Microsoft MS-500 Free Practice Questions

NEW QUESTION 1
HOTSPOT
You are evaluating which devices are compliant in Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2
You have a Microsoft 365 subscription.
You need to ensure that all users who are assigned the Exchange administrator role have multi-factor authentication (MFA) enabled by default.
What should you use to achieve the goal?

• A. Security & Compliance permissions
• B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
• C. Microsoft Azure AD group management
• D. Microsoft Office 365 user management

Answer: B

NEW QUESTION 3
Which role should you assign to User1?

• A. Global administrator
• B. User administrator
• C. Privileged role administrator
• D. Security administrator

Answer: D

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-give-access-to-pim

NEW QUESTION 4
HOTSPOT
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. OneDrive stores files that are shared with external users. The files are configured as shown in the following table.

You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:
•Rulel:
•Conditions: Label 1, Detect content that's shared with people outside my organization
•Actions: Restrict access to the content for external users
•User notifications: Notify the user who last modified the content
•User overrides: On
•Priority: 0
•Rule2:
•Conditions: Label 1 or Label2
•Actions: Restrict access to the content
•Priority: 1
•Rule3:
•Conditions: Label2, Detect content that's shared with people outside my organization
•Actions: Restrict access to the content for external users
•User notifications: Notify the user who last modified the content
•User overrides: On
•Priority: 2
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5
HOTSPOT
You have a Microsoft 365 E5 subscription.
Users and device objects are added and removed daily. Users in the sales department frequently
change their device.
You need to create three following groups:

The solution must minimize administrative effort.
What is the minimum number of groups you should create for each type of membership? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6
You need to recommend a solution for the user administrators that meets the security requirements for auditing.
Which blade should you recommend using from the Azure Active Directory admin center?

• A. Sign-ins
• B. Azure AD Identity Protection
• C. Authentication methods
• D. Access review

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

NEW QUESTION 7
You have a Microsoft 365 subscription.
The Global administrator role is assigned to your user account. You have a user named Admin1. You create an eDiscovery case named Case1.
You need to ensure that Admin1 can view the results of Case1. What should you do first?

• A. From the Azure Active Directory admin center, assign a role group to Admin1.
• B. From the Microsoft 365 admin center, assign a role to Admin1.
• C. From Security & Compliance admin center, assign a role group to Admin1.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/assign-ediscovery-permissions

NEW QUESTION 8
You have a Microsoft 365 subscription.
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and synching files. What should you do?

• A. Run the Set-SPODataConnectionSetting cmdlet and specify the AssignmentCollection parameter
• B. From the SharePoint admin center, configure the Access control settings
• C. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy
• D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy

Answer: B

NEW QUESTION 9
HOTSPOT
Your company has a Microsoft 365 subscription, a Microsoft Azure subscription, and an Azure Active Directory (Azure AD) tenant named contoso.com.
The company has the offices shown in the following table.

The tenant contains the users shown in the following table.

You create the Microsoft Cloud App Security policy shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10
You have a Microsoft 365 E5 subscription.
You implement Advanced Threat Protection (ATP) safe attachments policies for all users.
User reports that email messages containing attachments take longer than expected to be received. You need to reduce the amount of time it takes to receive email messages that contain attachments. The solution must ensure that all attachments are scanned for malware. Attachments that have malware must be blocked.
What should you do from ATP?

• A. Set the action to Block
• B. Add an exception
• C. Add a condition
• D. Set the action to Dynamic Delivery

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/dynamic-delivery-and-previewing

NEW QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You discover that all the users in the subscription can access Compliance Manager reports. The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend modifying the licenses assigned to User5. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Case Study: 4 Mix Questions

NEW QUESTION 12
Your company has a main office and a Microsoft 365 subscription.
You need to enforce Microsoft Azure Multi-Factor Authentication (MFA) by using conditional access for all users who are NOT physically present in the office.
What should you include in the configuration?

• A. a user risk policy
• B. a sign-in risk policy
• C. a named location in Azure Active Directory (Azure AD)
• D. an Azure MFA Server

Answer: C

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

NEW QUESTION 13
HOTSPOT
You have a Microsoft 365 subscription.
You identify the following data loss prevention (DLP) requirements:
•Send notifications to users if they attempt to send attachments that contain EU social security numbers
•Prevent any email messages that contain credit card numbers from being sent outside your organization
•Block the external sharing of Microsoft OneDrive content that contains EU passport numbers
•Send administrators email alerts if any rule matches occur.
What is the minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14
You have a Microsoft 365 subscription.
All computers run Windows 10 Enterprise and are managed by using Microsoft Intune. You plan to view only security-related Windows telemetry data.
You need to ensure that only Windows security data is sent to Microsoft. What should you create from the Intune admin center?

• A. a device configuration profile that has device restrictions configured
• B. a device configuration profile that has the Endpoint Protection settings configured
• C. a device configuration policy that has the System Security settings configured
• D. a device compliance policy that has the Device Health settings configured

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#reporting-and-telemetry

NEW QUESTION 15
What should User6 use to meet the technical requirements?

• A. Supervision in the Security & Compliance admin center
• B. Service requests in the Microsoft 365 admin center
• C. Security & privacy in the Microsoft 365 admin center
• D. Data subject requests in the Security & Compliance admin center

Answer: B

NEW QUESTION 16
......