CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 24)

Page 24 of 86
PDF with 352 Questions

You have a hybrid Azure Active Directory (Azure AD) tenant that has pass-through authentication enabled.

You plan to implement Azure AD Identity Protection and enable the user risk policy.
You need to configure the environment to support the user risk policy.

What should you do first?

  1. Enable the sign-in risk policy.
  2. Enforce the multi-factor authentication (MFA) registration policy.
  3. Configure a conditional access policy.
  4. Enable password hash synchronization.

Answer(s): D

Explanation:

Some premium features of Azure AD, like Identity Protection and Azure AD Domain Services, require password hash synchronization, no matter which authentication method you choose.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn



You configure several Microsoft Defender for Office 365 policies in a Microsoft 365 subscription.

You need to allow a user named User1 to view Defender for Office 365 reports from the Threat management dashboard.

Which role provides User1 with the required role permissions?

  1. Reports reader
  2. Exchange administrator
  3. Security administrators
  4. Compliance administrator

Answer(s): A

Explanation:

Reports Reader
Users with this role can view usage reporting data and the reports dashboard in Microsoft 365 admin center and the adoption context pack in Power BI. Additionally, the role provides access to all sign-in logs, audit logs, and activity reports in Azure AD and data returned by the Microsoft Graph reporting API. A user assigned to the Reports Reader role can access only relevant usage and adoption metrics. They don't have any admin permissions to configure settings or access the product-specific admin centers like Exchange. This role has no access to view, create, or manage support tickets.

Incorrect:
* Exchange administrator
Can manage all aspects of the Exchange product.

* Security Administrator
Can read security information and reports, and manage configuration in Azure AD and Office 365.

* Compliance Administrator
Can read and manage compliance configuration and reports in Azure AD and Microsoft 365.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



A company named Contoso, Ltd. acquires a company named Fabrikam, Inc.

Users at each company continue to use their company’s Microsoft 365 tenant. Both companies have hybrid Azure Active Directory (Azure AD) tenants configured as shown in the following table.


In the Contoso tenant, you create a new Microsoft 365 group named FabrikamUsers, and you add FabrikamUsers as a member of a Microsoft Teams team named Corporate.

You need to add Fabrikam users to the FabrikamUsers group.
What should you do first?

  1. Configure the Contoso tenant to use pass-through authentication as the authentication method.
  2. In the Contoso tenant, create a new conditional access policy.
  3. In the Contoso tenant, create guest accounts for all the Fabrikam users.
  4. Configure the Fabrikam tenant to use federation as the authentication method.

Answer(s): D

Explanation:

Federated authentication is primarily for large enterprise organizations with more complex authentication requirements. AD DS identities are synchronized with Microsoft 365 and users accounts are managed on-premises.

Topologies for Azure AD Connect
Multiple forests, single Azure AD tenant


Many organizations have environments with multiple on-premises Active Directory forests. There are various reasons for having more than one on-premises Active Directory forest. Typical examples are designs with account-resource forests and the result of a merger or acquisition.

When you have multiple forests, all forests must be reachable by a single Azure AD Connect sync server. The server must be joined to a domain.
The default configuration in Azure AD Connect sync assumes:

* Each user has only one enabled account, and the forest where this account is located is used to authenticate the user. This assumption is for password hash sync, pass-through authentication and federation. UserPrincipalName and sourceAnchor/immutableID come from this forest.
* Each user has only one mailbox.
* Etc.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
https://learn.microsoft.com/en-us/microsoft-365/enterprise/deploy-identity-solution-identity-model



You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can configure an Azure Active Directory (Azure AD) Identity Protection user risk policy and receive Azure AD Identity Protection alerts. The solution must use the principle of least privilege.

Which role should you assign to User1?

  1. Security Operator
  2. Identity Governance Administrator
  3. Security Administrator
  4. Security Reader

Answer(s): A

Explanation:

The Security Operator creates and manages security events.
Users with this role can manage alerts and have global read-only access on security-related features, including all information in Microsoft 365 security center, Azure Active Directory, Identity Protection, Privileged Identity Management and Office 365 Security & Compliance Center.
Includes:
* Azure AD Identity Protection
All permissions of the Security Reader role
Additionally, the ability to perform all Identity Protection Center operations except for resetting passwords and configuring alert e-mails.

* Etc.

Incorrect:
* Identity Governance Administrator
Users with this role can manage Azure AD identity governance configuration, including access packages, access reviews, catalogs and policies, ensuring access is approved and reviewed and guest users who no longer need access are removed.

* Reports Reader
Users with this role can view usage reporting data and the reports dashboard in Microsoft 365 admin center and the adoption context pack in Power BI.

* Security Administrator
Can read security information and reports, and manage configuration in Azure AD and Office 365.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



Page 24 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote