[UPDATED 2023] Getting MS-500 Certification Made Easy! [Q161-Q183]

[UPDATED 2023] Getting MS-500 Certification Made Easy!

MS-500 Exam Crack Test Engine Dumps Training With 329 Questions

The Need for Microsoft MS-500 Exam

The current job market for professionals implementing Windows Server has grown considerably because of the various functionalities built into it. However, the number of candidates who are technically experienced with the features is limited. This limitation has led to smaller numbers of candidates eligible for promotion to advanced roles that require advanced technical skills.

With the increased availability of training resources and an improved exam format, candidates will find it easier to learn about the operating system and its various features. Candidates also will find it easier to prepare for these exams since they can use different training resources available on this subject matter. MS-500 Dumps is one of them. Community-based training learning can help candidates easily prepare for the exams. To worry about the exam is simply to start studying for this exam. It helps you to prepare for the exam since you know the exam is coming.

Microsoft MS-500 certification exam is an important credential for IT professionals seeking to demonstrate their expertise in managing security and compliance solutions for Microsoft 365 environments. By passing MS-500 exam, candidates will be able to demonstrate their proficiency in implementing and managing security and compliance solutions, as well as their ability to respond to threats and enforce data governance.

NEW QUESTION # 161
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User5.
Does this meet the goal?

A. No
B. Yes

Answer: A

NEW QUESTION # 162
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308

You need to prevent any email messages that contain data covered by the U.K. Data Protection Act from being sent to recipients outside of your organization, unless the messages are sent to an external domain named adatum.com.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. After signing into the Microsoft 365 admin center, navigate to Compliance Management in the Exchange Admin center.
2. Click on "Data Loss Prevention" option.
3. To add a new custom DLP policy, Click on (+) plus button to get the context menu
4. Click on "New Custom DLP policy" option, a new window appears where you have to enter policy name, description, state and mode of the requirement details. Click on save button to create policy and continue...
5. You will be back to the "Data Loss Prevention" screen with newly added policy information.
6. Double click on the added row to open the policy details, click on rules option in left part of the screen as depicted
7. Click on (+) plus button to add a new rule. Select the "Block messages with sensitive information" rule.
8. On the following screen, we can add condition, action, exceptions, rule activation and deactivation dates

9. Click on "Select Sensitive information Types" to specify the sensitive information details.

10. Click on (+) plus button and add the following Sensitive information Types:
* U.K. National Insurance Number (NINO
* U.S. / U.K. Passport Number
* SWIFT Code
11. Click on Ok
12. Add an exception for recipients in the adatum.com domain
13. Add recipients for incident reports and click ok
14. Click save
15. Click save
Reference:
https://events.collab365.community/configure-data-loss-prevention-policies-in-exchange-online-in-office-365/

NEW QUESTION # 163
You have a Microsoft 365 subscription that uses a default name of litwareinc.com.
You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/onedrive/manage-sharing

NEW QUESTION # 164
Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table.

You plan to implement Azure Advanced Threat Protection (ATP) for the domain.
You install an Azure ATP standalone sensor on Server1.
You need to monitor the domain by using Azure ATP.
What should you do?

A. Configure port mirroring for Server1.
B. Install the Microsoft Monitoring Agent on Server1.
C. Configure port mirroring for DC1.
D. Install the Microsoft Monitoring Agent on DC1.

Answer: C

Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-port-mirroring

NEW QUESTION # 165
You have a Microsoft SharePoint Online sire named Site1 that contains the files shown in the following table.

You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.

You apply DLP1 to Site1.
Which policy tips will appear for File2?

A. Tip1 only
B. Tip1 and Tip2 only
C. Tip2 only
D. Tip3 only

Answer: C

NEW QUESTION # 166
Which IP address space should you include in the MFA configuration?

A. 131.107.83.0/28
B. 172.16.0.0/24
C. 192.168.0.0/20
D. 192.168.16.0/20

Answer: D

Explanation:
Topic 1, Litware, Inc
Overview
Litware, Inc. is a financial company that has 1,000 users in its main office in Chicago and 100 users in a branch office in San Francisco.
Existing Environment
Internal Network Infrastructure
The network contains a single domain forest. The forest functional level is Windows Server 2016.
Users are subject to sign-in hour restrictions as defined in Active Directory.
The network has the IP address range shown in the following table.

The offices connect by using Multiprotocol Label Switching (MPLS).
The following operating systems are used on the network:
* Windows Server 2016
* Windows 10 Enterprise
* Windows 8.1 Enterprise
The internal network contains the systems shown in the following table.

