• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • MS-500 Dumps PDF
  • 327 Questions
  • Updated On April 19, 2024

PDF + Test Engine

$55.00 Free Updates Upto 90 Days

  • MS-500 Question Answers
  • 327 Questions
  • Updated On April 19, 2024

Test Engine

$45.00 Free Updates Upto 90 Days

  • MS-500 Practice Questions
  • 327 Questions
  • Updated On April 19, 2024
Check Our Free Microsoft MS-500 Online Test Engine Demo.

How to pass Microsoft MS-500 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Microsoft MS-500 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Microsoft MS-500 Dumps are Worth it?

Did we mention our latest MS-500 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Microsoft Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Microsoft 365 Security Administration Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Microsoft 365 Security Administration Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get MS-500 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the MS-500 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Microsoft MS-500 Sample Question Answers

Question # 1

You have a Microsoft 365 subscription that contains a user named Used. You need to assign User1 permissions to search Microsoft Office 365 audit logs. What should you use?

A. the Azure Active Directory admin center
B. the Microsoft 365 Compliance center
C. the Microsoft 365 Defender portal
D. the Exchange admin center

Question # 2

You have a Microsoft 365 tenant that has modern authentication enabled. You have Windows 10, MacOS. Android, and iOS devices that are managed by using Microsoft Endpoint Manager. Some users have older email client applications that use Basic authentication to connect to Microsoft Exchange Online. You need to implement a solution to meet the following security requirements- • Allow users to connect to Exchange Online only by using email client applications that support modern authentication protocols based on OAuth 2.0.• Block connections to Exchange Online by any email client applications that do NOT support modern authentication. What should you implement?

A. a conditional access policy in Azure Active Directory (Azure AD)
B. an OAuth app policy m Microsoft Defender for Cloud Apps
C. a compliance policy in Microsoft Endpoint Manager
D. an application control profile in Microsoft Endpoint Manager

Question # 3

On January 2, you publish label to User1. On January 3. User 1 creates a Microsoft Word document named Doc1 and applies Label to the document. On January 4. User2 edits Doc1.On January 15, you increase the content expiry period for Label to 28 days. When will access to Doc1 expire for User2?

A. January 23
B. January 24
C. January 25
D. January 31

Question # 4

A. Conditional Access
B. insider risk management
C. information barrier
D. communication compliance

Question # 5

You have a Microsoft 365 E5 subscription that contains a user named User1. User1 needs to be able to create Data Subject Requests (DSRs) in the Microsoft 365 compliance center.To which role or role group should you add User1?

A. the Compliance Data Administrator role
B. the Data Investigator role
C. the eDiscovery Manager role
D. the Records Management role group

Question # 6

You have a Microsoft 365 E5 subscription. You create a sensitivity label named Label 1 and publish Label1 to all users and groups. You have the following files on a computer: • File1.doc• File2.docx • File3.xlsx • File4.txt You need to identify which files can have Label1 applied. Which files should you identify?

A. File2.docx only
B. File1.doc. File2.docx. File3.xlsx. a
C. File1 .doc. File2.docx, and File3.xlsx only
D. File2.docx and File3.xlsx only

Question # 7

You have a Microsoft 365 E5 subscription that contains a user named Used. You need to ensure that User! can use the Microsoft 365 compliance center to search audit logs and identify which users were added to Microsoft 365 role groups. The solution must use the principle of least privilege. To which role group should you add User1?

A. Security Reader
B. View-Only Organization Management
C. Organization Management
D. Compliance Management

Question # 8

You have a Microsoft 365 subscription that contains 100 users and a Microsoft 365 group named Group1. All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online. A sensitivity label named Label1 is published as the default label for Group1. You add two sublabels named Sublabel1 and Sublabel2 to Label1. You need to ensure that the settings in Sublabel1 are applied by default to Group1. What should you do?

