MS-500

You have a Microsoft 365 Enterprise E5 subscription. You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator. What is a prerequisite for running Attack simulator?

A. Enable multi-factor authentication (MFA)

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports in the Threat management dashboard. Which role provides User1 with the required role permissions?

A. Security reader - correct

Case Study 2: Litware Inc Which IP address space should you include in the MFA configuration?

B. 192.168.16.0/20

You have a Microsoft 365 subscription that includes a user named Admin1. You need to ensure that Admin1 can preserve all the mailbox content of users, including their deleted items. The solution must use the principle of least privilege. What should you do?

B. From the Exchange admin center, assign the Discovery Management admin role to Admin1.

You create a label that encrypts email data. Users report that they cannot use the label in Outlook on the web to protect the email messages they send. You need to ensure that the users can use the new label to protect their email. What should you do?

B. Wait six hours and ask the users to try again

You have a hybrid Microsoft 365 environment. All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed. All the computers are joined to Active Directory. You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft. What should you do?

C. Configure a registry on the computers

You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization. Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online. You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members. The email address that you intend to spoof belongs to the Executive group members. What should you do first?

C. Enable MFA for the Research group members

Case Study 3: Contoso Ltd Which role should you assign to User1?

C. Privileged role administrator

Case Study 2: Litware Inc You need to create Group2. What are two possible ways to create the group?

C. a security group in the Microsoft 365 admin center E. a security group in the Azure AD admin center

Case Study 3: Contoso Ltd You are evaluating which devices are compliant in Intune. Device2 is compliant Device5 is compliant Device6 is compliant

Yes - Device2 is compliant No - Device5 is compliant Yes - Device6 is compliant

You have a Microsoft 365 subscription. A customer requests that you provide her with all documents that reference her by name. You need to provide the customer with a copy of the content. Which four actions should you perform in sequence?

1. Create a Data Subject Request (DSR) case. 2. View the results 3. Save the results 4. Export the results

Case Study 2: Litware Inc You need to configure threat detection for Active Directory. The solution must meet the security requirements. Which three actions should you perform in sequence?

1. Create a workspace in Azure ATP 2. Download & install the Azure ATP sensor package on DC1, DC2, & DC3 3. Configure the Directory services settings in Azure ATP

You have a Microsoft 365 subscription. You have a site collection named SiteCollection1 that contains a site named Site2. Site2 contains a document library named Customers. Customers contains a document named Litware.docx. You need to remove Litware.docx permanently. Which three actions should you perform in sequence?

1. Delete Litware.docx from Customers 2. Delete Litware.docx from the Recycle Bin of Site2 3. Delete Litware.docx from the Recycle Bin of SiteCollection1

You have a Microsoft 365 subscription. From the Microsoft 365 admin center, you create a new user. You plan to assign the Reports reader role to the user. You need to see the permissions of the Reports reader role. Which admin center should you use?

A. Azure Active Directory - correct

You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune. You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network. What should you do first?

A. From the Azure Active Directory admin center, create a new certificate

Case Study 1: Fabricam You need to recommend a solution for the user administrators that meets the security requirements for auditing. Which blade should you recommend using from the Azure Active Directory admin center?

A. Sign-ins

You create a data loss prevention (DLP) policy as shown in the following shown: IMAGE - cant really see it What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?

A. The user receives a notification and can send the email message

You have a Microsoft 365 tenant. You create a label named Company Confidential in Microsoft Azure Information Protection. You add Company Confidential to a global policy. A user protects an email message by using Company Confidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. Solution: You create a new label in the global policy and instruct the user to resend the email message. Does this meet the goal?

A. YES

You have a Microsoft 365 subscription. All computers run Windows 10 Enterprise and are managed by using Microsoft Intune. You plan to view only security-related Windows telemetry data. You need to ensure that only Windows security data is sent to Microsoft. What should you create from the Intune admin center?

A. a device configuration profile that has device restrictions configured

Case Study 3: Contoso Ltd Which users are members of ADGroup1 and ADGroup2? ADGroup1: ADGroup2:

ADGroup1: User1, User2, User3, User4 ADGroup2: User2 & User4 only

Your company uses Microsoft Azure Advanced Threat Protection (ATP). You enable the delayed deployment of updates for an Azure ATP sensor named Sensor1. How long after the Azure ATP cloud service is updated will Sensor1 be updated?

