CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 29)

Page 29 of 86
PDF with 352 Questions

DRAG DROP (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.

You receive the following alerts:
-Suspected Netlogon privilege elevation attempt
-Suspected Kerberos SPN exposure
-Suspected DCSync attack

To which stage of the cyber-attack kill chain does each alert map? To answer, drag the appropriate alerts to the correct stages. Each alert may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Compromised credential
The following security alerts help you identify and remediate Compromised credential phase suspicious activities detected by Defender for Identity in your network. In this tutorial, you'll learn how to understand, classify, remediate and prevent the following types of attacks:

Suspected Netlogon privilege elevation attempt (CVE-2020-1472 exploitation) (external ID 2411)
Suspected Kerberos SPN exposure (external ID 2410)
Etc.

Box 2: Compromised credential

Box 3: Domain dominance
The following security alerts help you identify and remediate Domain dominance phase suspicious activities detected by Defender for Identity in your network. In this tutorial, learn how to understand, classify, prevent, and remediate the following attacks:

Suspected DCSync attack (replication of directory services) (external ID 2006)
Etc.


Reference:

https://docs.microsoft.com/en-us/defender-for-identity/compromised-credentials-alerts
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 subscription.
You configure Microsoft Defender for Endpoint as shown in the following table.


You onboard devices to Microsoft Defender for Endpoint as shown in the following table.


Microsoft Defender for Endpoint contains the incidents shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: No
File1.exe on Device1 is suspicious. Device1 is in Group1. Group1 has automation level Full - remediate threats automatically.

Note: Full automation (recommended) means remediation actions are taken automatically on artifacts determined to be malicious.

Box 2: Yes
File2 on Device2 is malicious. Device2 is in Group2. Group2 has automation level Semi - require approval for core folders.

Note: Semi-automation means some remediation actions are taken automatically, but other remediation actions await approval before being taken.

Semi - require approval for core folders remediation:
With this level of semi-automation, approval is required for any remediation actions needed on files or executables that are in core folders. Core folders include operating system directories, such as the Windows (\windows\*).
Remediation actions can be taken automatically on files or executables that are in other (non-core) folders.

Box 3: No
File3 on Device3 is malicious. Device3 is in Group3. Group3 has automation level Semi - require approval for all folders.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels



You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.


You plan to use Microsoft 365 Attack Simulator.
You need to identify the users against which you can use Attack Simulator. Which users should you identify?

  1. User3 only
  2. User1, User2, User3, and User4
  3. User3 and User4 only
  4. User1 and User3 only

Answer(s): C

Explanation:

Each targeted recipient must have an Exchange Online mailbox.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365- worldwide



SIMULATION
You need to implement a solution to manage when users select links in documents or email messages from Microsoft Office 365 ProPlus applications or Android devices. The solution must meet the following requirements:

-Block access to a domain named fabrikam.com
-Store information when the users select links to fabrikam.com

To complete this task, sign in to the Microsoft 365 portal.

  1. See Explanation section for answer.

Answer(s): A

Explanation:

You need to configure a Safe Links policy.
1. Go to the Office 365 Security & Compliance admin center.
2. Navigate to Threat Management > Policy > Safe Links.
3. In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.
4. In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.
5. In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.
6. Click Save to save the changes.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies? view=o365-worldwide



Page 29 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote