MS-500 Actual Exam Questions

Last updated on Dec. 11, 2024.
Vendor:Microsoft
Exam Code:MS-500
Exam Name:Microsoft 365 Security Administration
Exam Questions:352
 

Topic 1 - Question Set 1

Question #1 Topic 1

You have several Conditional Access policies that block noncompliant devices from connecting to services.
You need to identify which devices are blocked by which policies.
What should you use?

  • A. the Setting compliance report in the Microsoft Endpoint Manager admin center
  • B. Sign-ins in the Azure Active Directory admin center
  • C. Activity log in the Cloud App Security portal
  • D. Audit logs in the Azure Active Directory admin center
Reveal Solution Hide Solution   Discussion   4

Correct Answer: B ๐Ÿ—ณ๏ธ

Question #2 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
โœ‘ Source Anchor: objectGUID
โœ‘ Password Hash Synchronization: Disabled
โœ‘ Password writeback: Disabled
โœ‘ Directory extension attribute sync: Disabled
โœ‘ Azure AD app and attribute filtering: Disabled
โœ‘ Exchange hybrid deployment: Disabled

User writeback: Disabled -

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion   14

Correct Answer: B ๐Ÿ—ณ๏ธ

Question #3 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
โœ‘ Source Anchor: objectGUID
โœ‘ Password Hash Synchronization: Disabled
โœ‘ Password writeback: Disabled
โœ‘ Directory extension attribute sync: Disabled
โœ‘ Azure AD app and attribute filtering: Disabled
โœ‘ Exchange hybrid deployment: Disabled
โœ‘ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion   29

Correct Answer: A ๐Ÿ—ณ๏ธ

Question #4 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
โœ‘ Source Anchor: objectGUID
โœ‘ Password Hash Synchronization: Disabled
โœ‘ Password writeback: Disabled
โœ‘ Directory extension attribute sync: Disabled
โœ‘ Azure AD app and attribute filtering: Disabled
โœ‘ Exchange hybrid deployment: Disabled
โœ‘ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion   17

Correct Answer: B ๐Ÿ—ณ๏ธ

Question #5 Topic 1

HOTSPOT -
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

In contoso.com, you create the users shown in the following table.

What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Reveal Solution Hide Solution   Discussion   5

Correct Answer:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

Question #6 Topic 1

HOTSPOT -
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Reveal Solution Hide Solution   Discussion   10

Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

Question #7 Topic 1

You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Endpoint Manager.
You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network.
What should you do first?

  • A. From the Azure Active Directory admin center, create a new certificate
  • B. Enable Application Proxy in Azure AD
  • C. From Active Directory Administrative Center, create a Dynamic Access Control policy
  • D. From the Azure Active Directory admin center, configure authentication methods
Reveal Solution Hide Solution   Discussion   19

Correct Answer: A ๐Ÿ—ณ๏ธ

Question #8 Topic 1

You have a Microsoft 365 subscription.
From the Microsoft 365 admin center, you create a new user.
You plan to assign the Reports reader role to the user.
You need to view the permissions of the Reports reader role.
Which admin center should you use?

  • A. Microsoft 365 Defender
  • B. Azure Active Directory
  • C. Microsoft Defender for Identity
  • D. Microsoft Defender for Cloud Apps
Reveal Solution Hide Solution   Discussion   6

Correct Answer: B ๐Ÿ—ณ๏ธ

Question #9 Topic 1

You have a Microsoft 365 E5 subscription.
You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi-factor authentication (MFA) to request the permissions.
What should you use to achieve the goal?

  • A. Microsoft 365 Compliance permissions
  • B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
  • C. Microsoft Azure AD group management
  • D. Microsoft 365 user management
Reveal Solution Hide Solution   Discussion   7

Correct Answer: B ๐Ÿ—ณ๏ธ

Question #10 Topic 1

Your company has a Microsoft 365 subscription.
The company does not permit users to enroll personal devices in mobile device management (MDM).
Users in the sales department have personal iOS devices.
You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant.
The users must be prevented from backing up the app's data to iCloud.
What should you create?

  • A. a conditional access policy in Microsoft Azure Active Directory (Azure AD) that has a device state condition
  • B. an app protection policy in Microsoft Endpoint Manager
  • C. a conditional access policy in Microsoft Azure Active Directory (Azure AD) that has a client apps condition
  • D. a device compliance policy in Microsoft Endpoint Manager
Reveal Solution Hide Solution   Discussion   15

Correct Answer: B ๐Ÿ—ณ๏ธ

file Viewing page 1 out of 36 pages.
Viewing questions 1-10 out of 352 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago