Visit Official SkillCertPro Website :-
For a full set of 320+ questions. Go to
https://skillcertpro.com/product/microsoft-365-security-administrator-ms-500-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
You have a Microsoft 365 Enterprise E5 subscription.
You use Windows Defender Advanced Threat Protection (Windows Defender ATP).
You need to integrate Microsoft Office 365 Threat Intelligence and Windows Defender ATP.
Where should you configure the integration?
A. From the Microsoft 365 admin center, select Reports, and then select Security & Compliance.
B. From the Security & Compliance admin center, select Threat management, and then select Explorer.
C. From the Security & Compliance admin center, select Threat management and then select Threat tracker.
D. From the Microsoft 365 admin center, select Settings, and then select Services & add-ins.
Answer: B
Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/integrate-office-365-ti-with-wdatp
Question 2:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
You have an on-premises Active Directory domain named contoso.com.
You install and run Azure AD Connect on a server named Server1 that runs Windows Server.
You need to view Azure AD Connect events.
You use the Security event log on Server1.
Does that meet the goal?
A. No
B. Yes
Answer: A
Explanation:
Reference:
Question 3:
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.
A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.
You need to ensure that the external recipients can open protected email messages sent to them.
Solution: You modify the content expiration settings of the label.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Modifying the expiration won’t allow the external users to view the message, regardless of whether the email is resent or not.
Need to change the groups to whom the label is available
Question 4:
You have a Microsoft 365 Enterprise E5 subscription.
You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator.
What is a prerequisite for running Attack simulator?
A. Integrate Office 365 Threat Intelligence and Windows Defender ATP
B. Configure Advanced Threat Protection (ATP)
C. Enable multi-factor authentication (MFA)
D. Create a Conditional Access App Control policy for accessing Office 365
Answer: C
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator
Question 5:
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
? Source Anchor: objectGUID
? Password Hash Synchronization: Disabled
? Password writeback: Disabled
? Directory extension attribute sync: Disabled
? Azure AD app and attribute filtering: Disabled
? Exchange hybrid deployment: Disabled
? User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Leaked credentials detection in Azure AD Identity Protection requires Password Hash Sync enabled in Azure AD Connect
For a full set of 320+ questions. Go to
https://skillcertpro.com/product/microsoft-365-security-administrator-ms-500-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
You have a Microsoft 365 subscription.
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and syncing files.
What should you do?
A. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy
B. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy
C. Run the Set-SPODataConnectionSetting cmdlet and specify the AssignmentCollection parameter
D. From the SharePoint admin center, configure the Access control settings
Answer: D
Explanation:
Question 7:
You have a Microsoft 365 subscription.
A security manager receives an email message every time a data loss prevention (DLP) policy match occurs.
You need to limit alert notifications to actionable DLP events.
What should you do?
A. From the Security & Compliance admin center, modify the User overrides settings of a DLP policy.
B. From the Cloud App Security admin center, apply a filter to the alerts.
C. From the Security & Compliance admin center, modify the Policy Tips of a DLP policy.
D. From the Security & Compliance admin center, modify the matched activities threshold of an alert policy.
Answer: D
Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies
Question 8:
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
? Source Anchor: objectGUID
? Password Hash Synchronization: Disabled
? Password writeback: Disabled
? Directory extension attribute sync: Disabled
? Azure AD app and attribute filtering: Disabled
? Exchange hybrid deployment: Disabled
? User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?
A. No
B. Yes
Answer: B
Explanation:
Protect against leaked credentials and add resilience against outages If your organization uses a hybrid identity solution with pass-through authentication or federation, then you should enable password hash sync for the following two reasons: The Users with leaked credentials report in the Azure AD management warns you of username and password pairs, which have been exposed on the “dark web.” An incredible volume of passwords is leaked via phishing, malware, and password reuse on third-party sites that are later breached. Microsoft finds many of these leaked credentials and will tell you, in this report, if they match credentials in your organization but only if you enable password hash sync!
References:
https://docs.microsoft.com/en-us/azure/security/azure-ad-secure-steps
Question 9:
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
A. Modify the Domain synchronizer candidate's settings on the Azure ATP sensors.
B. Integrate SIEM and Azure ATP.
C. Turn off Delayed updates for the Azure ATP sensors.
D. Configure auditing in the Office 365 Security & Compliance center.
Answer: B
Explanation:
To enhance threat detection capabilities, Azure Advanced Threat Protection (Azure ATP) needs the following Windows Events: 4776, 4732, 4733, 4728, 4729, 4756, 4757, 7045 and 8004. These events can either be read automatically by the Azure ATP sensor or in case the Azure ATP sensor is not deployed, they can be forwarded to the Azure ATP standalone sensor in one of two ways, by configuring the Azure ATP standalone sensor to listen for SIEM events or by Configuring Windows Event Forwarding.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-windows-event-collection
Question 10:
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
A. Enable the Audit account management Group Policy setting for the servers.
B. Turn on Delayed updates for the Azure ATP sensors.
C. Configure auditing in the Office 365 Security & Compliance center.
D. Configure Event Forwarding on the domain controllers
Answer: D
Explanation:
These events can be received from your SIEM or by setting Windows Event Forwarding from your domain controller.”
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-collection
For a full set of 320+ questions. Go to
https://skillcertpro.com/product/microsoft-365-security-administrator-ms-500-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.