A. Change the order of Sublabel1.
B. Modify the policy of Label 1.
C. Duplicate all the settings from Sublabel1 to Label 1.
D. Delete the policy of Label! and publish Sublabel1.

Question # 9

You create an Azure Sentinel workspace. You configure Azure Sentinel to ingest data from Azure Active Directory (Azure AD). In the Azure Active Directory admin center, you discover Azure AD Identity Protection alerts. The Azure Sentinel workspace shows the status as shown in the following exhibit. In Azure Log Analytics, you can see Azure AD data in the Azure Sentinel workspace. What should you configure in Azure Sentinel to ensure that incidents are created for detected threats?

A. data connectors
B. rules
C. workbooks
D. hunting queries

Question # 10

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 contains 100 users and has dynamic user membership. All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online. You create a sensitivity label named Label and publish Label 1 as the default label for Group!. You need to ensure that the users in Group1 must apply Label! to their email and documents. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Install the Azure Information Protection unified labeling client on the Windows 10 devices.
B. From the Microsoft 365 Compliance center, modify the settings of the Label1 policy.
C. Install the Active Directory Rights Management Services (AD RMS) client on the Windows 10 devices.
D. From the Microsoft 365 Compliance center, create an auto-labeling policy.
E. From the Azure Active Directory admin center, set Membership type for Group1 to Assigned.

Question # 11

Which users can use Content explorer?

A. Admin1 and Admin2 only
B. Admin4 only
C. Admm2 and Admin3 only
D. Admin1. Admin2. Admin3, and Admin4
E. Admin1 andAdmin4only

Question # 12

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Cloud Apps enabled. You need to create an alert in Defender for Cloud Apps when source code is shared externally.Which type of policy should you create?

A. Cloud Discovery anomaly detection
B. file
C. access
D. activity

Question # 13

You have a Microsoft 365 Enterprise E5 subscription. You use Microsoft Defender for Endpoint. You need to integrate Microsoft Defender for Office 365 and Microsoft Defender for Endpoint Where should you configure the integration?

A. From the Microsoft 365 admin center, select Settings, and then select Services fit addins
B. From the Microsoft 365 Defender portal, select Settings and then select Security center.
C. From the Microsoft 365 admin center, select Reports and then select Security & Compliance
D. From the Microsoft 365 Defender portal, select Explorer and then select MDE Settings

Question # 14

A. User2 only
B. User3 only
C. Used and User2 only
D. User2 and User3 only
E. User1,User2, and User3

Question # 15

You have a Microsoft 365 E5 subscription. You create a data loss prevention (OLP) policy and select Use Notifications to inform your users and help educate them on the proper use of sensitive info. Which apps will show the policy tip?

A. Outlook on the web and Outlook Win32 only
B. Outlook Win32 and Outlook for lOS and Android only Outlook Win32 only
C. Outlook for iOS and Android only
D. Outlook on the web, Outlook Win32, and Outlook for iOS and Android 
E. Outlook on the web only

Question # 16

You have a Microsoft 365 subscription that contains 50 devices- The devices are enrolled in Microsoft Endpomt Manager and have Microsoft Defender for Endpoint enabled. You need to identify devices that have a pending offline scan. What should you do?

A. From the Microsoft 365 Defender portal, review the Threat & Vulnerability Management dashboard.
B. From the Microsoft 365 Defender portal, review the Threat analytics dashboard
C. From the Microsoft Endpoint Manager admin center, review the Detected malware report
D. From the Microsoft Endpoint Manager admin center, review the Antivirus agent status report.

Question # 17

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

A. User3 only 
B. User1 and User2 only 
C. User3 and User4 only 
D. User1 and User3 only 
E. User1 only 

Question # 18

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level. Solution: You configure the sign-in risk policy to block access when the sign-in risk level is high. Does this meet the goal?

A. Yes 
B. No

Question # 19

You have a Microsoft 365 subscription. You need to recommend a passwordless authentication solution that uses biometric authentication. What should you include in the recommendation?