B. 24 hours

You have a M365 tenant. You have 500 computers that run Windows 10. You plan to monitor the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP) after the computers are enrolled in Microsoft Intune. You need to ensure that the computers connect to Windows Defender ATP. How should you prepare Intune for Windows Defender ATP?

B. Create a device configuration profile

You recently created and published several labels policies in a Microsoft 365 subscription. You need to view which labels were applied by users manually and which labels were applied automatically. What should you do from the Security & Compliance admin center?

B. From Data governance, select Events

You have a Microsoft 365 subscription. Some users access Microsoft SharePoint Online from unmanaged devices. You need to prevent the users from downloading, printing, and syncing files. What should you do?

B. From the SharePoint admin center, configure the Access control settings

You have a Microsoft 365 subscription. You need to ensure that all users who are assigned the Exchange administrator role have multi-factor authentication (MFA) enabled by default. What should you use to achieve the goal?

B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management

You have a Microsoft 365 tenant. You create a label named Company Confidential in Microsoft Azure Information Protection. You add Company Confidential to a global policy. A user protects an email message by using Company Confidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. Solution: You modify the content expiration settings of the label. Does this meet the goal?

B. No

You have a Microsoft 365 tenant. You create a label named Company Confidential in Microsoft Azure Information Protection. You add Company Confidential to a global policy. A user protects an email message by using Company Confidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. Solution: You modify the encryption settings of the label. Does this meet the goal?

B. No

Case Study 3: Contoso Ltd What should User6 use to meet the technical requirements?

B. Service requests in the Microsoft 365 admin center

Your company has a Microsoft 365 subscription. The company forbids users to enroll personal devices in mobile device management (MDM). Users in the sales department have personal iOS devices. You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant. The users must be prevented from backing up the app's data to iCloud. What should you create?

B. an app protection policy in Microsoft Intune

Case Study 2: Litware Inc You need to implement Windows Defender ATP to meet the security requirements. What should you do?

C. Download and install the Microsoft Monitoring Agent

You have a Microsoft 365 subscription. Yesterday, you created retention labels and published the labels to Microsoft Exchange Online mailboxes. You need to ensure that the labels will be available for manual assignment as soon as possible. What should you do?

C. From Exchange Online PowerShell, run Start-ManagedFolderAssistant

You have a Microsoft 365 subscription. The Global administrator role is assigned to your user account. You have a user named Admin1. You create an eDiscovery case named Case1. You need to ensure that Admin1 can view the results of Case1. What should you do first?

C. From Security & Compliance admin center, assign a role group to Admin1.

You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries. Which two actions should you perform?

C. From the SharePoint & Compliance admin center, create a label. E. From the Security & Compliance admin center, publish a label.

Your company has a Microsoft 365 subscription that includes a user named User1. You suspect that User1 sent email messages to a competitor detailing company secrets. You need to recommend a solution to ensure that you can review any email messages sent by User1 to the competitor, including sent items that were deleted. What should you include in the recommendation?

C. Place a Litigation Hold on the mailbox of User1

You have a Microsoft 365 subscription. You need to enable auditing for all Microsoft Exchange Online users. What should you do?

C. Run the Set-Mailbox cmdlet

Case Study 3: Contoso Ltd Which user passwords will User2 be prevented from resetting?

C. User4 only

You have a Microsoft 365 subscription. You need to create data loss prevention (DLP) queries in Microsoft SharePoint Online to find sensitive data stored in sites. Which type of site collection should you create first?

C. eDiscovery Center

You have a Microsoft 365 subscription. You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware. You need to configure the retention duration for the attachments in quarantine. Which type of threat management policy should you create from the Security & Compliance admin center?

D. Anti-malware

Case Study 3: Contoso Ltd You need to meet the technical requirements for User9. What should you do?

D. Assign the Global administrator role to User9

Case Study 1: Fabricam What should you do to meet the security requirements?

D. Change the Assignment Type for Admin1 to Eligible

Your company has 500 computers. You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives. You need to recommend a remediation solution that meets the following requirements: • Windows Defender ATP administrators must manually approve all remediation for the executives • Remediation must occur automatically for all other users • What should you recommend doing from Windows Defender Security Center?

D. Create two machine groups

You have a Microsoft 365 subscription. A user reports that changes were made to several files in Microsoft OneDrive. You need to identify which files were modified by which users in the user's OneDrive. What should you do?

D. From Microsoft Cloud App Security, open the activity log

You have a Microsoft 365 E5 subscription. You implement Advanced Threat Protection (ATP) safe attachments policies for all users. User reports that email messages containing attachments take longer than expected to be received. You need to reduce the amount of time it takes to receive email messages that contain attachments. The solution must ensure that all attachments are scanned for malware. Attachments that have malware must be blocked. What should you do from ATP?

D. Set the action to Dynamic Delivery

You have a Microsoft 365 E5 subscription. From Microsoft Azure Active Directory (Azure AD), you create a security group named Group1. You add 10 users to Group1. You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location. What should you do? From the Azure portal, create a conditional access policy & configure: From an Exchange online remote PowerShell session, run:

From the Azure portal, create a conditional access policy & configure: Users & Groups, Cloud apps & Confitional Settings From an Exchange online remote PowerShell session, run: New-OWAMailbox Policy & Set-OwaMailboxPolicy

You have a Microsoft 365 subscription. You are creating a retention policy named Retention1 as shown in the following exhibit. Image - Retention Policy - Yes I want to retain for 2 years from when it was last modified - Yes - delete You apply Retention1 to SharePoint sites and OneDrive accounts. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. If a user creates a file in MS SharePoint library on Jan 1, 2019, and modified the file every six months, the file will be: If a user created a file in MS OneDrive on Jan 1, 2019, modifies the file on March 1, 2019 and declares files on May 2, 2019 the user:

If a user creates a file in MS SharePoint library on Jan 1, 2019, and modified the file every six months, the file will be: Retained If a user created a file in MS OneDrive on Jan 1, 2019, modifies the file on March 1, 2019 and declares files on May 2, 2019 the user: Can recover the file until March 1, 2020

You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit. IMAGE If you reset the password in AAD, the password will: If you join a computer to AAD:

If you reset the password in AAD, the password will: Be overwritten If you join a computer to AAD: an object will be provisioned in the RegiseredDevices container

You have a Microsoft 365 subscription. All users use Microsoft Exchange Online. Microsoft 365 is configured to use the default policy settings without any custom rules. You manage message hygiene. Where are suspicious email messages placed by default? Messages that contain word-filtered content: Messages that are classified as phishing:

Messages that contain word-filtered content: The Junk email folder of a user's mailbox Messages that are classified as phishing: The Junk email folder of a user's mailbox

You have a Microsoft 365 subscription that uses a default domain name of contoso.com. Microsoft Azure Active Directory (Azure AD) contains the users shown in the following table. User 1 - Group 1 User2 - Group 1, Group 2 User3 - Group 3 Microsoft Intune has two devices enrolled as shown in the following table: Device1: Android Device2: Win 10 Both devices have three apps named App1, App2, and App3 installed. You create an app protection policy named ProtectionPolicy1 that has the following settings: • Protected apps: App1 • Exempt apps: App2 • Windows Information Protection mode: Block • You apply ProtectionPolicy1 to Group1 and Group3. • You exclude Group2 from ProtectionPolicy1. Yes/No From Device1, User1 can copy data from app1 to app2 From Device2, User1 can copy data from app1 to app2 From Device2, User1 can copy data from app1 to app2

NO - From Device1, User1 can copy data from app1 to app2 Yes - From Device2, User1 can copy data from app1 to app2 Yes - From Device2, User1 can copy data from app1 to app2

You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: • Source Anchor: objectGUID • Password Hash Synchronization: Disabled • Password writeback: Disabled • Directory extension attribute sync: Disabled • Azure AD app and attribute filtering: Disabled • Exchange hybrid deployment: Disabled • User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Source Anchor settings. Does that meet the goal?

No

You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: • Source Anchor: objectGUID • Password Hash Synchronization: Disabled • Password writeback: Disabled • Directory extension attribute sync: Disabled • Azure AD app and attribute filtering: Disabled • Exchange hybrid deployment: Disabled • User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Azure AD app and attribute filtering settings. Does that meet the goal?

No

Case Study 3: Contoso Ltd You are evaluating which finance department users will be prompted for Azure MFA credentials. Yes/No A fiance dept user who has an IP address fro the Montreal office will be prompted for Azure MFA credentials A finance dept user who works from home and who has an IP address of 193.77.140.140 will be prompted for Azure MFA credentials A finance dept user who has an IP address from the New York office will be prompted for Azure MFA Credentials

No - A fiance dept user who has an IP address fro the Montreal office will be prompted for Azure MFA credentials Yes - A finance dept user who works from home and who has an IP address of 193.77.140.140 will be prompted for Azure MFA credentials Yes - A finance dept user who has an IP address from the New York office will be prompted for Azure MFA Credentials

You have the Microsoft conditions shown in the following table. - Condition1 - Product1 - Off - Condition2 - Product2 - On You have the Azure Information Protection labels shown in the following table. - Lable1 - condtiona1 - automatically - Label2 - Condtiona2 - austomatically You have the Azure Information Protection policies shown in the following table. - Global - NA - None - None - Policy1 - User1 - Lable2 - None - Policy2 - User2 - Lable2 - None Yes/No If a user types "product1 & product2" in a document and saves the doc in Ms Word, the doc will be assigned Lable1 sensitivity automatically If a user types "product2 & product1" in a document and saves the doc in Ms Word, the doc will be assigned Lable2 sensitivity automatically If a user types "product2" in a doc and save the doc in MS Word, the doc will be assigned Lable2 sensitivity automatically

No - If a user types "product1 & product2" in a document and saves the doc in Ms Word, the doc will be assigned Lable1 sensitivity automatically Yes - If a user types "product2 & product1" in a document and saves the doc in Ms Word, the doc will be assigned Lable2 sensitivity automatically No - If a user types "product2" in a doc and save the doc in MS Word, the doc will be assigned Lable2 sensitivity automatically

Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed. You have a Microsoft Azure subscription. You are deploying Azure Advanced Threat Protection (ATP) You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016. You need to integrate the VPN and Azure ATP. What should you do? On VPN1: On Server1:

On VPN1: Configure an accounting provider On Server1, enabled the following inbound port: 1813

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table. - Group1 - Security Group (Domain Level) - [email protected] - Group2 - Security Group (Universal) - None - Group 3 - Distribution Group (Global) - None - Group4 - Distribution Group (Univeral) - [email protected] The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table. - Gorup11 - Security Group - Assigned - Group12 - Security Group - Dynamic - Group13 - Office - Assigned - Group14 - Mail-enabled security group - assigned You create an Azure Information Protection policy named Policy1. You need to apply Policy1. To which groups can you apply Policy1? On-premises AD Groups: AAD groups:

On-premises AD Groups: Group1 & Group4 only AAD groups: Group13 & Group14 only

You have a Microsoft 365 subscription. You identify the following data loss prevention (DLP) requirements: • Send notifications to users if they attempt to send attachments that contain EU social security numbers • Prevent any email messages that contain credit card numbers from being sent outside your organization • Block the external sharing of Microsoft OneDrive content that contains EU passport numbers Send administrators email alerts if any rule matches occur. What is the minimum number of DLP policies and rules you must create to meet the requirements? Policies: Rules:

Policies: 3 Rules: 3

Case Study 1: Fabricam You need to recommend an email malware solution that meets the security requirements. What should you include in the recommendation? Policy to create: Option to configure:

Policy to create: ATP Safe attachments Option to configure: Replace

Case Study 1: Fabricam You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group. Which other settings should you configure? Set Frequency to: To ensure that access is removed if an administrator fails to respond, configure the:

Set Frequency to: Weekly To ensure that access is removed if an administrator fails to respond, configure the: Upon completion settings

You view Compliance Manager as shown in the following exhibit. - GDPR = 306 To Increase the GDPR Compliance Score for MS O365, you must: The current GDPR Compliance Score:

