CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 22)

Page 22 of 86
PDF with 352 Questions

Your network contains an on-premises Active Directory domain. The domain contains a domain controller named DC1.

You have a Microsoft 365 E5 subscription.
You install the Microsoft Defender for Identity sensor on DC1.

You need to configure enhanced threat detection in Defender for Identity. The solution must ensure that the following events are collected from DC1:

-4726 - User Account Deleted
-4728 - Member Added to Global Security Group
-4776 - Domain Controller Attempted to Validate Credentials for an Account (NTLM)

What should you do on DC1?

  1. Install the Azure Monitor agent.
  2. Install System Monitor (SYSMON).
  3. Configure the Windows Event Collector service.
  4. Configure the Advanced Audit Policy Configuration policy.

Answer(s): D

Explanation:

Windows Event logs
Defender for Identity detection relies on specific Windows Event logs that the sensor parses from your domain controllers. For the correct events to be audited and included in the Windows Event log, your domain controllers require accurate Advanced Audit Policy settings.

For the correct events to be audited and included in the Windows Event Log, your domain controllers require accurate Advanced Audit Policy settings. Incorrect Advanced Audit Policy settings can lead to the required events not being recorded in the Event Log and result in incomplete Defender for Identity coverage.

Note: Relevant Windows Events
For Active Directory Federation Services (AD FS) events
1202 - The Federation Service validated a new credential
1203 - The Federation Service failed to validate a new credential
4624 - An account was successfully logged on
4625 - An account failed to log on

For other events
1644 - LDAP search
4662 - An operation was performed on an object
4726 - User Account Deleted
4728 - Member Added to Global Security Group
4729 - Member Removed from Global Security Group
4730 - Global Security Group Deleted
4732 - Member Added to Local Security Group
4733 - Member Removed from Local Security Group
4741 - Computer Account Added
4743 - Computer Account Deleted
4753 - Global Distribution Group Deleted
4756 - Member Added to Universal Security Group
4757 - Member Removed from Universal Security Group
4758 - Universal Security Group Deleted
4763 - Universal Distribution Group Deleted
4776 - Domain Controller Attempted to Validate Credentials for an Account (NTLM)
7045 - New Service Installed
8004 - NTLM Authentication


Reference:

https://docs.microsoft.com/en-us/defender-for-identity/prerequisites
https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection



You have a Microsoft 365 E5 subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

A user named User1 is eligible for the User Account Administrator role.
You need User1 to request to activate the User Account Administrator role.

From where should User1 request to activate the role?

  1. the My Access portal
  2. the Microsoft 365 Defender portal
  3. the Microsoft 365 admin center
  4. the Azure Active Directory admin center

Answer(s): A

Explanation:

Activate a role
When you need to assume an Azure AD role, you can request activation by opening My roles in Privileged Identity Management.

1. Sign in to the Azure portal.

2. Open Azure AD Privileged Identity Management

3. Select My roles, and then select Azure AD roles to see a list of your eligible Azure AD roles.

4. My roles page showing roles you can activate

5. In the Azure AD roles list, find the role you want to activate.

6. Azure AD roles - My eligible roles list

7. Select Activate to open the Activate pane.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-activate-role



You have a Microsoft 365 E5 subscription.
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?

  1. the SharePoint admin center
  2. the Microsoft 365 admin center
  3. the Microsoft Purview compliance portal
  4. the Azure Active Directory admin center

Answer(s): C

Explanation:

Use the Microsoft Purview compliance portal to enable support for sensitivity labels
This option is the easiest way to enable sensitivity labels for SharePoint and OneDrive, but you must sign in as a global administrator for your tenant.

1. Sign in to the Microsoft Purview compliance portal as a global administrator, and navigate to Solutions > Information protection > Labels

2. If you see a message to turn on the ability to process content in Office online files, select Turn on now:


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 tenant.
A conditional access policy is configured for the tenant as shown in the Policy exhibit. (Click the Policy tab.)


The User Administrator role is configured as shown in the Role setting exhibit. (Click the Role setting tab.)


The User Administrator role has the assignments shown in the Assignments exhibit. (Click the Assignments tab.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
In this scenario the User Administrator role is require justification on active assignment.

Require justification
You can require that users enter a business justification when they activate. To require justification, check the Require justification on active assignment box or the Require justification on activation box.

Box 2: Yes
Activation maximum duration is 8 hours.

Box 3: Yes
Require multifactor authentication
Privileged Identity Management provides enforcement of Azure AD Multi-Factor Authentication on activation and on active assignment.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings



Page 22 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote