MS-500 Online Practice Questions and Answers

Correct Answer:

Correct Answer:

Create and manage DLP policies -> User1 Review classified content by using Content explorer -> User3 Information Protection Admin: Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies. Information Protection Investigators: Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types. Reference: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions

Correct Answer: See explanation below.

You need to edit the Anti-Phishing policy.

1.

Go to the Office 365 Security and Compliance admin center.

2.

Navigate to Threat Management > Policy > ATP Anti-Phishing.

3.

Click on Default Policy.

4.

In the Impersonation section, click Edit.

5.

Go to the Actions section.

6.

In the If email is sent by an impersonated user: box, select Quarantine the message from the drop-down list.

7.

In the If email is sent by an impersonated domain: box, select Quarantine the message from the drop-down list.

8.

Click Save to save the changes.

9.

Click Close to close the anti-phishing policy window.

Correct Answer: See explanation below.

1.

Navigate to the Security and Compliance Center.

2.

In the Security and Compliance Center, click eDiscovery > eDiscovery, and then click Create a case.

3.

On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.

The new case is displayed in the list of cases on the eDiscovery page.

After you create a case, the next step is to add members to the case. The eDiscovery Manager who created the case is automatically added as a member. Members have to be assigned the appropriate eDiscovery permissions so they can access the case after you add them.

4.

In the Security and Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.

5.

Click the name of the case that you want to add members to.

The Manage this case flyout page is displayed.

6.

Under Manage members, click Add to add members to the case.

You can also choose to add a role group to the case. Under Manage role groups, click Add.

7.

In the list of people or role groups that can be added as members of the case, click the check box next to the names of the people or role groups that you want to add.

8.

After you select the people or role groups to add as members of the group, click Add.

In Manage this case, click Save to save the new list of case members.

9.

Click Save to save the new list of case members.

You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for an Office 365 Group. Similarly, you can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.

To create a hold for an eDiscovery case:

1.

In the Security and Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.

2.

Click Open next to the case that you want to create the holds in.

3.

On the Home page for the case, click the Hold tab.

4.

On the Hold page, click Create.

5.

On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.

6.

(Optional) In the Description box, add a description of the hold.

7.

Click Next.

8.

Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.

a.

Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams again. to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.

a.

In the box under Keywords, type a search query in the box so that only the content that meets the search criteria is placed on hold. You can specify keywords, message properties, or document properties, such as file names. You can also use more complex queries that use a Boolean operator, such as AND, OR, or NOT. If you leave the keyword box empty, then all content located in the specified content locations will be placed on hold.

b.

Click Add conditions to add one or more conditions to narrow the search query for the hold. Each condition adds a clause to the KQL search query that is created and run when you create the hold. For example, you can specify a date range so that email or site documents that were created within the date ranged are placed on hold. A condition is logically connected to the keyword query (specified in the keyword box) by the AND operator. That means that items have to satisfy both the keyword query and the condition to be placed on hold.

9.

After configuring a query-based hold, click Next.

10.

Review your settings, and then click Create this hold.

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide

Correct Answer: See explanation below.

1.

After signing into the Microsoft 365 admin center, click Admin centers > Azure Active Directory > Devices.

2.

Navigate to Device Settings.

3.

Set the Users may join devices to Azure AD setting to All.

4.

Set the Additional local administrators on Azure AD joined devices setting to None.

5.

Set the Users may register their devices with Azure AD setting to All.

6.

Leave the Require Multi-Factor Auth to join devices setting on it default setting.

7.

Set the Maximum number of devices setting to 5.

8.

Set the Users may sync settings and app data across devices setting to All.

9.

Click the Save button at the top left of the screen.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal https://docs.microsoft.com/en-us/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365?view=o365-worldwide

Correct Answer: B

Correct Answer: C

As previously explained, one of the key benefits of having mailbox auditing on by default is: you don't need to manage the mailboxes actions that are audited. Microsoft does this for you and we'll automatically add new mailbox actions to be audited by default as they're released.

However, your organization might be required to audit a different set of mailbox actions for user mailboxes and shared mailboxes.

Change the mailbox actions to audit You can use the AuditAdmin, AuditDelegate, or AuditOwner parameters on the Set-Mailbox cmdlet to change the mailbox actions that are audited for user mailboxes and shared mailboxes (audited actions for Microsoft 365 group mailboxes can't be customized).

Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing

Correct Answer: A

References: https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results

Correct Answer: B

References: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019

Correct Answer: C

According to the newest Microsoft documentation the sensor download and key are on the Identities part of the Microsoft 365 Defender portal.

Reference: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/workspace-portal

Correct Answer: B

Office 365 includes two options for enterprise social features in SharePoint: Yammer and Newsfeed. The SharePoint administrator selects which option users see when they click Conversations in SharePoint. By default, users see Newsfeed.

You can turn Yammer off or on for conversations in SharePoint by using the SharePoint Online admin center. You must be a global administrator to make this change.

Reference:

https://docs.microsoft.com/en-us/yammer/integrate-yammer-with-other-apps/yammer-and- newsfeed

Correct Answer: B

Self-service password reset (SSPR) is only enabled for Group1 (User1 and User2). User1 cannot use security questions for SSPR because User1 has an administrative security role. Therefore, only User2 can use SSPR with security questions as the authentication method.

References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences

Correct Answer: A

Correct Answer: AB

D is wrong. Auto-Labeling policy will not achieve the requirement “You need to ensure that the users in Group1 must apply Label1 to their email and documents”

This requirement is a setting in the sensitivity label policy that can be selected.

Auto-Labeling is an admin activity.

Auto-Labeling policy:

When you create a sensitivity label, you can automatically assign that label to files and emails when it matches conditions that you specify.

This ability to apply sensitivity labels to content automatically is important because:

1.

You don't need to train your users when to use each of your classifications.

2.

You don't need to rely on users to classify all content correctly.

3.

Users no longer need to know about your policies—they can instead focus on their work.

E is wrong. It is not a must to Membership type for Group1 to be Assigned. Label can be applied to both Assigned and Dynamic.

Correct Answer: A

You connect Microsoft Defender for Cloud Apps to your existing Office 365 account using the app connector API. This connection gives you visibility into and control over Office 365 (including SharePoint Online) use.

The File policy is used for Information protection: File policies enable you to scan your cloud apps for specified files or file types (shared, shared with external domains), data (proprietary information, personal data, credit card information, and

other types of data) and apply governance actions to the files (governance actions are cloud-app specific).

Reference:

https://docs.microsoft.com/en-us/defender-cloud-apps/connect-office-365 https://docs.microsoft.com/en-us/defender-cloud-apps/control-cloud-apps-with-policies