A. Windows Hello for Business 
B. a smart card 
C. the Microsoft Authenticator app 
D. a PIN 

Question # 20

Your network contains an on-premises Active Directory domain and a Microsoft 365 subscription. You plan to deploy a hybrid Azure Active Directory (Azure AD) tenant that has Azure ADIdentity Protection risk policies enabled. You need to configure Azure AD Connect to support the planned deployment. Which Azure AD Connect authentication method should you select?

A. Federation with AD FS 
B. Federation with PingFederate 
C. Password Hash Synchronization 
D. Pass-through authentication 

Question # 21

You have a Microsoft 365 E5 subscription that has Microsoft 365 Defender enabled. You plan to deploy a third-party app named App1 that will receive alert data from Microsoft 365 Defender. Which format will Microsoft 365 Defender use to send the alert data to App1?

A. JSON 
B. ZIP 
C. XML 
D. CSV 

Question # 22

You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and an Office 365 connector. From the workspace, you plan to create a scheduled query rule that will use a custom query. The rule will be used to generate alerts when inbound access to Office 365 from specific user accounts is detected. You need to ensure that when multiple alerts are generated by the rule, the alerts are consolidated as a single incident per user account. What should you do?

A. From Set rule logic, map the entities. 
B. From Analytic rule details, configure Severity. 
C. From Set rule logic, set Suppression to Off. 
D. From Analytic rule details, configure Tactics. 

Question # 23

You have a Microsoft 365 E5 subscription You need to use Microsoft Cloud App Security to identify documents stored in Microsoft SharePomt Online that contain proprietary information.What should you create in Cloud App Security?

A. a data source and a file policy 
B. a data source and an app discovery policy 
C. an app connector and an app discovery policy 
D. an app connector and a We policy 

Question # 24

You have a Microsoft 365 tenant that is linked to a hybrid Azure Active Directory (Azure AD) tenant named contoso.com. You need to enable Azure AD Seamless Single Sign-On (Azure AD SSO) for contoso.com. What should you use?

A. Azure AD Connect 
B. the Azure Active Directory admin center 
C. the Microsoft 365 Security admin center 
D. the Microsoft 365 admin center 

Question # 25

You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains a user named User1. You configure information barriers. You need to identify which information barrier policies apply to User1. Which cmdlet should you use?

A. Get-InformationBarrierRecipientStatus 
B. Get-InformationBarrierPoliciesApplicationStatus 
C. Get-InformationBarrierPolicy 
D. Get-OrganizationSegment 

Question # 26

You have a Microsoft 365 E5 subscription that contains 1,000 Windows 10 devices. The devices are onboarded to Microsoft Defender for Endpoint. You need to view a consolidated list of the common vulnerabilities and exposures (CVE) that affect the devices. The solution must minimize administrative effort. Which Threat & Vulnerability Management page should you use?

A. Software inventory 
B. Event timeline 
C. Weaknesses 
D. Security recommendations 

Question # 27

A. data connectors 
B. rules 
C. workbooks 
D. hunting queries 

Question # 28

You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1. you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level. Solution: You configure the user risk policy to block access when the user risk level is medium and higher. Does this meet the goal?

A. Yes 
B. No 

Question # 29

You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identities User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level. Solution: You configure the user risk policy to block access when the user risk level is high. Does this meet the goal?

A. Yes 
B. No 

Question # 30

A. User2 only 
B. User3 only 
C. Used and User2 only 
D. User2 and User3 only 
E. User1,User2, and User3 

Question # 31

You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a tower risk level. Solution: From the Access settings, you select Block access for User1. Does this meet the goal?

A. Yes 
B. No 

Question # 32

Your network contains an on-premises Active Directory domain named contoso.local that has a forest functional level of Windows Server 2008 R2. You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to install Azure AD Connect and enable single sign-on (SSO). You need to prepare the domain to support SSO. The solution must minimize administrative effort. What should you do?

