CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 26)

Page 26 of 86
PDF with 352 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.
You need to ensure that User1 can review Conditional Access policies.

Solution: You assign User1 the Security Administrator role.
Does that meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Security Administrator
Users with this role have permissions to manage security-related features in the Microsoft 365 Defender portal, Azure Active Directory Identity Protection, Azure Active Directory Authentication, Azure Information Protection, and Microsoft Purview compliance portal.

Can do:
Create conditional access policies
Delete conditional access policies
Read conditional access for policies
Read the owners of conditional access policies
Read the "applied to" property for conditional access policies
Etc.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.
You need to ensure that User1 can review Conditional Access policies.

Solution: You assign User1 the Authentication Administrator role.
Does that meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Authentication Administrator can access to view, set and reset authentication method information for any non-admin user.

Correct Solution: You assign User1 the Security Administrator role.

Security Administrator
Users with this role have permissions to manage security-related features in the Microsoft 365 Defender portal, Azure Active Directory Identity Protection, Azure Active Directory Authentication, Azure Information Protection, and Microsoft Purview compliance portal.

Can do:
Create conditional access policies
Delete conditional access policies
Read conditional access for policies
Read the owners of conditional access policies
Read the "applied to" property for conditional access policies
Etc.

Also Solution: You assign User1 the Security Reader role.
Security Reader can read security information and reports in Azure AD and Office 365.

Can do:
* microsoft.directory/conditionalAccessPolicies/standard/read
Read conditional access for policies

* microsoft.directory/conditionalAccessPolicies/owners/read
Read the owners of conditional access policies

* microsoft.directory/conditionalAccessPolicies/policyAppliedTo/read
Read the "applied to" property for conditional access policies


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



HOTSPOT (Drag and Drop is not supported)
You have a hybrid Microsoft 365 E5 environment that contains a synced user named User1.

You need to ensure that User1 can configure Microsoft Defender for Identity and deploy a Defender for Identity sensor. The solution must use the principle of least privilege.

Which role should you assign to User1, and to which group should you add User1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Security Administrator
Security Administrator
Users with this role have permissions to manage security-related features in the Microsoft 365 Defender portal, Azure Active Directory Identity Protection, Azure Active Directory Authentication, Azure Information Protection, and Microsoft Purview compliance portal.

Incorrect:
* Hybrid Identity Administrator
Users in this role can create, manage and deploy provisioning configuration setup from AD to Azure AD using Cloud Provisioning as well as manage Azure AD Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), Seamless Single Sign-On (Seamless SSO), and federation settings. Users can also troubleshoot and monitor logs using this role.

* Cloud App Security Administrator
Users with this role have full permissions in Defender for Cloud Apps. They can add administrators, add Microsoft Defender for Cloud Apps policies and settings, upload logs, and perform governance actions.

* Security Operator
Users with this role can manage alerts and have global read-only access on security-related features, including all information in Microsoft 365 Defender portal, Azure Active Directory, Identity Protection, Privileged Identity Management and Microsoft Purview compliance portal.

Box 2: Domain Admins
Microsoft Defender for Identity offers role-based security to safeguard data according to an organization's specific security and compliance needs. Defender for Identity support three separate roles: Administrators, Users, and Viewers.

Note: Default groups like the Domain Admins group are security groups that are created automatically when you create an Active Directory domain. You can use these predefined groups to help control access to shared resources and to delegate specific domain-wide administrative roles.

Note example: Security Administrator is not sufficient for creating the MDI Workspace.

Since there are three groups created in the background when creating the MDI Workspace, you must be either Global Administrator or Security Administrator AND Group Administrator.

Incorrect:
* Enterprise Admins - too many permissions.
* Account Operators, DnsAdmins - too few permissions.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator
https://learn.microsoft.com/en-us/defender-for-identity/role-groups
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups



You plan to deploy a new Microsoft 365 subscription that will contain 500 users.

You need to ensure that the following actions are performed when the users sign in to the subscription:

-Evaluate the users’ risk level based on their location and travel.
-Require high-risk users to sign in by using Azure Multi-Factor Authentication (Azure MFA).

The solution must minimize cost.
Which license should you assign to each user?

  1. Enterprise Mobility + Security E3
  2. Microsoft 365 Business Premium
  3. Microsoft 365 E3
  4. Microsoft 365 E5

Answer(s): A

Explanation:

Enterprise Mobility + Security E3 includes Azure Active Directory Premium P1, Microsoft Intune, Azure Information Protection P1, Microsoft Advanced Threat Analytics, Azure Rights Management (part of Azure Information Protection) and the Windows Server CAL rights.


Reference:

https://www.microsoft.com/en-us/licensing/product-licensing/enterprise-mobility-security



Page 26 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote