Skip Navigation Links
 

Microsoft - MS-500: Microsoft 365 Security Administration

Sample Questions

Question: 188
Measured Skill: Implement and manage identity and access (30-35%)

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.

You need to allow a user named User1 to view ATP reports from the Threat management dashboard.

Which role provides User1 with the required role permissions?

ACompliance administrator
B Security reader
C Message center reader
D Reports reader

Correct answer: B

Explanation:

The Security & Compliance Center lets you grant permissions to people who perform compliance tasks like device management, data loss prevention, eDiscovery, retention, and so on. These people can perform only the tasks that you explicitly grant them access to. To access the Security & Compliance Center, users need to be a global administrator or a member of one or more Security & Compliance Center role groups.

Permissions in the Security & Compliance Center are based on the role-based access control (RBAC) permissions model.

Members of the Security Reader role have read-only access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center. By default, this role group may not appear to have any members. However, the Security Reader role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Reader role from Azure Active Directory.

Members of the Security Reader role can read security information and reports in Azure AD and Office 365.

Reference: Permissions in the Security & Compliance Center

Question: 189
Measured Skill: Implement and manage threat protection (20-25%)

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.

The security logs of the servers are collected by using a third-party SIEM solution.

You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.

What should you do?

(Each correct answer presents a complete solution. Choose two.)

AConfigure Azure ATP notifications.
B Configure Event Forwarding on the domain controllers.
C Configure auditing in the Office 365 Security & Compliance center.
D Modify the Domain synchronizer candidate settings on the Azure ATP sensors.

Correct answer: B, D

Explanation:

We have to specify the fully qualified domain name of the domain controller (which has port mirroring enabled) in the properties of the standalone sensor.

A second solution is to configure event forwarding. To enhance detection capabilities, Azure ATP needs the following Windows events: 4726, 4728, 4729, 4730, 4732, 4733, 4743, 4753, 4756, 4757, 4758, 4763, 4776, and 7041. These can either be read automatically by the Azure ATP sensor or in case the Azure ATP sensor is not deployed, it can be forwarded to the Azure ATP standalone sensor in one of two ways, by configuring the Azure ATP standalone sensor to listen for SIEM events or by configuring Windows Event Forwarding.

References: Configure Azure ATP sensor settings

Configuring Windows Event Forwarding

Question: 190
Measured Skill: Manage governance and compliance features in Microsoft 365 (25-30%)

You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.

All users in contoso.com use the Microsoft SharePoint Newsfeed.

You need to ensure that all the users use the Yammer.com service.

What should you do?

AFrom the Yammer admin center, modify the Usage Policy settings.
B From the SharePoint admin center, modify the Enterprise Social Collaboration settings.
C From the SharePoint admin center, modify the Connected Services settings.
D From the Yammer admin center, modify the Configuration settings.

Correct answer: B

Explanation:

Office 365 includes two options for enterprise social features in SharePoint: Yammer and Newsfeed. The SharePoint administrator selects which option users see when they click Conversations in SharePoint. By default, users see Newsfeed.

You can turn Yammer off or on for conversations in SharePoint by using the SharePoint Online admin center. You must be a global administrator to make this change.

  1. Sign in to Office 365 as a global admin.

  2. Select the app launcher icon  in the upper-left and choose Admin to open the Microsoft 365 admin center. (If you don't see the Admin tile, you don't have Office 365 administrator permissions in your organization.)

  3. In the left pane, choose Admin centers > SharePoint.

  4. Choose Settings on the left nav.

  5. Choose Classic settings page.

  6. Under Enterprise Social Collaboration, select Use Yammer.com service to turn it on for conversations in SharePoint.

Reference: SharePoint enterprise social experience - Yammer and Newsfeed

Question: 191
Measured Skill: Implement and manage identity and access (30-35%)

Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit.



The synchronization schedule is configured as shown in the following exhibit.



Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AWhich employees can authenticate by using Azure AD? Only employees who have an Azure AD account.
What should you do to remove the warning for pass-through authentication? Fix the synchronization server and install an additional authentication agent.
B Which employees can authenticate by using Azure AD? Only employees who have an Azure AD account.
What should you do to remove the warning for pass-through authentication? Install an additional authentication agent and run the Start-ADSyncSyncCycle cmdlet.
C Which employees can authenticate by using Azure AD? Employees who have an Azure AD user account and employees who have a synced on-premises account.
What should you do to remove the warning for pass-through authentication? Fix the synchronization server and install an additional authentication agent.
D Which employees can authenticate by using Azure AD? Employees who have an Azure AD user account and employees who have a synced on-premises account.
What should you do to remove the warning for pass-through authentication? Install an additional authentication agent and run the Start-ADSyncSyncCycle cmdlet.
E Which employees can authenticate by using Azure AD? Only employees who have a synced on-premises account.
What should you do to remove the warning for pass-through authentication? Install Azure AD Connect in staging mode and run the Start-ADSyncSyncCycle cmdlet.
F Which employees can authenticate by using Azure AD? Only employees who have a synced on-premises account.
What should you do to remove the warning for pass-through authentication? Fix the synchronization server and install Azure AD Connect in staging mode.

Correct answer: D

Explanation:

Users with Azure Active Directory accounts can authenticate to Azure AD regardless of the configuration or function of Azure AD Connect.

Password hash synchronization is enabled for on-premises Active Directory accounts. Users whose Active Directory accounts have already been successfully synchronized can authenticate to Azure AD with their credentials.

Pass-through authentication uses an opportunistic approach and falls back to username and password authentication in the event of failure. The possibility of authentication would not be restricted by a failure of the pass-through authentication agent.

The pass-through authentication warning icon is displayed because there is only a single agent running. Microsoft recommends using three or more active agents.



Question: 192
Measured Skill: Implement and manage information protection (15-20%)

You have a Microsoft 365 subscription.The subscription contains a Microsoft SharePoint Online site named Site1.

You have a Data Subject Request (DSR) case named Case1 that searches Site1.

You create a new sensitive information type.

You need to ensure that Case1 returns all the documents that contain the new sensitive information type.

What should you do first?

AFrom the Security & Compliance admin center, create a new Search by ID List.
B From Site1, modify the search dictionary.
C From the Security & Compliance admin center, create a new Guided search.
D From Site1, initiate a re-indexing of Site1.

Correct answer: D

Explanation:

To ensure that changes to the SharePoint content metadata are reflected by a customized search query, the content of Site1 must first be re-indexed.



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com