Directory (Azure AD), you create a security group named Group1. You add 10 users to Group1.You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationQUESTION 142Your company has 500 computers.You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives.You need to recommend a remediation solution that meets the following requirements:Windows Defender ATP administrators must manually approve all remediation for the executives Remediation must occur automatically for all other users What should you recommend doing from Windows Defender Security Center?  Configure 20 system exclusions on automation allowed/block lists  Configure two alert notification rules  Download an offboarding package for the computers of the 20 executives  Create two machine groups Reference:https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/machine-groupswindows- defender-advanced-threat-protectionQUESTION 143You have a Microsoft 365 subscription.You identify the following data loss prevention (DLP) requirements:Send notifications to users if they attempt to send attachments that contain EU social security numbers Prevent any email messages that contain credit card numbers from being sent outside your organization Block the external sharing of Microsoft OneDrive content that contains EU passport numbers Send administrators email alerts if any rule matches occur.What is the minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. QUESTION 144You need to ensure that administrators can publish a label that adds a footer to email messages and documents.To complete this task, sign in to the Microsoft Office 365 portal. See explanation below.ExplanationYou need to configure a Sensitivity label.* Go to the Security & Compliance Admin Center.* Navigate to Classification > Sensitivity labels.* Click on + Create a label to create a new label.* Give the label a name and description then click Next.* Leave the Encryption option as None and click Next.* On the Content Marking page, tick the checkbox Add a footer.* Click the Customize Text link and add the footer text and click Save (for the question, it doesn’t matter what text you add).* Click Next.* Leave the Auto-labeling for Office apps off and click Next.* Click the Submit button to save your changes.* The label is now ready to be published. Click the Done button to exit the page and create the label.QUESTION 145Youhave a Microsoft 365 subscription that uses a default name of litwareinc.com.You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes eachstatement based on the information presented in the graphic.NOTE:Each correct selection is worth one point. ExplanationReferences:https://docs.microsoft.com/en-us/onedrive/manage-sharingQUESTION 146Your company has a Microsoft 365 subscription that contains the users shown in the following table.The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP).Windows Defender ATP includes the roles shown in the following table:Windows Defender ATP contains the machine groups shown in the following table:For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. QUESTION 147You have a Microsoft 365 subscription.You have a site collection named SiteCollection1 that contains a site named Site2. Site2 contains a document library named Customers.Customers contains a document named Litware.docx. You need to remove Litware.docx permanently.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. QUESTION 148You need to implement Windows Defender ATP to meet the security requirements.What should you do?  Configure port mirroring  Create the ForceDefenderPassiveMode registry setting  Download and install the Microsoft Monitoring Agent  Run WindowsDefenderATPOnboardingScript.cmd Topic 1, Litware, IncOverviewLitware, Inc. is a financial company that has 1,000 users in its main office in Chicago and 100 users in a branch office in San Francisco.Existing EnvironmentInternal Network InfrastructureThe network contains a single domain forest. The forest functional level is Windows Server 2016.Users are subject to sign-in hour restrictions as defined in Active Directory.The network has the IP address range shown in the following table.The offices connect by using Multiprotocol Label Switching (MPLS).The following operating systems are used on the network:* Windows Server 2016* Windows 10 Enterprise* Windows 8.1 EnterpriseThe internal network contains the systems shown in the following table.Litware uses a third-party email system.Cloud InfrastructureLitware recently purchased Microsoft 365 subscription licenses for all users.Microsoft Azure Active Directory (Azure AD) Connect is installed and uses the default authentication settings.User accounts are not yet synced to Azure AD.You have the Microsoft 365 users and groups shown in the following table.Planned ChangesLitware plans to implement the following changes:* Migrate the email system to Microsoft Exchange Online* Implement Azure AD Privileged Identity ManagementSecurity RequirementsLitware identities the following security requirements:* Create a group named Group2 that will include all the Azure AD user accounts. Group2 will be used to provide limited access to Windows Analytics* Create a group named Group3 that will be used to apply Azure Information Protection policies to pilot users. Group3 must only contain user accounts* Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest* Prevent users locked out of Active Directory from signing in to Azure AD and Active Directory* Implement a permanent eligible assignment of the Compliance administrator role for User1* Integrate Windows Defender and Windows Defender ATP on domain-joined servers* Prevent access to Azure resources for the guest user accounts by default* Ensure that all domain-joined computers are registered to Azure ADMulti-factor authentication (MFA) RequirementsSecurity features of Microsoft Office 365 and Azure will be tested by using pilot Azure user accounts.You identify the following requirements for testing MFA.* Pilot users must use MFA unless they are signing in from the internal network of the Chicago office.MFA must NOT be used on the Chicago office internal network.* If an authentication attempt is suspicious, MFA must be used, regardless of the user location* Any disruption of legitimate authentication attempts must be minimized General Requirements Litware want to minimize the deployment of additional servers and services in the Active Directory forest.QUESTION 149You have an on-premises Hyper-V infrastructure that contains the following:An Active Directory domainA domain controller named Server1A member server named Server2Asecurity policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.What should you configure on each server? To answer, drag the appropriate components to the correct servers. Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE:Each correct selection is worth one point. Explanation Loading … Authentic Best resources for MS-500 Online Practice Exam: https://www.actualtests4sure.com/MS-500-test-questions.html --------------------------------------------------- Images: https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-02-18 15:46:43 Post date GMT: 2023-02-18 15:46:43 Post modified date: 2023-02-18 15:46:43 Post modified date GMT: 2023-02-18 15:46:43