To Increase the GDPR Compliance Score for MS O365, you must: Assign action items The current GDPR Compliance Score: Proves that the organization is not-compliant

You have a Microsoft 365 subscription that uses a default domain name of contoso.com. The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Click the Exhibit tab.) IMAGE - Allow users to create app passwords to sign in to non-browser apps Methods available to users NO - Call to phone Yes - Text message to phone Yes - Notification through mobile app Yes - Verification code from app or hardware token Users User1 - MFA Enabled User2 - MFA Enabled User3 - MFA Disabled Which is the correct configuration? User1: User2:

User 1: Must Complete the MFA registration at the next sign-in User 2: Must use app passwords for legacy apps - correct

You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: • Source Anchor: objectGUID • Password Hash Synchronization: Disabled • Password writeback: Disabled • Directory extension attribute sync: Disabled • Azure AD app and attribute filtering: Disabled • Exchange hybrid deployment: Disabled • User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Password Hash Synchronization settings. Does that meet the goal?

Yes

You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown in the following table. - Policy1 - OneDrive accounts - Policy2 Exchange email, SharePoint sites, OneDrive accounts, O365 Groups Policy1 if configured as showing in the following exhibit. - Retain - Yes for 1 year Policy2 is configured as shown in the following exhibit. - Retain - Yes for 3 years from when it was created - Delete - NO Yes/No If a user creates a file in MS OneDrive on Jan 1, 2018, users can access the file on Jan 15, 2019 If a user deletes a MS OneDrive file created on Jan 1, 2018, and admin can recover the file on April 15, 2019 If a user deleted a MS OneDrive tile created on Jan 1, 2018 an admin can recover the file on April 15 2022.

Yes - If a user creates a file in MS OneDrive on Jan 1, 2018, users can access the file on Jan 15, 2019 Yes - If a user deletes a MS OneDrive file created on Jan 1, 2018, and admin can recover the file on April 15, 2019 No - If a user deleted a MS OneDrive tile created on Jan 1, 2018 an admin can recover the file on April 15 2022.

Your company has a Microsoft 365 subscription, a Microsoft Azure subscription, and an Azure Active Directory (Azure AD) tenant named contoso.com. The company has the offices shown in the following table. - Montreal - 10.10.0.0/16 - 190.12.1.0/24 - Seattle - 172.16.0.0/16 - 194.25.2.0/24 - New York - 192.168.0.0/16 - 198.35.2.0/24 The tenant contains the users shown in the following table. - User1 - [email protected] - User2 - [email protected] You create the Microsoft Cloud App Security policy shown in the following exhibit. IMAGE - app filters for the policy - Min activities repeated = 30 - Within 1 min time frame - IPs - 10.10.0.0/24 or 194.25.2.0/24 Yes/No In the Montreal office, if User1 downloads 40 files in 30 sec, and alert will be created In the Seattle office if User2 downloads one file per second for 2 mins an alert will be created In the New York office, if User1 downloads 40 files in 10 seconds and alert will be triggered

Yes - In the Montreal office, if User1 downloads 40 files in 30 sec, and alert will be created Yes - In the Seattle office if User2 downloads one file per second for 2 mins an alert will be created No - In the New York office, if User1 downloads 40 files in 10 seconds and alert will be triggered

Your company has a Microsoft 365 subscription that contains the users shown in the following table. - User1 - group1 - User2 - gorup2 - User3 - group3 The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP). Windows Defender ATP includes the roles shown in the following table: - Role1 - view data, activate remediation actions, alert investication (Group 1) - Role2 - view data, active remediation actions (group2) - Wind Defender ATP Admin (default) - View Data, Alerts investigations, Active remediations, Manage portal, manage security (group3) Windows Defender ATP contains the machine groups shown in the following table: - First - ATP Group 1 - Device2 - Group 1 - Last - Ungroupd machines (default) Yes/No User1 can run an antivirus scan on Device1 User2 can collect an investigation package from Device2 User3 can isolate Device 1

Yes - User1 can run an antivirus scan on Device1 No - User2 can collect an investigation package from Device2 No - User3 can isolate Device 1