A. Raise the forest functional level to Windows Server 2016. 
B. Modify the UPN suffix of all domain users. 
C. Populate the mail attribute of all domain users. 
D. Rename the domain. 

Question # 33

You have several Conditional Access policies that block noncompliant devices from connecting to services. You need to identify which devices are blocked by which policies. What should you use?

A. the Device compliance report in the Microsoft Endpoint Manager admin center 
B. the Device compliance trends report in the Microsoft Endpoint Manager admin center 
C. Activity log in the Cloud App Security admin center 
D. the Conditional Access Insights and Reporting workbook in the Azure Active Directory admin center 

Question # 34

You have a Microsoft 365 subscription.You need to enable auditing for all Microsoft Exchange Online users.What should you do?

A. From the Exchange admin center, create a journal rule
B. Run the Set-MailboxDatabase cmdlet 
C. Run the Set-Mailbox cmdlet 
D. From the Exchange admin center, create a mail flow message trace rule. 

Question # 35

You have an Azure Active Directory (Azure AD) tenant named contoso.com and aMicrosoft 365 subscription. Contoso.com contains the groups shown in the following table. You plan to create a supervision policy named Policy1.You need to identify which groups can be supervised by using Policy1.Which groups should you identify?

A. Group1 and Group4 only 
B. Group1 only 
C. Group1, Group3, and Group4 only 
D. Group2 and Group3 only 
E. Group1, Group2, and Group3 only 

Question # 36

You have a Microsoft 365 subscription.A security manager receives an email message every time a data loss prevention (DLP)policy match occurs.You need to limit alert notifications to actionable DLP events.What should you do?

A. From the Security & Compliance admin center, modify the Policy Tips of a DLP policy. 
B. From the Cloud App Security admin center, apply a filter to the alerts. 
C. From the Security & Compliance admin center, modify the User overrides settings of aDLP policy. 
D. From the Security & Compliance admin center, modify the matched activities thresholdof an alert policy. 

Question # 37

You have a Microsoft 365 subscription.Some users access Microsoft SharePoint Online from unmanaged devices.You need to prevent the users from downloading, printing, and syncing files.What should you do?

A. Run the Set-SPOTenant cmdlet and specify the -ConditionalAccessPolicy parameter. 
B. From the Security & Compliance admin center, create a data loss prevention (DLP)policy. 
C. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) IdentityProtection sign-in risk policy 
D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD)conditional access policy 

Question # 38

You have a Microsoft 365 subscription named contofco.comYou need to configure Microsoft OneDrive for Business external sharing to meet thefollowing requirements:• Enable flic sharing for users that rave a Microsoft account• Block file sharing for anonymous users.What should you do?

A. From Advanced settings tor external sharing, select Allow or Nock sharing with peopleon specific domains and add contoso.com. 
B. From the External sharing settings for OneDrive. select Existing external users. 
C. From the External sharing settings for OneDrive, select New and existing external users.
D. From the External sharing settings for OneDrive. select Only people in yourorganization. 

Question # 39

Your network contains an on-premises Active Directory domain. The domain containsservers that run Windows Server and have advanced auditing enabled.The security logs of the servers are collected by using a third-party SIEM solution.You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced ThreatProtection (ATP) by using standalone sensors.You need to ensure that you can detect when sensitive groups are modified and whenmalicious services are created.What should you do?

A. Configure Azure ATP notifications 
B. Configure Event Forwarding on the domain controllers 
C. Configure auditing in the Office 365 Security & Compliance center 
D. Modify the Domain synchronizer candidate settings on the Azure ATP sensors 

Question # 40

Von haw a Microsoft 365 subscription.You need to ensure that users on manually designate which content will be subject to datatoss prevention (DIP) polices?What should you create first?

