microsoft ms-500 online test

Microsoft 365 Security Administration

What students need to know about the ms-500 exam

  • Total 370 Questions & Answers
  • Has case studies
  • Passing score: 700

Question 1 Topic 1, Case Study 1Case Study Question View Case

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

What should you do to meet the security requirements?

  • A. Change the Assignment Type for Admin2 to Permanent
  • B. From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2
  • C. From the Azure Active Directory admin center, remove the Exchange administrator role to Admin1
  • D. Change the Assignment Type for Admin1 to Eligible
Answer:

D

Discussions

Question 2 Topic 1, Case Study 1Case Study Question View Case

You need to recommend a solution for the user administrators that meets the security requirements for auditing.
Which blade should you recommend using from the Azure Active Directory admin center?

  • A. Sign-ins
  • B. Azure AD Identity Protection
  • C. Authentication methods
  • D. Access review
Answer:

A

Explanation:
References: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

Discussions

Question 3 Topic 1, Case Study 1Case Study Question View Case

HOTSPOT
You plan to configure an access review to meet the security requirements for the workload administrators. You create an
access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Discussions

Question 4 Topic 1, Case Study 1Case Study Question View Case

You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.
What should you include in the recommendation?

  • A. a device compliance policy
  • B. an access review
  • C. a user risk policy
  • D. a sign-in risk policy
Answer:

D

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

Discussions

Question 5 Topic 1, Case Study 1Case Study Question View Case

You need to resolve the issue that generates the automated email messages to the IT team.
Which tool should you run first?

  • A. Synchronization Service Manager
  • B. Azure AD Connect wizard
  • C. Synchronization Rules Editor
  • D. IdFix
Answer:

B

Explanation:
References:
https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization

Discussions

Question 6 Topic 2, Case Study 2Case Study Question View Case

Which IP address space should you include in the Trusted IP MFA configuration?

  • A. 131.107.83.0/28
  • B. 192.168.16.0/20
  • C. 172.16.0.0/24
  • D. 192.168.0.0/20
Answer:

A

Explanation:
Pilot users must use MFA unless they are signing in from the internal network of the Chicago office. MFA must NOT be used
on the Chicago office internal network. We must therefore use the IP range of the external network.

Discussions

Question 7 Topic 2, Case Study 2Case Study Question View Case

HOTSPOT
How should you configure Group3? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/information-protection/prepare

Discussions

Question 8 Topic 2, Case Study 2Case Study Question View Case

HOTSPOT
How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Discussions

Question 9 Topic 2, Case Study 2Case Study Question View Case

You need to create Group3.
What are two possible ways to create the group?

  • A. a Microsoft 365 group in the Microsoft 365 admin center
  • B. a mail-enabled security group in the Microsoft 365 admin center
  • C. a security group in the Microsoft 365 admin center
  • D. a distribution list in the Microsoft 365 admin center
  • E. a security group in the Azure AD admin center
Answer:

A D

Discussions

Question 10 Topic 3, Case Study 3Case Study Question View Case

HOTSPOT
Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-
membership#supported-values

Discussions
To page 2