MS-500 無料問題集「Microsoft 365 Security Administration」
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You register devices in contoso.com as shown in the following table.
You create app protection policies in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You register devices in contoso.com as shown in the following table.
You create app protection policies in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy
You haw a Microsoft 365 subscription that contains the users shown in the following table.
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group1.
Does this meet the goal?
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group1.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have a Microsoft 365 subscription.
You are creating a retention policy named Retention1 as shown in the following exhibit.
You apply Retention1 to SharePoint sites and OneDrive accounts.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You are creating a retention policy named Retention1 as shown in the following exhibit.
You apply Retention1 to SharePoint sites and OneDrive accounts.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Explanation
You have a Microsoft 365 subscription.
The Global administrator role is assigned to your user account. You have a user named Admin1.
You create an eDiscovery case named Case1.
You need to ensure that Admin1 can view the results of Case1.
What should you do first?
The Global administrator role is assigned to your user account. You have a user named Admin1.
You create an eDiscovery case named Case1.
You need to ensure that Admin1 can view the results of Case1.
What should you do first?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1. The review has the following settings:
Review name: Review1
Start date: 01-15-2020
Frequency: One time
End date: 02-14-2020
Users to review: Assigned to an application
Scope: Everyone
Applications: App1
Reviewers: Members (self)
Auto apply results to resource: Enable
Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1. The review has the following settings:
Review name: Review1
Start date: 01-15-2020
Frequency: One time
End date: 02-14-2020
Users to review: Assigned to an application
Scope: Everyone
Applications: App1
Reviewers: Members (self)
Auto apply results to resource: Enable
Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Graphical user interface, text Description automatically generated
You need to implement a solution to manage when users select links in documents or email messages from Microsoft Office 365 ProPlus applications or Android devices. The solution must meet the following requirements:
Block access to a domain named fabrikam.com
Store information when the users select links to fabrikam.com
To complete this task, sign in to the Microsoft 365 portal.
Block access to a domain named fabrikam.com
Store information when the users select links to fabrikam.com
To complete this task, sign in to the Microsoft 365 portal.
正解:
See explanation below.
Explanation
You need to configure a Safe Links policy.
Go to the Office 365 Security & Compliance admin center.
Navigate to Threat Management > Policy > Safe Links.
In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.
In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.
In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.
Click Save to save the changes.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=
Explanation
You need to configure a Safe Links policy.
Go to the Office 365 Security & Compliance admin center.
Navigate to Threat Management > Policy > Safe Links.
In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.
In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.
In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.
Click Save to save the changes.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=
You have a Microsoft 365 E5 subscription that uses Microsoft Endpoint Manager.
The Compliance policy settings are configured as shown in the following exhibit.
On February 25, 2020, you create the device compliance policies shown in the following table.
On March 1. 2020, users enroll Windows 10 devices in Microsoft Endpoint Manager as shown in the following table
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The Compliance policy settings are configured as shown in the following exhibit.
On February 25, 2020, you create the device compliance policies shown in the following table.
On March 1. 2020, users enroll Windows 10 devices in Microsoft Endpoint Manager as shown in the following table
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Box 1: Yes
Device2 is in Group2 so Policy2 applies.
Device2 is not compliant with Policy2. However, the device won't be marked as non-compliant until 10 days after the device was enrolled.
Box 2: Yes
Device1 is in Group1 and Group2 so both Policy1 and Policy2 apply.
Device1 is compliant with Policy1 but non-compliant with Policy2. However, the device won't be marked as non-compliant until 10 days after the device was enrolled.
Box 3: No
Device1 is in Group1 and Group2 so both Policy1 and Policy2 apply.
Device1 is compliant with Policy1 but non-compliant with Policy2.
March 12th is more than 10 days after the device was enrolled so it will now be marked as non-compliant by Policy2.
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Box 1: No
User1 will receive the two alerts classified as medium or higher.
Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 2: No
User2 will receive the two alerts classified as medium or higher.
Email alerts are sent to all global admins, security admins and security readers Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 3: No
User3 will not receive alters.
Email alerts are sent to all global admins, security admins and security readers.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-r
Your on-premises network contains an Active Directory domain that syncs to Azure Active Directory (Azure AD) by using Azure AD Connect. The functional level of the domain. You need to deploy Windows Hello for Business. The solution must meet the following requirements:
* Ensure that users can access Microsoft 365 services and on-premises resources.
* Minimize administrative efforts
How should you deploy Windows Hello for Business, and which type of trust should you use? To answer, select the appropriate options in the answer area.
* Ensure that users can access Microsoft 365 services and on-premises resources.
* Minimize administrative efforts
How should you deploy Windows Hello for Business, and which type of trust should you use? To answer, select the appropriate options in the answer area.
正解:
See the explanation for answer.
Explanation
Answer is as below.
Explanation
Answer is as below.
You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Endpoint Manager.
You need to enable Microsoft Defender Exploit Guard (Microsoft Defender EG) on the devices.
Which type of device configuration profile should you use?
You need to enable Microsoft Defender Exploit Guard (Microsoft Defender EG) on the devices.
Which type of device configuration profile should you use?
正解:B
解答を投票する
You have an Azure subscription and a Microsoft 365 subscription.
You need to perform the following actions:
Deploy Azure Sentinel.
Collect the Microsoft 365 activity log by using Azure Sentinel.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to perform the following actions:
Deploy Azure Sentinel.
Collect the Microsoft 365 activity log by using Azure Sentinel.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation
Graphical user interface, text, application, chat or text message Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365