Microsoft MS-500 問題練習

Question No : 1
HOTSPOT
You have a Microsoft SharePoint Online site named Site! that has the users shown in the following table.



You create the retention labels shown In the following table.

答えを確認する

正解:

Question No : 2
You have a Microsoft 365 tenant.
From the Azure Active Directory admin center, you review the Risky sign-ins report as shown in the following exhibit.



You need to ensure that you can see additional details including the risk level and the risk detection type.
What should you do?

• A.Purchase Microsoft 365 Enterprise E5 licenses.
• B.Activate an instance of Microsoft Defender for Identity.
• C.Configure Diagnostic settings in Azure Active Directory (Azure AD).
• D.Deploy Azure Sentinel and add a Microsoft Office 365 connector.

答えを確認する

正解:

Question No : 3
HOTSPOT
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1.
You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two actions should you use in the search? To answer, select the appropriate activities in the answer area. NOTE: Each correct selection is worth one point.

答えを確認する

正解:


Explanation:
References: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

Question No : 4
You have a Microsoft 365 subscription for a company named Contoso, Ltd. All data is in Microsoft 365.
Contoso works with a partner company named Litware, Inc. Litware has a Microsoft 365 subscription.
You need to allow users at Contoso to share files from Microsoft OneDrive to specific users at Litware.
Which two actions should you perform from the OneDrive admin center? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A.Increase the permission level for OneDrive External sharing
• B.Modify the Links settings
• C.Change the permissions for OneDrive External sharing to the least permissive level
• D.Decrease the permission level for OneDrive External sharing
• E.Modify the Device access settings
• F.Modify the Sync settings

答えを確認する

正解:
Explanation:
References: https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off

Question No : 5
HOTSPOT
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

答えを確認する

正解:

Question No : 6
You have a Microsoft 365 subscription.
A security manager receives an email message every time a data loss prevention (DLP) policy match occurs.
You need to limit alert notifications to actionable DLP events.
What should you do?

• A.From the Security & Compliance admin center, modify the Policy Tips of a DLP policy.
• B.From the Cloud App Security admin center, apply a filter to the alerts.
• C.From the Security & Compliance admin center, modify the User overrides settings of a DLP policy.
• D.From the Security & Compliance admin center, modify the matched activities threshold of an alert policy.

答えを確認する

正解:
Explanation:
References: https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

Question No : 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Active Directory domain named contoso.com.
You install and run Azure AD Connect on a server named Server1 that runs Windows Server.
You need to view Azure AD Connect events.
You use the Security event log on Server1.
Does that meet the goal?

• A.Yes
• B.No

答えを確認する

正解:
Explanation:
References: https://support.pingidentity.com/s/article/PingOne-How-to-troubleshoot-an-AD-Connect-Instance

Question No : 8
CORRECT TEXT
TION NO: 135 SIMULATION
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password



Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308



























You need to protect against phishing attacks.
The solution must meet the following requirements:
✑ Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
✑ As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.

答えを確認する

正解:

Question No : 9
You have a Microsoft 365 subscription that uses a default domain name of fabrikam.com.
You create a safe links policy, as shown in the following exhibit.



Which URL can a user safely access from Microsoft Word Online?

• A.fabrikam.phishing.fabrikam.com
• B.malware.fabrikam.com
• C.fabrikam.contoso.com
• D.www.malware.fabrikam.com

答えを確認する

正解:
Explanation:
References: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-a-custom-blocked-urls-list-wtih-atp

Question No : 10
You haw a Microsoft 365 subscription that contains the users shown in the following table.



You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group2
Does this meet the goal?

• A.Yes
• B.No

答えを確認する

正解:
Explanation:
By default, self-service password reset is enabled for Directory writers and Security administrator but not for Azure Information Protection administrators and Cloud application administrators.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences

Question No : 11
DRAG DROP
You have a Microsoft 365 E5 subscription.
All computers run Windows 10 and are onboarded to Windows Defender Advanced Threat Protection (Windows Defender ATP).
You create a Windows Defender machine group named MachineGroup1.
You need to enable delegation for the security settings of the computers in MachineGroup1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

答えを確認する

正解:

Question No : 12
CORRECT TEXT
You need to ensure that all users must change their password every 100 days.
To complete this task, sign in to the Microsoft 365 portal.

答えを確認する

正解: You need to configure the Password Expiration Policy.
✑ Sign in to the Microsoft 365 Admin Center.
✑ In the left navigation pane, expand the Settings section then select the Settings option.
✑ Click on Security and Privacy.
✑ Select the Password Expiration Policy.
✑ Ensure that the checkbox labelled Set user passwords to expire after a number of days is ticked.
✑ Enter 100 in the Days before passwords expire field.
✑ Click Save changes to save the changes.

Question No : 13
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.



You register devices in contoso.com as shown in the following table.



You create app protection policies in Intune as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

答えを確認する

正解:


Explanation:
References: https://docs.microsoft.com/en-us/intune/apps/app-protection-policy

Question No : 14
CORRECT TEXT
You have a Microsoft 365 subscription that contains 100 users.
Microsoft Secure Score for the subscription is shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

答えを確認する

正解: see the answer below.
Explanation:
Answer in image below.

Question No : 15
You have a Microsoft 365 subscription that contains a user named Used.
You need to assign User1 permissions to search Microsoft Office 365 audit logs.
What should you use?

• A.the Azure Active Directory admin center
• B.the Microsoft 365 Compliance center
• C.the Microsoft 365 Defender portal
• D.the Exchange admin center

答えを確認する

正解: