MS-500 Free Practice Test

DRAG DROP
You have a Microsoft 365 E5 subscription.
All computers run Windows 10 and are onboarded to Windows Defender Advanced Threat Protection (Windows Defender ATP).
You create a Windows Defender machine group named MachineGroupl.
You need to enable delegation for the security settings of the computers in MachineGroupl.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

Your company has 500 computers.
You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows
Defender ATP). Twenty of the computers belong to company executives.
You need to recommend a remediation solution that meets the following requirements: Windows Defender ATP administrators must manually approve all remediation for the executives
Remediation must occur automatically for all other users
What should you recommend doing from Windows Defender Security Center?

1. A. Configure 20 system exclusions on automation allowed/block lists
2. B. Configure two alert notification rules
3. C. Download an offboarding package for the computers of the 20 executives
4. D. Create two machine groups

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/machine-groupswindows-defender-advanced-threat-protection

You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. From the Cloud App Security admin center, create a file policy.
2. B. From the SharePoint admin center, modify the Site Settings.
3. C. From the SharePoint & Compliance admin center, create a label.
4. D. From the SharePoint admin center, modify the records management settings.
5. E. From the Security & Compliance admin center, publish a label.

Correct Answer: CE
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/protect-sharepoint-online-files-with-office-365-labels-and-dlp

HOTSPOT
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1. You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two actions should you use in the search? To answer, select the appropriate activities in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

You have a Microsoft 365 subscription that includes a user named User1.
You have a conditional access policy that applies to Microsoft Exchange Online. The conditional access policy is configured to use Conditional Access App Control.
You need to create a Microsoft Cloud App Security policy that blocks User1 from printing from Exchange
Online.
Which type of Cloud App Security policy should you create?

1. A. an app permission policy
2. B. an activity policy
3. C. a Cloud Discovery anomaly detection policy
4. D. a session policy

Correct Answer: D