Home > Microsoft > Quizzes > Exam MS-500: Microsoft 365 Security Administration
Exam MS-500: Microsoft 365 Security Administration
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 34% Most missed: “You have a Microsoft 365 subscription. You create an Advanced Threat Protection …”
Exam MS-500: Microsoft 365 Security Administration
Time left 00:00
25 Questions

1. Your company has 500 computers. You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives. You need to recommend a remediation solution that meets the following requirements: Windows Defender ATP administrators must manually approve all remediation for the executives Remediation must occur automatically for all other users What should you recommend doing from Windows Defender Security Center?
2. You have a Microsoft 365 subscription. You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware. You need to configure the retention duration for the attachments in quarantine. Which type of threat management policy should you create from the Security&Compliance admin center?
3. You need to create Group2. What are the possible ways to create the group?
4. You need to meet the technical requirements for User9. What should you do?
5. You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: Source Anchor: objectGUID Password Hash Synchronization: Disabled Password writeback: Disabled Directory extension attribute sync: Disabled Azure AD app and attribute filtering: Disabled Exchange hybrid deployment: Disabled User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Azure AD app and attribute filtering settings. Does that meet the goal?
6. An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit. What should you do to meet the security requirements?
7. You have a Microsoft 365 subscription. From the Microsoft 365 admin center, you create a new user. You plan to assign the Reports reader role to the user. You need to see the permissions of the Reports reader role. Which admin center should you use?
8. You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune. You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network. What should you do first?
9. You have a Microsoft 365 tenant. You have 500 computers that run Windows 10. You plan to monitor the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP) after the computers are enrolled in Microsoft Intune. You need to ensure that the computers connect to Windows Defender ATP. How should you prepare Intune for Windows Defender ATP?
10. You need to meet the technical requirements for User9. What should you do?
11. Which role should you assign to User1?
12. Which role should you assign to User1?
13. You have a Microsoft 365 subscription. You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware. You need to configure the retention duration for the attachments in quarantine. Which type of threat management policy should you create from the Security&Compliance admin center?
14. You need to recommend a solution for the user administrators that meets the security requirements for auditing. Which blade should you recommend using from the Azure Active Directory admin center?
15. You have a Microsoft 365 subscription. You need to ensure that all users who are assigned the Exchange administrator role have multi-factor authentication (MFA) enabled by default. What should you use to achieve the goal?
16. You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy. A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. Solution: You modify the encryption settings of the label. Does this meet the goal?
17. Which user passwords will User2 be prevented from resetting?
18. You need to implement Windows Defender ATP to meet the security requirements. What should you do?
19. You have a Microsoft 365 Enterprise E5 subscription. You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator. What is a prerequisite for running Attack simulator?
20. You have a Microsoft 365 subscription. You need to ensure that all users who are assigned the Exchange administrator role have multi-factor authentication (MFA) enabled by default. What should you use to achieve the goal?
21. Your company has a Microsoft 365 subscription. The company forbids users to enroll personal devices in mobile device management (MDM). Users in the sales department have personal iOS devices. You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant. The users must be prevented from backing up the app
22. You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune. You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network. What should you do first?
23. You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: Source Anchor: objectGUID Password Hash Synchronization: Disabled Password writeback: Disabled Directory extension attribute sync: Disabled Azure AD app and attribute filtering: Disabled Exchange hybrid deployment: Disabled User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Source Anchor settings. Does that meet the goal?
24. You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization. Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online. You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members. The email address that you intend to spoof belongs to the Executive group members. What should you do first?
25. You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports in the Threat management dashboard. Which role provides User1with the required role permissions?