CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 23)

Page 23 of 86
PDF with 352 Questions

HOTSPOT (Drag and Drop is not supported)
Your company has a Microsoft 365 E5 subscription and a hybrid Azure Active Directory named contoso.com.

Contoso.com includes the following users:


You configure Password protection for Contoso.com as shown in the following exhibit.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Yes

Note: The following considerations and limitations apply to the custom banned password list:

-The custom banned password list can contain up to 1000 terms.
-The custom banned password list is case-insensitive.
-The custom banned password list considers common character substitution, such as "o" and "0", or "a" and "@".
-The minimum string length is four characters, and the maximum is 16 characters.

Box 2: Yes
The $ character is OK when it used instead of an S.

Box 3: No


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection



You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can use the Microsoft 365 compliance center to search audit logs and identify which users were added to Microsoft 365 role groups. The solution must use the principle of least privilege.

To which role group should you add User1?

  1. View-Only Organization Management
  2. Security Reader
  3. Organization Management
  4. Compliance Management

Answer(s): A

Explanation:

View-Only Organization Management - Members can view the properties of any object in the Exchange Online organization.

Note: You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center.

To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group.

Incorrect:
Not C: Organization Management - Members have administrative access to the entire Exchange Online organization and can perform almost any task in Exchange Online.

Not D: Compliance Management - Members can configure and manage compliance settings within Exchange in accordance with their policies.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription.
You need to create a conditional access policy named Policy1 that meets the following requirements:

-Enforces multi-factor authentication (MFA)
-Requires that users reauthenticate after eight hours

Which settings should you configure in Policy1 for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Grant
Enforces multi-factor authentication (MFA)

Create a Conditional Access policy (see step 7 below)
The following steps will help create a Conditional Access policy to require all users do multifactor authentication.

1. Sign in to the Azure portal as a Conditional Access Administrator, Security Administrator, or Global Administrator.
2. Browse to Azure Active Directory > Security > Conditional Access.
3. Select New policy.
4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
5. Under Assignments, select Users or workload identities.
-Under Include, select All users
-Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
6. Under Cloud apps or actions > Include, select All cloud apps.
-Under Exclude, select any applications that don't require multifactor authentication.
7. Under Access controls > Grant, select Grant access, Require multifactor authentication, and select Select.
8. Confirm your settings and set Enable policy to Report-only.
9. Select Create to create to enable your policy.
After confirming your settings using report-only mode, an administrator can move the Enable policy toggle from Report-only to On.

Box 2: Session
Requires that users reauthenticate after eight hours

User sign-in frequency
Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource.

Sign-in frequency control (see step 6 below)
1. Sign in to the Azure portal as a Conditional Access Administrator, Security Administrator, or Global Administrator.

2. Browse to Azure Active Directory > Security > Conditional Access.

3. Select New policy.

4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.

5. Choose all required conditions for customer’s environment, including the target cloud apps.

6. Under Access controls > Session.
Select Sign-in frequency.
Choose Periodic reauthentication and enter a value of hours or days or select Every time.

7. Save your policy.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription that contains three users named Use1, User2, and User3.
You have Azure Active Directory (Azure AD) roles that have the role activation settings shown in the following table.


You have Azure AD roles that have the role assignment settings shown in the following table.


The Azure AD roles have eligible users assigned as shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: No
Approvers are not able to approve their own role activation requests.

Box 2: No
User1 is not an Approver of Rol2.

Box 3: Yes
Require justification
You can require that users enter a business justification when they activate. To require justification, check the Require justification on active assignment box or the Require justification on activation box.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings



Page 23 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote