MS-500 : Microsoft 365 Security Administration : Part 09

MS-500 : Microsoft 365 Security Administration : Part 09

1. You have an Azure Active Directory (Azure AD) tenant that has a Microsoft 365 subscription.

   You recently configured the tenant to require multi-factor authentication (MFA) for risky sign-ins.

   You need to review the users who required MFA.

   What should you do?

   • From the Microsoft 365 admin center, review a Security & Compliance report
   • From the Security & Compliance admin center, run an audit log search and download the results to a CSV file
   • From the Azure Active Directory admin center, review the Authentication methods activities
   • From the Azure Active Directory admin center, download the sign-ins to a CSV file

2. HOTSPOT

   You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active Directory (Azure AD) tenant as shown in the following exhibit.

   

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

3. HOTSPOT

   You have a Microsoft 365 subscription that includes three users named User1, User2, and User3.

   A file named File1.docx is stored in Microsoft OneDrive. An automated process updates File1.docx every minute.

   You create an alert policy named Policy1 as shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

4. You have a Microsoft 365 subscription.

   All users are assigned a Microsoft 365 E5 license.

   How long will auditing data be retained?

   • 30 days
   • 90 days
   • 365 days
   • 5 years
   Explanation:

   For users assigned an Office 365 E5 or Microsoft 365 E5 license, audit records are retained for one year (365 days) by default.

   Incorrect Answers:
   B: For users assigned any non-E5 Office 365 or Microsoft 365 license, audit records are retained for 90 days.

5. HOTSPOT

   You have a Microsoft 365 subscription.

   You create a retention label named Label1 as shown in the following exhibit.

   

   You publish Label1 to SharePoint sites.

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

6. You have a Microsoft 365 subscription.

   You create a retention policy and apply the policy to Exchange Online mailboxes.

   You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible.

   What should you do?

   • From Exchange Online PowerShell, run Start-RetentionAutoTagLearning
   • From Exchange Online PowerShell, run Start-ManagedFolderAssistant
   • From the Security & Compliance admin center, create a data loss prevention (DLP) policy
   • From the Security & Compliance admin center, create a label policy

7. You have a Microsoft 365 subscription.

   You need to ensure that users can manually designate which content will be subject to data loss prevention (DLP) policies.

   What should you create first?

   • A retention label in Microsoft Office 365
   • A custom sensitive information type
   • A Data Subject Request (DSR)
   • A safe attachments policy in Microsoft Office 365
   Explanation: 
   A DLP policy can help protect sensitive information, which is defined as a sensitive information type.

8. You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.

   All users in contoso.com use the Microsoft SharePoint Newsfeed.

   You need to ensure that all the users use the Yammer.com service.

   What should you do?

   • From the Yammer admin center, modify the Usage Policy settings
   • From the SharePoint admin center, modify the Enterprise Social Collaboration settings
   • From the SharePoint admin center, modify the Connected Services settings
   • From the Yammer admin center, modify the Configuration settings

9. You have a Microsoft 365 E5 subscription.

   A user reports that changes were made to several files in Microsoft OneDrive.

   You need to identify which files were modified by which users in the user’s OneDrive.

   What should you do?

   • From the Azure Active Directory admin center, open the audit log
   • From the OneDrive admin center, select Device access
   • From Microsoft 365 Compliance, perform an eDiscovery search
   • From Microsoft Cloud App Security, open the activity log 

10. HOTSPOT

    You have a Microsoft 365 subscription.

    You are creating a retention policy named Retention1 as shown in the following exhibit. (Click the Exhibit tab.)

    

    You apply Retention1 to SharePoint sites and OneDrive accounts.

    Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

    NOTE: Each correct selection is worth one point.

    

    

11. DRAG DROP

    You have a Microsoft 365 subscription.

    A customer requests that you provide her with all documents that reference her by name.

    You need to provide the customer with a copy of the content.

    Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    

    

12. You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • From the Cloud App Security admin center, create a file policy.
    • From the SharePoint admin center, modify the Site Settings.
    • From the Compliance admin center, create a label.
    • From the SharePoint admin center, modify the records management settings.
    • From the Compliance admin center, publish a label.

13. You recently created and published several label policies in a Microsoft 365 subscription.

    You need to view which labels were applied by users manually and which labels were applied automatically.

    What should you do from the Security & Compliance admin center?

