MS-500 Online Practice Questions and Answers

Correct Answer:

Reference: https://cloudbuild.co.uk/tag/create-a-dynamic-security-group-in-azure-ad/

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Correct Answer:

Reference: https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts?tabs=new

https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings?tabs=new

Correct Answer:

Box 1: Security only

You can add an existing Security group to another existing Security group (also known as nested groups), creating a member group (subgroup) and a parent group. The member group inherits the attributes and properties of the parent group,

saving you configuration time.

Incorrect:

Not supported:

Adding Security groups to Microsoft 365 groups.

Adding Microsoft 365 groups to Security groups or other Microsoft 365 groups.

Box 2: Assigned only

The membership type for role-assignable groups must be Assigned and can't be an Azure AD dynamic group.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-membership-azure-portal

Correct Answer:

Box 1: No

The Group1 membership rule 'Name Start with Device' applies to Device1.

However, the higher ranked Group2 membership rule 'Tag Equals Tag1' also applies to Device1, and overrules the lower ranked rule.

Note: Specify the matching rule that determines which device group belongs to the group based on the device name, domain, tags, and OS platform. If a device is also matched to other groups, it's added only to the highest ranked device

group.

Box 2: No

The Group1 membership rule 'Name Start with Device' applies Device2.

No other rule applies.

Box 3: Yes

The Group3 rule applies for Computer3.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups

Correct Answer:

User 1 access through CA1 (forms) with Location:(included as nothing else is stated) trusted location = require MFA YES

User 2 access through CA2 (planner) with Location:(included as nothing else is stated) NY = nothing NO

User 3 access through CA1 (forms) with Location:(included as nothing else is stated) trusted location = require MFA, but NY is not a trusted location in the include, so no MFA will be promted. NO

Correct Answer: See explanation below.

1.

Navigate to Manage Alerts in the Security and Compliance Center.

2.

On the Activity alerts page, click + New.

3.

Complete the following fields to create an activity alert:

The flyout page to create an activity alert is displayed.

a.

Name - Type a name for the alert. Alert names must be unique within your organization.

b.

Description (Optional) - Describe the alert, such as the activities and users being tracked, and the users that email notifications are sent to. Descriptions provide a quick and easy way to describe the purpose of the alert to other admins.

c.

Alert type - Make sure the Custom option is selected.

d.

Send this alert when - Click Send this alert when and then configure these two fields:

Activities - Click the drop-down list to display the activities that you can create an alert for. This is the same activities list that's displayed when you search the Office 365 audit log. You can select one or more specific activities or you can click

the activity group name to select all activities in the group. For a description of these activities, see the "Audited activities" section in Search the audit log. When a user performs any of the activities that you've added to the alert, an email

notification is sent.

Users - Click this box and then select one or more users. If the users in this box perform the activities that you added to the Activities box, an alert will be sent. Leave the Users box blank to send an alert when any user in your organization

performs the activities specified by the alert.

e.

Send this alert to - Click Send this alert, and then click in the Recipients box and type a name to add a user's who will receive an email notification when a user (specified in the Users box) performs an activity (specified in the Activities

box). Note that you are added to the list of recipients by default. You can remove your name from this list.

4. Click Save to create the alert.

The new alert is displayed in the list on the Activity alerts page.

The status of the alert is set to On. Note that the recipients who will receive an email notification when an alert is sent are also listed.

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/create-activity-alerts?view=o365-worldwide

Correct Answer: DE

Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles

Correct Answer: A

Microsoft Purview Information Barriers (IB) is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint Online, and OneDrive for Business.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers

Correct Answer: A

In order to view and use the reports described in this article, you need to be a member of one of the following role groups in the Microsoft 365 Defender portal: Organization Management Security Administrator Security Reader Global Reader Note: There are several versions of this question in the exam. The question has two possible correct answers:

1.

Security Administrator

2.

Security Reader Other incorrect answer options you may see on the exam include the following: Message center reader Service administrator Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-mdo

Correct Answer: CE