This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Fri May 17 17:41:05 2024 / +0000 GMT ___________________________________________________ Title: [October-2022]Real Exam Questions-Braindump2go MS-500 VCE and PDF Dumps MS-500 292Q Download[Q323-Q355] --------------------------------------------------- October/2022 Latest Braindump2go MS-500 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go MS-500 Real Exam Questions!QUESTION 323You have several Conditional Access policies that block noncompliant devices from connecting to services.You need to identify which devices are blocked by which policies.What should you use?A. the Setting compliance report in the Microsoft Endpoint Manager admin centerB. Sign-ins in the Azure Active Directory admin centerC. Activity log in the Cloud App Security portalD. Audit logs in the Azure Active Directory admin centerAnswe/r: BExplanation:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-accessQUESTION 324You have a Microsoft 365 tenant.You need to implement a policy to enforce the following requirements:- If a user uses a Windows 10 device that is NOT hybrid Azure Active Directory (Azure AD) joined, the user must be allowed to connect to Microsoft SharePoint Online only from a web browser. The user must be prevented from downloading files or syncing files from SharePoint Online.- If a user uses a Windows 10 device that is hybrid Azure AD joined, the user must be able connect to SharePoint Online from any client application, download files, and sync files.What should you create?A. a conditional access policy in Azure AD that has Client apps conditions configuredB. a conditional access policy in Azure AD that has Session controls configuredC. a compliance policy in Microsoft Endpoint Manager that has the Device Properties settings configuredD. a compliance policy in Microsoft Endpoint Manager that has the Device Health settings configuredAnswer: BExplanation:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-sessionQUESTION 325Hotspot QuestionYou have a Microsoft 365 E5 subscription.You need to create a role-assignable group. The solution must ensure that you can nest the group.How should you configure the group? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: Security onlyYou can add an existing Security group to another existing Security group (also known as nested groups), creating a member group (subgroup) and a parent group. The member group inherits the attributes and properties of the parent group, saving you configuration time.Box 2: Assigned onlyThe membership type for role-assignable groups must be Assigned and can't be an Azure AD dynamic group.Reference:https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-membership-azure-portalQUESTION 326Hotspot QuestionYou create device groups in Microsoft Defender for Endpoint as shown in the following table. You onboard three devices to Microsoft Defender for Endpoint as shown in the following table. After the devices are onboarded, you perform the following actions:- Add a tag named Tag1 to Device1.- Rename Computer3 as Device3.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: YesYou can promote or demote the rank of a device group so that it's given higher or lower priority during matching. A device group with a rank of 1 is the highest ranked group. When a device is matched to more than one group, it's added only to the highest ranked group. You can also edit and delete groups.Box 2: NoThe Group1 membership rule 'Name Start with Device' applies Device2.No other rule applies.Box 3: NoCompter3 rename to Device3 which will Apply to Group1.Reference:https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groupsQUESTION 327You have a Microsoft 365 E5 subscription that contains 100 users. Each user has a computer that runs Windows 10 and either an Android mobile device or an iOS mobile device. All the devices are registered with Azure Active Directory (Azure AD).You enable passwordless authentication for all the users.You need to ensure that the users can sign in to the subscription by using passwordless authentication.What should you instruct the users to do on their mobile device first?A. Install a device certificate.B. Install a user certificate.C. Install the Microsoft Authenticator app.D. Register for self-service password reset (SSPR).Answer: CExplanation:The Authenticator App turns any iOS or Android phone into a strong, passwordless credential.Note: Microsoft Authenticator AppYou can allow your employee's phone to become a passwordless authentication method. You may already be using the Microsoft Authenticator App as a convenient multi-factor authentication option in addition to a password. You can also use the Authenticator App as a passwordless option.Reference:https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordlessQUESTION 328You have a Microsoft 365 E5 subscription that contains the users shown in the following table. You enable the authentication methods registration campaign and configure the Microsoft Authenticator method for Group1.Which users will be prompted to configure authentication during sign in?A. User1 onlyB. User2 onlyC. User2 and User3 onlyD. User1 and User2 onlyE. User2 and User3 onlyF. User1, User2, and User3 onlyAnswer: DExplanation:You can nudge users to set up Microsoft Authenticator during sign-in. Users will go through their regular sign-in, perform multifactor authentication as usual, and then be prompted to set up Microsoft Authenticator. You can include or exclude users or groups to control who gets nudged to set up the app. This allows targeted campaigns to move users from less secure authentication methods to Microsoft Authenticator.Incorrect:Not C, Not E, Not F: Not User3 since the user must not have already set up Microsoft Authenticator for push notifications on their account.Reference:https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaignQUESTION 329Hotspot QuestionYou have a Microsoft 365 subscription that contains three users named User1, User2, and User3.You have the named locations shown in the following table. You configure an Azure Multi-Factor Authentication (MFA) trusted IP address range of 192.168.1.0/27.You have the Conditional Access policies shown in the following table. The users have the IP addresses shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: YesUser 1 access through CA1 (forms) with Location:(included as nothing else is stated) trusted location = require MFABox 2: NoUser2 has IP address 192.168.2.16, which is in NY named location. NY is trusted. However, CA2 blocks Microsoft Planner NY access.Box 3: NoUser3 is in LA. LA is not trusted.Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policiesQUESTION 330Your network contains an on-premises Active Directory domain. The domain contains a domain controller named DC1.You have a Microsoft 365 E5 subscription.You install the Microsoft Defender for Identity sensor on DC1.You need to configure enhanced threat detection in Defender for Identity. The solution must ensure that the following events are collected from DC1:- 4726 - User Account Deleted- 4728 - Member Added to Global Security Group- 4776 - Domain Controller Attempted to Validate Credentials for an Account (NTLM)What should you do on DC1?A. Install the Azure Monitor agent.B. Install System Monitor (SYSMON).C. Configure the Windows Event Collector service.D. Configure the Advanced Audit Policy Configuration policy.Answer: DExplanation:Windows Event logsDefender for Identity detection relies on specific Windows Event logs that the sensor parses from your domain controllers. For the correct events to be audited and included in the Windows Event log, your domain controllers require accurate Advanced Audit Policy settings.For the correct events to be audited and included in the Windows Event Log, your domain controllers require accurate Advanced Audit Policy settings. Note: Relevant Windows EventsFor Active Directory Federation Services (AD FS) events:1202 - The Federation Service validated a new credential1203 - The Federation Service failed to validate a new credential4624 - An account was successfully logged on4625 - An account failed to log onReference:https://docs.microsoft.com/en-us/defender-for-identity/prerequisiteshttps://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collectionQUESTION 331You configure several Microsoft Defender for Office 365 policies in a Microsoft 365 subscription.You need to allow a user named User1 to view Microsoft Defender for Office 365 reports in the Threat management dashboard.Which role provides User1 with the required role permissions?A. Security readerB. Compliance administratorC. Information Protection administratorD. Exchange administratorAnswer: AExplanation:In order to view and use the reports described in this article, you need to be a member of one of the following role groups in the Microsoft 365 Defender portal:- Organization Management- Security Administrator- Security Reader- Global ReaderNote:There are several versions of this question in the exam. The question has two possible correct answers:1. Security Administrator2. Security ReaderOther incorrect answer options you may see on the exam include the following:- Compliance administrator- Exchange administratorReference:https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-mdoQUESTION 332You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.You need to use a Fusion rule template to detect multistage attacks in which users sign in by using compromised credentials, and then delete multiple files from Microsoft OneDrive.Based on the Fusion rule template, you create an active rule that has the default settings.What should you do next?A. Add data connectors.B. Add a workbook.C. Add a playbook.D. Create a custom rule template.Answer: BExplanation:Create an automation ruleCreate a playbookAdd actions to a playbookAttach a playbook to an automation rule or an analytics rule to automate threat responsehttps://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbookQUESTION 333You have an Azure Sentinel workspace.You need to manage incidents based on alerts generated by Microsoft Cloud App Security.What should you do first?A. From the Cloud App Security portal, configure security extensions.B. From the Cloud App Security portal, configure app connectors.C. From the Cloud App Security portal, configure log collectors.D. From the Microsoft 365 compliance center, add and configure a data connector.Answer: AExplanation:Integrating with Microsoft SentinelIn the Defender for Cloud Apps portal, under the Settings cog, select Security extensions.On the SIEM agents tab, select add (+), and then choose Microsoft Sentinel.Reference:https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinelQUESTION 334You have a Microsoft 365 E5 subscription.You need to use Attack simulation training to launch a credential harvest simulation.For which Microsoft 365 workloads can you create a payload?A. Microsoft Exchange Online onlyB. Microsoft Teams, Exchange Online, SharePoint Online, and OneDriveC. Microsoft Teams and Exchange Online onlyD. Microsoft SharePoint Online and OneDrive onlyAnswer: DExplanation:Create a payload, select a payload type.On the Select type page, the only value that you can currently select is Email.Incorrect:Not A, Not B, Not C: Payloads cannot be created for Microsoft Exchange Online.Reference:https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-payloadsQUESTION 335You have a Microsoft 365 E5 subscription.You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites:- web1.contoso.com- web2.contoso.comThe solution must minimize administrative effort.To what should you set the Service domains setting for Endpoint DLP?A. web1.contoso.com and web2.contoso.comB. contoso.comC. *.contoso.comD. web*.contoso.comAnswer: AExplanation:An * is a wildcard for example : *.contoso.com wil include evrything befor .contoso.com and will be blockedweb*.contoso.com web1wil be blockedweb2 wil be blockedweb3 wil be blockedReference:https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-aboutQUESTION 336You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.You need to ensure that users can only share files with users at specified partner companies. The solution must minimize administrative effort.What should you do?A. Limit external sharing by domain.B. Set External sharing to New and existing guests.C. Allow only users in specific security groups to share externally.D. Set File and folder links to Specific people.Answer: AExplanation:Limiting domainsYou can limit domains by allowing only the domains you specify or by allowing all domains except those you block.To limit domains at the organization level1. Go to Sharing in the SharePoint admin center, and sign in with an account that has admin permissions for your organization.2. Under Advanced settings for external sharing, select the Limit external sharing by domain check box, and then select Add domains.3. To create an allowlist (most restrictive), select Allow only specific domains; to block only the domains you specify, select Block specific domains.4. List the domains (maximum of 3000) in the box provided, using the format domain.com.5. Etc.Reference:https://docs.microsoft.com/en-us/sharepoint/restricted-domains-sharingQUESTION 337Hotspot QuestionYou have a Microsoft 365 E5 tenant that contains a published sensitivity label named Sensitivity1.You plan to create an Azure Active Directory group named Group1 and assign Sensitivity1 to Group1.How should you configure Group1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: EnableMIPLabelsThe sensitivity label option is only displayed for groups when all the following conditions are met:* The feature is enabled, EnableMIPLabels is set to True in from the Azure AD PowerShell module.* The group is a Microsoft 365 group.* Etc.Box 2: Microsoft 365Incorrect:* Not ClassificationList:Classic classifications are the old classifications you set up by defining values for the ClassificationList setting in Azure AD PowerShell. When this feature is enabled, those classifications will not be applied to groups.Reference:https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-assign-sensitivity-labelsQUESTION 338Hotspot QuestionYou have a Microsoft E5 subscription that contains two users named User1 and User2.You have a Microsoft SharePoint site named Site1. Site1 stores files that contain IP addresses as shown in the following table. User1 is assigned the SharePoint admin role for Site1. User2 is a member of Site1.You create the data loss prevention (DLP) policy shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: YesNote: Key tasks of the SharePoint adminHere are some of the key tasks users can do when they are assigned to the SharePoint admin role:- Create sites- Delete sites - Manage sharing settings at the organization level- Add and remove site admins- Manage site storage limitsBox 2: NoFile1.text contains 3 IP addresses.Box 3: YesFile2.docx contains only 1 IP address.QUESTION 339Hotspot QuestionYou have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and a sensitivity label named Label1.The external sharing settings for Site1 are configured as shown in the Site1 exhibit. (Click the Site1 tab.) The external sharing settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1 is applied to Site1.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: YesThe Sensitive label setting of Label1 in the second exhibit 2overrides the setting in exhibit 1.Box 2: NoBox 3: NoQUESTION 340Drag and Drop QuestionYour company has two departments named department1 and department2 and a Microsoft 365 E5 subscription.You need to prevent communication between the users in department1 and the users in department2.How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: New-OrganizationSegmentUse the New-OrganizationSegment cmdlet to create organization segments for use with information barrier policies in the Microsoft Purview compliance portal.Organization Segments are not in effect until you apply information barrier policies.Syntax:New-OrganizationSegment -[-Name] <String>-UserGroupFilter <String>[-Confirm][-WhatIf][<CommonParameters>]Box 2: New-InformationBarrierPolicyTo define your first blocking policy, use the New-InformationBarrierPolicy cmdlet with the SegmentsBlocked parameter.Reference:https://docs.microsoft.com/en-us/powershell/module/exchange/new-organizationsegmenthttps://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policiesQUESTION 341You have a Microsoft 365 E5 subscription that contains the resources shown in the following table. You have a retention label configured as shown in the following exhibit. You apply the label to the resources.Which items can you delete?A. Mail1 onlyB. File1.docx and File2.xlsx onlyC. Mail1 and File1.docx onlyD. Mail1 and File2.xlsx onlyE. Mail1, File1.docx, and File2.xlsxAnswer: EExplanation:All the items can be deleted according to the settings.https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide#how-retention-settings-work-with-content-in-placeQUESTION 342You have a Microsoft 365 E5 subscription.You plan to implement retention policies for Microsoft Teams.Which item types can be retained?A. voice memos from the Teams mobile clientB. code snippetsC. embedded imagesAnswer: CExplanation:Code snippets, recorded voice memos from the Teams mobile client, thumbnails, announcement images, and reactions from others in the form of emoticons aren't retained when you use retention policies for Teams.https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teams?view=o365-worldwideQUESTION 343You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the data loss prevention (DLP) policies shown in the following table. The DLP rules are configured as shown in the following table. All the policies are assigned to Site1.You need to ensure that if a user uploads a document to Site1 that matches all the rules, the user will be shown the Tip 2 policy tip.What should you do?A. Enable additional processing of the policies if there is a match for Rule1.B. Prevent additional processing of the policies if there is a match for Rule2.C. Change the priority of DLP2 to 3.D. Change the priority of DLP2 to 0.Answer: DExplanation:The rule with priority 0 is processed first.Reference:https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-reference QUESTION 344Hotspot QuestionYou have a Microsoft 365 subscription that uses Microsoft Teams and contains the users shown in the following table. You have the retention policies shown in the following table. The users perform the actions shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: NoIt will be retained for seven years.Both Policy1 and Policy2 apply.If there is a conflict in how long to retain the same content, it is retained in the secured location for the longest retention period.Note: If you configure a Teams retention policy to retain chats or channel messages, usersBox 2: NoUser2 creates the message in chat. Policy2 applies. The message will be retained for 5 years.Box 3: YesAfter a retention policy is configured for chat and channel messages, a timer job from the Exchange service periodically evaluates items in the hidden mailbox folder where these Teams messages are stored. The timer job typically takes 1-7 days to run. When these items have expired their retention period, they are moved to the SubstrateHolds folder?€"another hidden folder that's in every user or group mailbox to store "soft-deleted" items before they're permanently deleted.Messages remain in the SubstrateHolds folder for at least 1 day, and then if they're eligible for deletion, the timer job permanently deletes them the next time it runs.Reference:https://docs.microsoft.com/en-us/microsoftteams/retention-policieshttps://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teamsQUESTION 345Your company has a Microsoft 365 E5 subscription that uses Microsoft Defender for identity.You plan to create a detection exclusion in Microsoft Defender for Identity.What should you use to create the detection exclusion?A. Microsoft Defender for Identity portalB. Microsoft 365 Compliance centerC. Microsoft Defender for Cloud Apps portalD. Microsoft 365 Defender portalAnswer: DExplanation:https://learn.microsoft.com/en-us/microsoft-365/security/defender-identity/exclusions?view=o365-worldwide#how-to-add-detection-exclusionsQUESTION 346You have a Microsoft 365 E5 subscription that contains the groups shown in the following table. You plan to implement privileged access in Microsoft 365.Which groups can you specify as the default approval group?A. Group1, Group2, or Group3 onlyB. Group4 onlyC. Group1, Group2, Group3, or Group4D. Group1, Group3, or Group4 onlyE. Group3 or Group4 onlyAnswer: CQUESTION 347You have an Azure Sentinel workspace.You need to manage incidents based on alerts generated by Microsoft Defender for Cloud Apps.What should you do first?A. From the Microsoft Defender for Cloud Apps portal, configure security extensions.B. From the Microsoft Defender for Cloud Apps portal, configure app connectors.C. From the Microsoft Defender for Cloud Apps portal, configure log collectors.D. From the Microsoft 365 Compliance admin center, add and configure a data connector.Answer: AExplanation:Integrating with Microsoft Sentinel:In the Defender for Cloud Apps portal, under the Settings cog, select Security extensions.https://learn.microsoft.com/en-us/defender-cloud-apps/siem-sentinelQUESTION 348Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains a server that runs Windows Server 2019, computers that run Windows 10, macOS, or Linux, and a firewall that utilizes syslog.You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. All the computers are onboarded to Microsoft Defender for Endpoint.You are implementing Microsoft Defender for Cloud Apps.You need to discover which cloud apps are accessed from the computers.Solution: You install a Microsoft Defender for Identity sensor on the server.Does this meet the goal?A. YesB. NoAnswer: AExplanation:https://docs.microsoft.com/en-us/defender-cloud-apps/mdi-integrationQUESTION 349Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains a server that runs Windows Server 2019, computers that run Windows 10, macOS, or Linux, and a firewall that utilizes syslog.You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. All the computers are onboarded to Microsoft Defender for Endpoint.You are implementing Microsoft Defender for Cloud Apps.You need to discover which cloud apps are accessed from the computers.Solution: You install a Microsoft Defender for Cloud Apps log collector and collect logs from the firewall.Does this meet the goal?A. YesB. NoAnswer: BQUESTION 350Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains a server that runs Windows Server 2019, computers that run Windows 10, macOS, or Linux, and a firewall that utilizes syslog.You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. All the computers are onboarded to Microsoft Defender for Endpoint.You are implementing Microsoft Defender for Cloud Apps.You need to discover which cloud apps are accessed from the computers.Solution: You install an Azure Arc agent on the workstations.Does this meet the goal?A. YesB. NoAnswer: BQUESTION 351Hotspot QuestionYou have a Microsoft 365 E5 subscription that contains the users shown in the following table. You create an assessment named Assessment1 as shown in the following exhibit. Which users can update the title of Assessment1, and which users can add User5 to the Compliance Manager Readers role group? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: Admin 1, Admin 2, User 4"Compliance Administrator" Azure AD role can also edit data same as "Compliance Manager Assessor".https://learn.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide#set-user-permissions-and-assign-rolesBox 2: Only Admin 1https://learn.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwideQUESTION 352Hotspot QuestionYou have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains three groups named Group1, Group2, and Group3 and the users shown in the following table. You create a new access package as shown in the following exhibit. You assign Package1 on June 1, 2021, by using die following configurations:- Select users: User1, User2, User3- Select policy: Initial policy- Assignment starts: June 1, 2021- Assignment ends: July 1, 2021For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: YesBox 2: NoLifecycle, Access package assignments expires: After 10 daysBox 3: YesThe access package resource roles includes: Group3 MemberNote: Entitlement management introduces to Azure AD the concept of an access package. An access package is a bundle of all the resources with the access a user needs to work on a project or perform their task. Access packages are used to govern access for your internal employees, and also users outside your organization.Here are the types of resources you can manage user's access to, with entitlement management:- Membership of Azure AD security groups- Membership of Microsoft 365 Groups and Teams- Assignment to Azure AD enterprise applications, including SaaS applications and custom-integrated applications that support federation/single sign-on and/or provisioning- Membership of SharePoint Online sitesReference:https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overviewQUESTION 353Hotspot QuestionYou have a Microsoft 365 subscription that contains 100 users.Microsoft Secure Score for the subscription is shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphicNOTE: Each correct selection is worth one point. Answer: Explanation:Box 1: 27 points- Security defaultsMicrosoft Secure Score has updated improvement actions to support security defaults in Azure Active Directory, which make it easier to help protect your organization with pre-configured security settings for common attacks.If you turn on security defaults, you'll be awarded full points for the following improvement actions:- Ensure all users can complete multi-factor authentication for secure access (9 points)- Require MFA for administrative roles (10 points)- Enable policy to block legacy authentication (7 points)Box 2: 3 pointsSome improvement actions only give points when fully completed. Some give partial points if they're completed for some devices or users.In this case: 30/100 * 10 = 3 pointsNote: How improvement actions are scoredEach improvement action is worth 10 points or less, and most are scored in a binary fashion. If you implement the improvement action, like create a new policy or turn on a specific setting, you get 100% of the points. For other improvement actions, points are given as a percentage of the total configuration.For example, an improvement action states you get 10 points by protecting all your users with multi-factor authentication. You only have 50 of 100 total users protected, so you'd get a partial score of 5 points (50 protected / 100 total * 10 max pts = 5 pts).Reference:https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-scoreQUESTION 354Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains a server that runs Windows Server 2019, computers that run Windows 10, macOS, or Linux, and a firewall that utilizes syslog.You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. All the computers are onboarded to Microsoft Defender for Endpoint.You are implementing Microsoft Defender for Cloud Apps.You need to discover which cloud apps are accessed from the computers.Solution: You enable Defender for Endpoint and Defender for Cloud Apps integration.Does this meet the goal?A. YesB. NoAnswer: AExplanation:https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-config?view=o365-worldwideQUESTION 355You have a Microsoft 365 E5 subscription that has Microsoft Defender for Office 365 enabled.You need to review the zero-hour auto purge (ZAP) configuration for the subscription.Which two threat policies should you review? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.A. Safe attachments Built-in protection (Microsoft)B. Anti-malware (Default) DefaultC. Safe links Built-in protection (Microsoft)D. Anti-spam outbound policy (Default)E. Office365 AntiPhish Default (Default)F. Anti-spam inbound policy (Default)Answer: BFExplanation:ZAP for malware is enabled by default in anti-malware policies. https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide#zero-hour-auto-purge-zap-for-malwareBy default, ZAP for phishing is enabled in anti-spam policies[...] https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide#zero-hour-auto-purge-zap-for-phishingResources From:1.2022 Latest Braindump2go MS-500 Exam Dumps (PDF & VCE) Free Share:https://www.braindump2go.com/ms-500.html2.2022 Latest Braindump2go MS-500 PDF and MS-500 VCE Dumps Free Share:https://drive.google.com/drive/folders/1aNtqQf5Y6RVkvLYKmpHNAsdmud4rO3gj?usp=sharing3.2021 Free Braindump2go MS-500 Exam Questions Download:https://www.braindump2go.com/free-online-pdf/MS-500-PDF-Dumps(323-356).pdfFree Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams! --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2022-10-25 08:47:12 Post date GMT: 2022-10-25 08:47:12 Post modified date: 2022-10-25 08:47:12 Post modified date GMT: 2022-10-25 08:47:12 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com