CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 25)

Page 25 of 86
PDF with 352 Questions

HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.


You plan to enable Microsoft Defender for Endpoint role-based access control (RBAC).
You need to identify which users can enable RBAC in Microsoft Defender for Endpoint, and which users will lose access to Microsoft 365 Defender portal after RBAC in enabled.

Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: User1 and User2 only.
Which users can enable RBAC in Microsoft Defender for Endpoint?

When you first log in to the Microsoft 365 Defender portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD.

Box 2: User4 only.
Which users will lose access to Microsoft 365 Defender portal after RBAC in enabled?

Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Microsoft 365 Defender portal, therefore, having the right groups ready in Azure AD is important.

The Security Reader will lose access. Security Operator and Application Administrator did not have access in the first place.


Reference:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide



You have a Microsoft 365 E5 subscription that contains the users shown in the following table.


Azure AD Identity Protection detects that the account of User1 is at risk and generates an alert.
How many users will receive the alert?

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5

Answer(s): C

Explanation:

Configure users at risk detected alerts
As an administrator, you can set:

The user risk level that triggers the generation of this email - By default, the risk level is set to “High” risk.
The recipients of this email - Users in the Global Administrator, Security Administrator, or Security Reader roles are automatically added to this list. We attempt to send emails to the first 20 members of each role. If a user is enrolled in PIM to elevate to one of these roles on demand, then they will only receive emails if they are elevated at the time the email is sent.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-notifications



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.


You have the Privileged Access settings configured as shown in the following exhibit.


You have a privileged access policy that has the following settings:
-Policy name: New Transport Rule
-Policy type: Task
-Policy scope: Exchange
-Approval Type: Manual
-Approver group: Group1

User1 requests access to the New Transport Rule policy for a duration of two hours.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: No
With privileged Access Management you can even prevent a Global Admin to make a specific task without approval.

Box 2: Yes

Note:
The default approval group is Group2. User2 is member of Group2.
The approver group for privileged access policy is Group1. User1 is member of Group1.

Box 3: No


Reference:

https://microsoftlearning.github.io/MS-500-Microsoft-365-Security/Instructions/Labs/MS500T00/LAB_AK_13_Lab1_Ex1_Privileged_Access.html



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.
You need to ensure that User1 can review Conditional Access policies.

Solution: You assign User1 the Security Reader role.
Does that meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Security Reader can read security information and reports in Azure AD and Office 365.

Can do:
* microsoft.directory/conditionalAccessPolicies/standard/read
Read conditional access for policies

* microsoft.directory/conditionalAccessPolicies/owners/read
Read the owners of conditional access policies

* microsoft.directory/conditionalAccessPolicies/policyAppliedTo/read
Read the "applied to" property for conditional access policies


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



Page 25 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote