Get Full Version of the Exam
http://www.EnsurePass.com/MS-500.html

Question No.1

You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune.

You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network.

What should you do first?

  1. From the Azure Active Directory admin center, create a new certificate

  2. Enable Application Proxy in Azure AD

  3. From Active Directory Administrative Center, create a Dynamic Access Control policy

  4. From the Azure Active Directory admin center, configure authentication methods

Correct Answer: A

Explanation:

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/ad-ca-vpn- connectivitywindows10

Question No.2

You create a data loss prevention (DLP) policy as shown in the following shown:

image

What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?

  1. The user receives a notification and can send the email message

  2. The user receives a notification and cannot send the email message

  3. The email message is sent without a notification

  4. The email message is blocked silently

Correct Answer: A

Explanation:

https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

Question No.3

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection.

You add CompanyConfidential to a global policy.

A user protects an email message by using CompanyConfidential and sends the label to several external

recipients. The external recipients report that they cannot open the email message.

You need to ensure that the external recipients can open protected email messages sent to them.

Solution: You modify the content expiration settings of the label.

Does this meet the goal?

  1. Yes

  2. No

Correct Answer: B

Question No.4

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.

You need to allow a user named User1 to view ATP reports in the Threat management dashboard.

Which role provides User1with the required role permissions?

  1. Security reader

  2. Message center reader

  3. Compliance administrator

  4. Information Protection administrator

Correct Answer: A

Explanation:

https://docs.microsoft.com/en-us/office365/securitycompliance/view-reports-for-atp#what- permissions-areneeded-to-view-the-atp-reports

Question No.5

You have a Microsoft 365 subscription.

All computers run Windows 10 Enterprise and are managed by using Microsoft Intune.

You plan to view only security-related Windows telemetry data.

You need to ensure that only Windows security data is sent to Microsoft.

What should you create from the Intune admin center?

  1. a device configuration profile that has device restrictions configured

  2. a device configuration profile that has the Endpoint Protection settings configured

  3. a device configuration policy that has the System Security settings configured

  4. a device compliance policy that has the Device Health settings configured

Correct Answer: A

Explanation:

https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#reporting-and-telemetry

Question No.6

You create a label that encrypts email data. Users report that they cannot use the label in Outlook on the web to protect the email messages they send.

You need to ensure that the users can use the new label to protect their email.

What should you do?

  1. Modify the priority order of label policies

  2. Wait six hours and ask the users to try again

  3. Create a label policy

  4. Create a new sensitive information type

Correct Answer: B

Question No.7

You have a Microsoft 365 subscription.

The Global administrator role is assigned to your user account. You have a user named Admin1.

You create an eDiscovery case named Case1.

You need to ensure that Admin1 can view the results of Case1.

What should you do first?

  1. From the Azure Active Directory admin center, assign a role group to Admin1.

  2. From the Microsoft 365 admin center, assign a role to Admin1.

  3. From Security amp; Compliance admin center, assign a role group to Admin1.

  4. None of the above

Correct Answer: C

Explanation:

https://docs.microsoft.com/en-us/office365/securitycompliance/assign-ediscovery-permissions

Question No.8

HOTSPOT

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table.

image

The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the

groups shown in the following table.

image

You create an Azure Information Protection policy named Policy1.

You need to apply Policy1.

To which groups can you apply Policy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

image

Correct Answer:

image

Question No.9

HOTSPOT

You view Compliance Manager as shown in the following exhibit.

image

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

image

Correct Answer:

image

Question No.10

You have a Microsoft 365 subscription.

A user reports that changes were made to several files in Microsoft OneDrive.

You need to identify which files were modified by which users in the user#39;s OneDrive.

What should you do?

  1. From the Azure Active Directory admin center, open the audit log

  2. From the OneDrive admin center, select Device access

  3. From Security amp; Compliance, perform an eDiscovery search

  4. From Microsoft Cloud App Security, open the activity log

Correct Answer: D

Explanation:

https://docs.microsoft.com/en-us/cloud-app-security/activity-filters

Get Full Version of the Exam
MS-500 Dumps
MS-500 VCE and PDF

Comments are closed.