    • From Search & investigation, select Content search
    • From Alerts, select View alerts
    • From eDiscovery, view an eDiscovery case
    • From Reports, select Dashboard

14. You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription. Contoso.com contains the groups shown in the following table.

    

    You plan to create a supervision policy named Policy1.

    You need to identify which groups can be supervised by using Policy1.

    Which groups should you identify?

    • Group1 and Group4 only
    • Group1 only
    • Group1, Group3, and Group4 only
    • Group2 and Group3 only
    • Group1, Group2, and Group3 only

15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription.

    You have a user named User1. Several users have full access to the mailbox of User1.

    Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

    When you search the audit log in Microsoft 365 Compliance to identify who signed in to the mailbox of User1, the results are blank.

    You need to ensure that you can view future sign-ins to the mailbox of User1.

    You run the Set-MailboxFolderPermission –Identity “User1”
    -User [email protected] –AccessRights Owner command.

    Does that meet the goal?

    • Yes
    • No

16. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription that contains the users shown in the following table.

    

    You discover that all the users in the subscription can access Compliance Manager reports.

    The Compliance Manager Reader role is not assigned to any users.

    You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.

    Solution: You recommend assigning the Compliance Manager Reader role to User1.

    Does this meet the goal?

    •  Yes
    • No
    Explanation: 
    We need to prevent User5 from accessing the compliance manager reports. Assigning Compliance Manager Reader role to User1 will prevent the User5 from accessing the reports.

17. HOTSPOT

    You have a Microsoft 365 tenant.

    You need to retain Azure Active Directory (Azure AD) audit logs for two years. Administrators must be able to query the audit log information by using the Azure Active Directory admin center.

    What should you do? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription that contains the users shown in the following table.

    

    You discover that all the users in the subscription can access Compliance Manager reports.

    The Compliance Manager Reader role is not assigned to any users.

    You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.

    Solution: You recommend modifying the licenses assigned to User5.

    Does this meet the goal?

    •  Yes
    • No
    Explanation: 
    We need to prevent User5 from accessing the compliance manager reports. Assigning Compliance Manager Reader role to User1 will prevent the User5 from accessing the reports.

19. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription that contains the users shown in the following table.

    

    You discover that all the users in the subscription can access Compliance Manager reports.

    The Compliance Manager Reader role is not assigned to any users.

    You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.

    Solution: You recommend assigning the Compliance Manager Reader role to User5.

    Does this meet the goal?

    •  Yes
    • No

20. You have a Microsoft 365 subscription.

    You enable auditing for the subscription.

    You plan to provide a user named Auditor with the ability to review audit logs.

    You add Auditor to the Global administrator role group.

    Several days later, you discover that Auditor disabled auditing.

    You remove Auditor from the Global administrator role group and enable auditing.

    You need to modify Auditor to meet the following requirements:

    – Be prevented from disabling auditing
    – Use the principle of least privilege
    – Be able to review the audit log

    To which role group should you add Auditor?

    • Security reader
    • Compliance administrator
    • Security operator
    • Security administrator

21. You have a Microsoft 365 E3 subscription.

    You plan to audit all Microsoft Exchange Online user and admin activities.

    You need to ensure that all the Exchange audit log records are retained for one year.

    What should you do?

    • Modify the retention period of the default audit retention policy.
    • Create a custom audit retention policy.
    • Assign Microsoft 365 Enterprise E5 licenses to all users.
    • Modify the record type of the default audit retention policy.

22. You have a Microsoft 365 subscription.

    You have a team named Team1 in Microsoft Teams.

    You plan to place all the content in Team1 on hold.

    You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team1.

    Which cmdlet should you use?

    • Get-UnifiedGroup

    • Get-MailUser

    • Get-Team

    • Get-TeamChannel

23. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription that contains the users shown in the following table.

    

    You discover that all the users in the subscription can access Compliance Manager reports.

    The Compliance Manager Reader role is not assigned to any users.

    You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.

    Solution: You recommend removing User1 from the Compliance Manager Contributor role.

    Does this meet the goal?

    • Yes
    • No

24. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription.

    You have a user named User1. Several users have full access to the mailbox of User1.

    Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

    When you search the audit log in Microsoft 365 Compliance admin center to identify who signed in to the mailbox of User1, the results are blank.

    You need to ensure that you can view future sign-ins to the mailbox of User1.

    You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true
    -AdminAuditLogCmdlets *Mailbox* command.

    Does that meet the goal?

    • Yes
    • No