CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 20)

Page 20 of 86
PDF with 352 Questions

You have a Microsoft 365 tenant that has modern authentication enabled.
You have Windows 10, MacOS, Android, and iOS devices that are managed by using Microsoft Endpoint Manager.

Some users have older email client applications that use Basic authentication to connect to Microsoft Exchange Online.

You need to implement a solution to meet the following security requirements:

-Allow users to connect to Exchange Online only by using email client applications that support modern authentication protocols based on OAuth 2.0.
-Block connections to Exchange Online by any email client applications that do NOT support modern authentication.

What should you implement?

  1. a conditional access policy in Azure Active Directory (Azure AD)
  2. an application control profile in Microsoft Endpoint Manager
  3. a compliance policy in Microsoft Endpoint Manager
  4. an OAuth app policy in Microsoft Defender for Cloud Apps

Answer(s): A

Explanation:

Block clients that don't support multi-factor with a Conditional Access policy.

Note: Clients that do not use modern authentication can bypass Conditional Access policies, so it's important to block these.

Incorrect:
Not D: OAuth app policies enable you to investigate which permissions each app requested and which users authorized them for Office 365, Google Workspace, and Salesforce. You're also able to mark these permissions as approved or banned.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-policies



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains a user named User1 and multiple Windows 10 devices. The devices are Azure AD joined and protected by using BitLocker Drive Encryption (BitLocker).

You need to ensure that User1 can perform the following actions:

-View BitLocker recovery keys.
-Configure the usage location for the users in the tenant.

The solution must use the principle of least privilege.

Which two roles should you assign to User1 in the Microsoft 365 admin center? To answer, select the appropriate roles in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Helpdesk admin
View BitLocker recovery keys.
Helpdesk Admins can read bitlocker metadata and key on devices

Note: One of the following should be enough:

-Global admins
-Intune Service Administrators
-Security Administrators
-Security Readers
-Helpdesk Admins

Box 2: User Administrator
Configure the usage location for the users in the tenant.

The User Administrator can manage all aspects of users and groups, including resetting passwords for limited admins.
The User Administrator cam manage all user properties including User Principal Name
Update (FIDO) device keys


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



HOTSPOT (Drag and Drop is not supported)
Your on-premises network contains an Active Directory domain that syncs to Azure Active Directory (Azure AD) by using Azure AD Connect. The functional level of the domain is Windows Server 2019.

You need to deploy Windows Hello for Business. The solution must meet the following requirements:

-Ensure that users can access Microsoft 365 services and on-premises resources.
-Minimize administrative effort.

How should you deploy Windows Hello for Business and which type of trust should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Hybrid
Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources.

Box 2: Certificate
The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows devices to trust the domain controller.


Reference:

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription.
You need to create a role-assignable group. The solution must ensure that you can nest the group.

How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Security only
You can add an existing Security group to another existing Security group (also known as nested groups), creating a member group (subgroup) and a parent group. The member group inherits the attributes and properties of the parent group, saving you configuration time.

Incorrect:
Not supported:
Adding Security groups to Microsoft 365 groups.
Adding Microsoft 365 groups to Security groups or other Microsoft 365 groups.

Box 2: Assigned only
The membership type for role-assignable groups must be Assigned and can't be an Azure AD dynamic group.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-membership-azure-portal



Page 20 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote