Free Microsoft 365 Security Administration MS-500 Exam Practice Test

Which role should you assign to User1?

• Global administrator
• User administrator
• Privileged role administrator
• Security administrator

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and thetenant. Azure AD Connect has the following settings:Source Anchor: objectGUIDPassword Hash Synchronization: DisabledPassword writeback: DisabledDirectory extension attribute sync: DisabledAzure AD app and attribute filtering: DisabledExchange hybrid deployment: DisabledUser writeback: DisabledYou need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.Solution: You modify the Source Anchor settings.Does that meet the goal?

• Yes
• No

You have a Microsoft 365 subscription.Some users access Microsoft SharePoint Online from unmanaged devices.You need to prevent the users from downloading, printing, and synching files.What should you do?

• Run the Set-SPODataConnectionSetting cmdlet and specify the AssignmentCollection parameter
• From the SharePoint admin center, configure the Access control settings
• From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy
• From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy

You have a Microsoft 365 Enterprise E5 subscription.You use Windows Defender Advanced Threat Protection (Windows Defender ATP).You need to integrate Microsoft Office 365 Threat Intelligence and Windows Defender ATP.Where should you configure the integration?

• From the Microsoft 365 admin center, select Settings, and then select Services & add-ins.
• From the Security & Compliance admin center, select Threat management, and then select Explorer.
• From the Microsoft 365 admin center, select Reports, and then select Security & Compliance.
• From the Security & Compliance admin center, select Threat management and then select Threat tracker.

You have a Microsoft 365 subscription.You need to create data loss prevention (DLP) queries in Microsoft SharePoint Online to find sensitive data stored in sites.Which type of site collection should you create first?

• Records Center
• Compliance Policy Center
• eDiscovery Center
• Enterprise Search Center
• Document Center

You have a Microsoft 365 E5 subscription.You create a sensitivity label named Label 1 and publish Label1 to all users and groups.You have the following files on a computer:* File1.doc* File2.docx* File3.xlsx* File4.txtYou need to identify which files can have Label1 applied. Which files should you identify?

• File2.docx only
• File1.doc. File2.docx. File3.xlsx. a
• File1 .doc. File2.docx, and File3.xlsx only
• File2.docx and File3.xlsx only

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You have a user named User1. Several users have full access to the mailbox of User1.Some email messages sent to User1 appear to have been read and deleted before the user viewed them.When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.You need to ensure that you can view future sign-ins to the mailbox of User1.You run the Set-AuditConfig -Workload Exchange command.Does that meet the goal?

• Yes
• No

You have a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant that contains a user named User1.You have a Data Subject Request (DSR) case named Case1.You need to allow User1 to export the results of Case1. The solution must use the principle of least privilege.Which role should you assign to User1 for Case1?

• eDiscovery Manager
• Security Operator
• eDiscovery Administrator
• Global Reader

You have a Microsoft 365 E5 subscription and 5,000 users.You create several alert policies that are triggered every time activities match rules.You need to create an alert policy that is triggered when the volume of matched activities becomes unusual.What should you do first?

• Enable Microsoft Office 365 auditing.
• Enable Microsoft Office 365 analytics.
• Enable Microsoft Office 365 Cloud App Security.
• Deploy a Microsoft Office 365 add-in to all the users.

You have a Microsoft 365 subscription that contains a user named User1.You plan to use Compliance Manager.You need to ensure that User1 can assign Compliance Manager roles to users. The solution must use the principle of least privilege.Which role should you assign to User1?

• Compliance Manager Assessor
• Global Administrator
• Portal Admin
• Compliance Manager Administrator