A. a retention label 
B. a custom sensitive information type 
C. a safe attachments policy 
D. a Data Subject Request (OSR) 

Question # 41

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestions sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have a Microsoft 365 subscription that contains 1,000 user mailboxes.An administrator named Admin1 must be able to search for the name of a competingcompany in the mailbox of a user named User5.You need to ensure that Admin1 can search the mailbox of User5 successfully. Thesolution must prevent Admin1 from sending email messages as User5.Solution: You modify the permissions of the mailbox of User5, and then create aneDiscovery case.Does this meet the goal?

A. Yes 
B. No 

Question # 42

You have a Microsoft 365 E5 subscription without a Microsoft Azure subscription.Some users are required to use an authenticator app to access Microsoft SharePointOnline.You need to view which users have used an authenticator app to access SharePointOnline. The solution must minimize costs.What should you do?

A. From the Enterprise applications blade of the Azure Active Directory admin center, viewthe audit logs 
B. From Azure Log Analytics, query the logs 
C. From the Azure Active Directory admin center, view the audit logs 
D. From the Enterprise applications blade of the Azure Active Directory admin center, viewthe sign-ins 

Question # 43

Your company has a Microsoft 365 subscription that includes a user named User1.You suspect that User1 sent email messages to a competitor detailing company secrets.You need to recommend a solution to ensure that you can review any email messages sentby User1 to the competitor, including sent items that were deleted.What should you include in the recommendation?

A. Enable In-Place Archiving for the mailbox of User1 
B. From the Security & Compliance, perform a content search of the mailbox of User1 
C. Place a Litigation Hold on the mailbox of User1 
D. Configure message delivery restrictions for the mailbox of User1 

Question # 44

You haw a Microsoft 365 subscription.You receive a General Data Protection Regulation (GOPR) request for the customdictionary of a user From The Compliance admin center you need to create a contentsearch, should you configure the content search?

A. Condition: Type Operator Equals any of Value Documents 
B. .Condition; Type Operator Equals any of Value Office Roaming Service 
C. Condition: Title Operator Equals any of Value Normal. dot 
D. Condition: We type Operator Equals any of Value dic 

Question # 45

You have a Microsoft 365 subscription.You have a Microsoft SharePoint Online site named Site1.You have a Data Subject Request (DSR) case named Case1 that searches Site1.You create a new sensitive information type.You need to ensure that Case1 returns all the documents that contain the new sensitiveinformation type.What should you do?

A. From the Security & Compliance admin center, create a new Search by ID List. 
B. From Site1, modify the search dictionary. 
C. From the Security & Compliance admin center, create a new Guided search. 
D. From Site1, initiate a re-indexing of Site1. 

Question # 46

Note: This question is part of series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,thesequestions will not appear in the review screen.You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure ActiveDirectory (Azure AD) tenant named contoso.com.You use Active Directory Federation Services (AD FS) to federate on-premises ActiveDirectory and thetenant. Azure AD Connect has the following settings:Source Anchor: objectGUIDPassword Hash Synchronization: DisabledPassword writeback: DisabledDirectory extension attribute sync: DisabledAzure AD app and attribute filtering: DisabledExchange hybrid deployment: DisabledUser writeback: DisabledYou need to ensure that you can use leaked credentials detection in Azure AD IdentityProtection.Solution: You modify the Azure AD app and attribute filtering settings.Does that meet the goal?

A. Yes 
B. No 

Question # 47

You have a Microsoft 365 subscription.You need to ensure that all users who are assigned the Exchange administrator role havemulti-factorauthentication (MFA) enabled by default.What should you use to achieve the goal?

A. Security & Compliance permissions 
B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management 
C. Microsoft Azure AD group management 
D. Microsoft Office 365 user management 

Question # 48

Note: This question is part of series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,thesequestions will not appear in the review screen.You have a Microsoft 365 tenant. You create a label named CompanyConfidential inMicrosoft AzureInformation Protection.You add CompanyConfidential to a global policy.A user protects an email message by using CompanyConfidential and sends the label toseveral externalrecipients. The external recipients report that they cannot open the email message.You need to ensure that the external recipients can open protected email messages sent tothem.Solution: You modify the encryption settings of the label.Does this meet the goal?

