Succeed, About Insights on the Microsoft MS-500 exam

You are planning to receive a Microsoft 365 Security Administration MS-500 Professional Certification. Any suggestions or learning paths to follow? Where can I find the practice set? These doubts are not the voice of most people. Don’t worry, Clevercert tells you.

The right way to learn:

Get reliable Microsoft MS-500 exam dumps and take advantage of the MS-500 practice test inside! Take the time to review your weaknesses and make it easy to pass the Microsoft 365 Security Administration exam. You can rest assured that Pass4itSure https://www.pass4itsure.com/ms-500.html complete MS-500 exam dumps!

The Test: latest Microsoft MS-500 practice exam questions contain answers and explanations

QUESTION 1

Which IP address space should you include in the MFA configuration?

A. 131.107.83.0/28
B. 192.168.16.0/20
C. 172.16.0.0/24
D. 192.168.0.0/20

Correct Answer: B

QUESTION 2

You need to recommend a solution to protect the sign-ins of Admin1 and Admin2. What should you include in the
recommendation?

A. a device compliance policy
B. an access review
C. a user risk policy
D. a sign-in risk policy

Correct Answer: C

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

QUESTION 3

HOTSPOT
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
OneDrive stores files that are shared with external users. The files are configured as shown in the following table.

You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy
contains the following three rules:

1. Rule1:
2. Conditions: Label1, Detect content that\’s shared with people outside my organization
3. Actions: Restrict access to the content for external users
4. User notifications: Notify the user who last modified the content
5. User overrides: On
6. Priority: 0

1. Rule2:
2. Conditions: Label1 or Label2
3. Actions: Restrict access to the content
4. Priority: 1

1. Rule3:
2. Conditions: Label2, Detect content that\’s shared with people outside my organization
3. Actions: Restrict access to the content for external users
4. User notifications: Notify the user who last modified the content
5. User overrides: On
6. Priority: 2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

QUESTION 4

Which role should you assign to User1?

A. Global administrator
B. User administrator
C. Privileged role administrator
D. Security administrator

Correct Answer: C

QUESTION 5

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.
You need to allow a user named User1 to view ATP reports in the Threat management dashboard.
Which role provides User1 with the required role permissions?

A. Security administrators
B. Exchange administrator
C. Compliance administrator
D. Message center reader

Correct Answer: A

Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/view-reports-for-atp#what-permissions-areneeded-to-view-the-atp-reports

QUESTION 6

You have a Microsoft 365 subscription that uses the default domain name of fabrikam.com. You create a safe links policy, as shown in the following exhibit.

Which URL can a user safely access from Microsoft Word Online?
A. fabrikam.phishing.fabrikam.com
B. malware.fabrikam.com
C. fabrikam.contoso.com
D. www.malware.fabrikam.com

Correct Answer: D

References: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-a-custom-blocked-urls-list-wtih-atp

QUESTION 7

You have a hybrid Microsoft Exchange Server organization. All users have Microsoft 365 E5 licenses.
You plan to implement an Advanced Threat Protection (ATP) anti-phishing policy.
You need to enable mailbox intelligence for all users.

What should you do first?

A. Configure attribute filtering in Microsoft Azure Active Directory Connect (Azure AD Connect)
B. Purchase the ATP add-on
C. Select Directory extension attribute sync in Microsoft Azure Active Directory Connect (Azure AD Connect)
D. Migrate the on-premises mailboxes to Exchange Online

Correct Answer: D

References: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies

QUESTION 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution,
while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.

Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security and Compliance to identify who signed in to the mailbox of User1, the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-MailboxFolderPermission -Identity “User1”
-User [email protected] -AccessRights Owner command.

Does that meet the goal?

A. Yes
B. No

Correct Answer: B

References: https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps

QUESTION 9

You need to ensure that a user named Allan Deyoung can perform searches and place holds on mailboxes, SharePoint
Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft 365 admin center.

Correct Answer: See below.


1. After signing in to the Microsoft 365 admin center, navigate to the Security and Compliance Center.
2. In the left pane of the security and compliance center, select Permissions, and then select the checkbox next to
eDiscovery Manager.
3. On the eDiscovery Manager flyout page, do one of the following based on the eDiscovery permissions that you want to assign.

To make a user an eDiscovery Manager: Next to eDiscovery Manager, select Edit. In the Choose eDiscovery Manager
section, select the Choose eDiscovery Manager hyperlink, and then select + Add.

Select the user (or users) you want to add as an eDiscovery Manager, and then select Add. When you\’re finished adding users, select Done. Then, on the Editing Choose eDiscovery Manager flyout page, select Save to save the changes to the eDiscovery Manager membership.

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscoverypermissions?view=o365-worldwide

QUESTION 10

You have a Microsoft 365 subscription.
You have a Microsoft SharePoint Online site named Site1. You have a Data Subject Request (DSR) case named Case1
that searches Site1.

You create a new sensitive information type.
You need to ensure that Case1 returns all the documents that contain the new sensitive information type.
What should you do?

A. From the Security and Compliance admin center, create a new Search by ID List.
B. From Site1, modify the search dictionary.
C. From the Security and Compliance admin center, create a new Guided search.
D. From Site1, initiate a re-indexing of Site1.

Correct Answer: D

QUESTION 11

You need to implement Windows Defender ATP to meet the security requirements. What should you do?

A. Configure port mirroring
B. Create the ForceDefenderPassiveMode registry setting
C. Download and install the Microsoft Monitoring Agent
D. Run WindowsDefenderATPOnboardingScript.cmd

Correct Answer: C

QUESTION 12

HOTSPOT
How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

QUESTION 13

You have several Conditional Access policies that block non-compliant devices from connecting to services.
You need to identify which devices are blocked by which policies.
What should you use?

A. the Setting compliance report in the Microsoft Endpoint Manager admin center
B. Sign-ins in the Azure Active Directory admin center
C. Activity log in the Cloud App Security admin center
D. Audit logs in the Azure Active Directory admin center

Correct Answer: B

Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-access

QUESTION 14

Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named
VPN1 that runs Windows Server 2016 and has the Remote Access server role installed.
You have a Microsoft Azure subscription.

You are deploying Azure Advanced Threat Protection (ATP)
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.

What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Reference: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn

QUESTION 15

You need to protect against phishing attacks. The solution must meet the following requirements:

1. Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
2. As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.

Correct Answer: See below.

1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Antiphishing.

2. Select Default Policy to refine it.

3. In the Impersonation section, select Edit.

4. Go to Add domains to protect and select the toggle to automatically include the domains you own.

5. Go to Actions, open the drop-down If an email is sent by an impersonated user, and choose the Quarantine message
action. Open the drop-down If an email is sent by an impersonated domain and choose the Quarantine message action.

6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects
impersonated users, domains, or unusual characters. Select Save.

7. Select Mailbox intelligence and verify that it\’s turned on. This allows your email to be more efficient by learning usage patterns.

8. Choose to Add trusted senders and domains. Here you can add email addresses or domains that shouldn\’t be classified as impersonation.

9. Choose to Review your settings, make sure everything is correct, select Save, then Close.

Reference: https://support.office.com/en-us/article/protect-against-phishing-attempts-inmicrosoft-365-86c425e1-1686-430a-9151-f7176cce4f2c#ID0EAABAAA=Try_it!

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishingpolicies?view=o365-worldwide#example-anti-phishing-policy-to-protect-a-user-and-a-domain

Free PDF: Microsoft 365 Security Administration MS-500 exam pdf share

MS-500 exam pdf [drive] https://drive.google.com/file/d/17N___KsRvQ6QV6E3_Zkc4b7Yx9JtNtdt/view?usp=sharing

Final thoughts:

Practice testing is important, and if the Microsoft MS-500 test doesn’t show you your weaknesses, you won’t pass. Ensure that all Microsoft 365 Security Administration content is thoroughly studied and reviewed adequately. Dump learning sources (linked here https://www.pass4itsure.com/ms-500.html) with Pas4itSure MS-500!

Good luck to those who take the time to read!