Test Online Free Microsoft MS-500 Exam Questions and Answers

The questions for MS-500 were last updated On Jun.16 2023

Get MS-500 Full Access
 / 2

Question No : 1
HOTSPOT
Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



Answer:

Question No : 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-MailboxFolderPermission CIdentity "User1"
-User [email protected] CAccessRights Owner command.
Does that meet the goal?

Answer:
Explanation:
References: https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps

Question No : 3
Topic 3, Contoso, Ltd

Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, and New York.

The company has the offices shown in the following table.




Contoso has IT, human resources (HR), legal, marketing, and finance departments.
Contoso uses Microsoft 365.

Existing Environment
Infrastructure
The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.
The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.
Each client computer has a single volume.
Each office connects to the Internet by using a NAT device.
The offices have the IP addresses shown in the following table.



Named locations are defined in Azure AD as shown in the following table.




From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.
Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.
The tenant contains the users shown in the following table.




The tenant contains the groups shown in the following table.




Customer Lockbox is enabled in Microsoft 365.

Microsoft Intune Configuration
The devices enrolled in Intune are configured as shown in the following table.



The device compliance policies in Intune are configured as shown in the following table.



The device compliance policies have the assignments shown in the following table.



The Mark devices with no compliance policy assigned as setting is set to Compliant.

Requirements
Technical Requirements
Contoso identifies the following technical requirements:
✑ Use the principle of least privilege
✑ Enable User1 to assign the Reports reader role to users
✑ Ensure that User6 approves Customer Lockbox requests as quickly aspossible
✑ Ensure that User9 can implement Azure AD Privileged Identity Management

You need to meet the technical requirements for User9 .
What should you do?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-give-access-to-pim

Question No : 4
You have a Microsoft 365 E5 subscription
You need to use Microsoft Cloud App Security to identify documents stored in Microsoft SharePomt Online that contain proprietary information.
What should you create in Cloud App Security?

Answer:

Question No : 5
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the
tenant.
Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?

Answer:

Question No : 6
HOTSPOT
You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



Answer:

Question No : 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.



You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User1. Does this meet the goal?

Answer:

Question No : 8
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password



Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that email messages in Exchange Online and documents in SharePoint Online are retained for eight years.
To complete this task, sign in to the Microsoft Office 365 admin center.

Answer:NB: For our purposes, the retention period will be 8 years.
For retaining email messages in Exchange Online:
Step 1: Create a retention tag

Question No : 9
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant.
Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?

Answer:
Explanation:
References: https://docs.microsoft.com/en-us/azure/security/azure-ad-secure-steps

Question No : 10
You have a Microsoft 365 subscription that uses a default domain name of fabrikam.com.
You create a safe links policy, as shown in the following exhibit.



Which URL can a user safely access from Microsoft Word Online?

Answer:
Explanation:
References: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-a-custom-blocked-urls-list-wtih-atp

 / 2
  TOP 50 Exam Questions
Exam