Litware uses a third-party email system.
Cloud Infrastructure
Litware recently purchased Microsoft 365 subscription licenses for all users.
Microsoft Azure Active Directory (Azure AD) Connect is installed and uses the default authentication settings.
User accounts are not yet synced to Azure AD.
You have the Microsoft 365 users and groups shown in the following table.

Planned Changes
Litware plans to implement the following changes:
* Migrate the email system to Microsoft Exchange Online
* Implement Azure AD Privileged Identity Management
Security Requirements
Litware identities the following security requirements:
* Create a group named Group2 that will include all the Azure AD user accounts. Group2 will be used to provide limited access to Windows Analytics
* Create a group named Group3 that will be used to apply Azure Information Protection policies to pilot users. Group3 must only contain user accounts
* Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest
* Prevent users locked out of Active Directory from signing in to Azure AD and Active Directory
* Implement a permanent eligible assignment of the Compliance administrator role for User1
* Integrate Windows Defender and Windows Defender ATP on domain-joined servers
* Prevent access to Azure resources for the guest user accounts by default
* Ensure that all domain-joined computers are registered to Azure AD
Multi-factor authentication (MFA) Requirements
Security features of Microsoft Office 365 and Azure will be tested by using pilot Azure user accounts.
You identify the following requirements for testing MFA.
* Pilot users must use MFA unless they are signing in from the internal network of the Chicago office.
MFA must NOT be used on the Chicago office internal network.
* If an authentication attempt is suspicious, MFA must be used, regardless of the user location
* Any disruption of legitimate authentication attempts must be minimized General Requirements Litware want to minimize the deployment of additional servers and services in the Active Directory forest.

NEW QUESTION # 167
Microsoft 365テナントがあります。
Windows 10を実行している500台のコンピューターがあります。
Windows Defender Advanced Threat Protection（Windows）を使用してコンピューターを監視することを計画している
コンピューターがMicrosoft Intuneに登録された後のDefender ATP）。
コンピュータがWindows Defender ATPに接続されていることを確認する必要があります。
Windows Defender ATP用にIntuneをどのように準備する必要がありますか？

A. デバイス設定プロファイルを作成します
B. Windowsオートパイロット展開プロファイルを作成します
C. 登録制限を設定します
D. 条件付きアクセスポリシーを作成します

Answer: A

Explanation:
説明/参照：
参照：
https://docs.microsoft.com/en-us/intune/advanced-threat-protection

NEW QUESTION # 168
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to create a case that prevents the members of a group named Operations from deleting email messages that contain the word IPO.
To complete this task, sign in to the Microsoft Office 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. Navigate to the Security & Compliance Center.
2. In the Security & Compliance Center, click , and then click Create a case.
3. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.

The new case is displayed in the list of cases on the eDiscovery page.
After you create a case, the next step is to add members to the case. The eDiscovery Manager who created the case is automatically added as a member. Members have to be assigned the appropriate eDiscovery permissions so they can access the case after you add them.
4. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
5. Click the name of the case that you want to add members to.
The Manage this case flyout page is displayed.

6. Under Manage members, click Add to add members to the case.You can also choose to add a role group to the case. Under Manage role groups, click Add.
7. In the list of people or role groups that can be added as members of the case, click the check box next to the names of the people or role groups that you want to add.
8. After you select the people or role groups to add as members of the group, click Add.In Manage this case, click Save to save the new list of case members.
9. Click Save to save the new list of case members.
You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for an Office 365 Group. Similarly, you can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
To create a hold for an eDiscovery case:
1. In the Security & Compliance Center, click to display the list of cases in your organization.
2. Click Open next to the case that you want to create the holds in.
3. On the Home page for the case, click the

4. On the Hold page, click Create.
5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.

6. (Optional) In the Description box, add a description of the hold.
7. Click Next.
8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.

a. Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams again. to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.

a. In the box under Keywords, type a search query in the box so that only the content that meets the search criteria is placed on hold. You can specify keywords, message properties, or document properties, such as file names. You can also use more complex queries that use a Boolean operator, such as AND, OR, or NOT. If you leave the keyword box empty, then all content located in the specified content locations will be placed on hold.
b. Click Add conditions to add one or more conditions to narrow the search query for the hold. Each condition adds a clause to the KQL search query that is created and run when you create the hold. For example, you can specify a date range so that email or site documents that were created within the date ranged are placed on hold. A condition is logically connected to the keyword query (specified in the keyword box) by the AND operator. That means that items have to satisfy both the keyword query and the condition to be placed on hold.
9. After configuring a query-based hold, click
10. Review your settings, and then click
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide

NEW QUESTION # 169
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308

You need to protect against phishing attacks. The solution must meet the following requirements:
Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.
2. Select Default Policy to refine it.
3. In the Impersonation section, select Edit.
4. Go to Add domains to protect and select the toggle to automatically include the domains you own.
5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the Quarantine message action.
Open the drop-down If email is sent by an impersonated domain and choose the Quarantine message action.
6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.
7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.
8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.
9. Choose Review your settings, make sure everything is correct, select Save, then Close.
Reference:
https://support.office.com/en-us/article/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a-9151-f7176cce4f2c#ID0EAABAAA=Try_it!
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#example-anti-phishing-policy-to-protect-a-user-and-a-domain

NEW QUESTION # 170
You need to implement Windows Defender ATP to meet the security requirements. What should you do?

A. Configure port mirroring
B. Run WindowsDefenderATPOnboardingScript.cmd
C. Download and install the Microsoft Monitoring Agent
D. Create the ForceDefenderPassiveMode registry setting

Answer: C

NEW QUESTION # 171
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains 1,000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending email messages as User5.
Solution: You modify the privacy profile, and then create a Data Subject Request (DSR) case.
Does this meet the goal?

A. No
B. Yes

Answer: A

NEW QUESTION # 172
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You have the devices shown in the following table.

You have the Microsoft Defender for Endpoint portal roles shown in the following table.

You have the Microsoft Defender for Endpoint device groups shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 173
You are evaluating which devices are compliant in Intune.
For eachof the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 174
An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

What should you do to meet the security requirements?

A. From the Azure Active Directory admin center, remove the Exchange administrator role to Admin1
B. Change the Assignment Type for Admin1 toEligible
C. Change the Assignment Type for Admin2 toPermanent
D. From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2

Answer: B

NEW QUESTION # 175
You have a Microsoft 365 E5 subscription that contains a user named User1 and the groups shown in the following table.

You plan to create a communication compliance policy named Policy1.
You need to identify whose communications can be monitored by Policy1, and who can be assigned the Reviewer role for Policy1.
Who should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide

NEW QUESTION # 176
Your company has a Microsoft 365 subscription that contains the users shown in the following table.

The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP). Windows Defender ATP includes the roles shown in the following table:

Windows Defender ATP contains the machine groups shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 177
You have a Microsoft 365 E5 subscription that contains three users named User1, User2 and User3.
You have Azure AD roles that have the role activation settings shown in the following table.

You have Azure AD roles that have the role assignment settings shown in the following table.

The Azure AD roles have eligible users assigned as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 178
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You add internal as a blocked word in the group naming policy for contoso.com.
You add Contoso- as prefix in the group naming policy for contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

User Admin and Global Admin are exempt from group password policies.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/solutions/groups-naming-policy?view=o365-worldwide

NEW QUESTION # 179
Your company has a Microsoft 365 subscription, a Microsoft Azure subscription, and an Azure Active Directory (Azure AD) tenant named contoso.com.
The company has the offices shown in the following table.

The tenant contains the users shown in the following table.

You create the Microsoft Cloud App Security policy shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 180
You have a Microsoft 365 subscription and a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) subscription.
You have devices enrolled in Microsoft Endpoint Manager as shown in the following table:

You integrate Microsoft Defender ATP and Endpoint Manager.
You plan to evaluate the Microsoft Defender ATP risk level for the devices.
You need to identify which devices can be evaluated.
Which devices should you identify?

A. Device1 and Device3 only
B. Device2 and Device3 only
C. Device1 only
D. Device1 and Device2 only

Answer: C

Explanation:
Explanation
Microsoft Defender ATP supports Windows 10, Windows Server, macOSX, and Linux D18912E1457D5D1DDCBD40AB3BF70D5D Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimumrequireme

NEW QUESTION # 181
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit.

The synchronization schedule is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 182
You have a Microsoft 365 subscription that contains the users shown in the following table.

Group1 is member of a group named Group3.
The Azure Active Directory (Azure AD) tenant contains the Windows 10 devices shown in the following table.

Microsoft Endpoint Manager has the devices shown in the following table.

Microsoft Endpoint Manager contains the compliance policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.