A. Yes 
B. No 

Question # 49

You have a Microsoft 365 subscription.A user reports that changes were made to several files in Microsoft OneDrive.You need to identify which files were modified by which users in the user’s OneDrive.What should you do?

A. From the Azure Active Directory admin center, open the audit log 
B. From the OneDrive admin center, select Device access 
C. From Security & Compliance, perform an eDiscovery search 
D. From Microsoft Cloud App Security, open the activity log

Question # 50

You have a Microsoft 365 E5 subscription.Some users are required to use an authenticator app to access Microsoft SharePointOnline.You need to view which users have used an authenticator app to access SharePointOnline. The solution must minimize costs.What should you do?

A. From the Azure Active Directory admin center, view the sign-ins. 
B. From the Security & Compliance admin center, download a report. 
C. From the Azure Active Directory admin center, view the authentication methods. 
D. From the Azure Active Directory admin center, view the audit logs. 

Question # 51

You have a Microsoft 365 E5 subscription and 5,000 users.You create several alert policies that are triggered every time activities match rules.You need to create an alert policy that is triggered when the volume of matched activitiesbecomes unusual.What should you do first?

A. Enable Microsoft Office 365 auditing. 
B. Enable Microsoft Office 365 analytics. 
C. Enable Microsoft Office 365 Cloud App Security. 
D. Deploy a Microsoft Office 365 add-in to all the users.

Question # 52

You have a Microsoft 365 E5 subscription.You implement Advanced Threat Protection (ATP) safe attachments policies for all users.User reports that email messages containing attachments take longer than expected to bereceived.You need to reduce the amount of time it takes to receive email messages that containattachments. Thesolution must ensure that all attachments are scanned for malware. Attachments that havemalware must be blocked.What should you do from ATP?

A. Set the action to Block 
B. Add an exception 
C. Add a condition 
D. Set the action to Dynamic Delivery 

Question # 53

Your network contains an on-premises Active Directory domain. The domain containsservers that run Windows Server and have advanced auditing enabled.The security logs of the servers are collected by using a third-party SIEM solution.You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced ThreatProtection (ATP) by using standalone sensors.You need to ensure that you can detect when sensitive groups are modified and whenmalicious services are created.What should you do?

A. Configure Event Forwarding on the domain controllers 
B. Configure auditing in the Office 365 Security & Compliance center. 
C. Turn on Delayed updates for the Azure ATP sensors. 
D. Enable the Audit account management Group Policy setting for the servers. 

Question # 54

You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD)connector and aMicrosoft Office 365 connector.You need to assign built-in role-based access control (RBAC) roles to achieve the followingtasks:Create and run playbooks.Manage incidents.The solution must use the principle of least privilege.Which two roles should you assign? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Automation Operator 
B. Azure Sentinel responder 
C. Automation Runbook Operator 
D. Azure Sentinel contributor 
E. Logic App contributor 

Question # 55

Note: This question is part of series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,thesequestions will not appear in the review screen.You have a Microsoft 365 tenant. You create a label named CompanyConfidential inMicrosoft AzureInformation Protection.You add CompanyConfidential to a global policy.A user protects an email message by using CompanyConfidential and sends the label toseveral externalrecipients. The external recipients report that they cannot open the email message.You need to ensure that the external recipients can open protected email messages sent tothem.Solution: You modify the content expiration settings of the label.Does this meet the goal?

A. Yes 
B. No 

Question # 56

You have a Microsoft 365 subscription that uses a default domain name of fabrikam.com.You create a safe links policy, as shown in the following exhibit. Which URL can a user safely access from Microsoft Word Online?

A. fabrikam.phishing.fabrikam.com 
B. malware.fabrikam.com 
C. fabrikam.contoso.com 
D. www.malware.fabrikam.com 

Question # 57

You have a Microsoft 165 ES subscription that contains users named User 1 and User2? You have the audit log retention requirements shown in the following table. You need to create audit retention policies to meet the requirements. The solution mustminimize cost and the number of policies.What is the minimum number of audit retention policies that you should create?

A. 1 
B. 2 
C. 3 
D. 4 

Question # 58

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have a Microsoft 365 subscription that contains the users shown in the following table. You discover that all the users in the subscription can access Compliance Managerreports.The Compliance Manager Reader role is not assigned to any users.You need to recommend a solution to prevent a user named User5 from accessing theCompliance Manager reports.Solution: You recommend assigning the Compliance Manager Reader role to User1.Does this meet the goal?

A. Yes 
B. No 

Question # 59

Note: This question is part of series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,thesequestions will not appear in the review screen.You have a Microsoft 365 tenant. You create a label named CompanyConfidential inMicrosoft AzureInformation Protection.You add CompanyConfidential to a global policy.A user protects an email message by using CompanyConfidential and sends the label toseveral externalrecipients. The external recipients report that they cannot open the email message.You need to ensure that the external recipients can open protected email messages sent tothem.Solution: You create a new label in the global policy and instruct the user to resend theemail message.Does this meet the goal?

A. Yes 
B. No 

Question # 60

You have a Microsoft 365 subscription.You have a Data Subject Request (DSR) case named Case1.You need to ensure that Case1 includes all the email posted by the data subject to theMicrosoft Exchange Online public folders.Which additional property should you include in the Content Search query?

A. kind:externaldata 
B. itemclass:ipm.externaldata 
C. itemclass:ipm.post 
D. kind:email 

Question # 61

You have a Microsoft 365 subscription.You create a supervision policy named Policy1, and you designate a user named User1 asthe reviewer.What should User1 use to view supervised communications?

A. a team in Microsoft Teams 
B. the Security & Compliance admin center 
C. Outlook on the web 
D. the Exchange admin center D18912E1457D5D1DDCBD40AB3BF70D5D 

Question # 62

You have a Microsoft 365 subscription.You have a Microsoft SharePoint Online site named Site1.The files in Site1 are protected by using Microsoft Azure Information Protection.From the Security & Compliance admin center, you create a label that designates personaldata.You need to auto-apply the new label to all the content in Site1.What should you do first?

A. From PowerShell, run Set-ManagedContentSettings. 
B. From PowerShell, run Set-ComplianceTag. 
C. From the Security & Compliance admin center, create a Data Subject Request (DSR). 
D. Remove Azure Information Protection from the Site1 files. 

Question # 63

You have a Microsoft 365 E5 subscriptionYou need to ensure that users who are assigned the Exchange administrator role havetime-limited permissions and must use multi factor authentication (MFA) to request thepermissions.What should you use to achieve the goal?

A. Microsoft 365 user management 
B. Microsoft Azure AD group management 
C. Security & Compliance permissions 
D. Microsoft Azure Active Directory (Azure AD} Privileged Identity Management 

Question # 64

You have Microsoft 365subscription.You need to be notified by email whenever an administrator starts an ediscovery searchWhat should you do from the Security & Compliance admin center?

A. Prom Alerts, create an alert policy. 
B. From Search & investigation, create a guided search. 
C. From ediscovery orate an eDiscovery case 
D. From Reports, create a managed schedule 

Question # 65

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestions sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have a Microsoft 365 subscription.You have a user named User1. Several users have full access to the mailbox of User1.Some email messages sent to User1 appear to have been read and deleted before theuser viewed them.When you search the audit log in Security & Compliance to identify who signed in to themailbox of User1, the results are blank.You need to ensure that you can view future sign-ins to the mailbox of User1.You run the Set-AuditConfig -Workload Exchange command.Does that meet the goal?

A. Yes 
B. No