CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-500

Free MS-500 Exam Braindumps (page: 44)

Page 44 of 86
PDF with 352 Questions

DRAG DROP (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and contains a Windows 10 device named Device1.

You have a PowerShell script named script1 that collects forensic data and saves the results as a file on the device from which the script is run.

You receive a Microsoft Defender for Endpoint alert for suspicious activities on Device1.
You need to run script1 on Device1 and retrieve the output file of the script.

Which four actions should you perform in sequence in Microsoft 365 Defender portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Step 1: Select Initiate Live Response Session.
Initiate a live response session on a device
1. Sign in to Microsoft 365 Defender portal.
2. Navigate to Endpoints > Device inventory and select a device to investigate. The devices page opens.
3. Launch the live response session by selecting Initiate live response session. A command console is displayed. Wait while the session connects to the device.
4. Use the built-in commands to do investigative work.
5. After completing your investigation, select Disconnect session, then select Confirm.

Note: Initiate live response Session
Live response is a capability that gives you instantaneous access to a device by using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats in real time.

Live response is designed to enhance investigations by enabling you to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.

Step 2: Run the putfile command
putfile - Puts a file from the library to the device. Files are saved in a working folder and are deleted when the device restarts by default.

Step 3: Run the run command
run - Runs a PowerShell script from the library on the device.

Step 4: Run the getfile command
getfile <file_path> - Downloads a file.

For scenarios when you'd like get a file from a device you're investigating, you can use the getfile command. This allows you to save the file from the device for further investigation.

Incorrect:
* Select Collect Investigation package.
Collect investigation package from devices
As part of the investigation or response process, you can collect an investigation package from a device. By collecting the investigation package, you can identify the current state of the device and further understand the tools and techniques used by the attacker.

* Run the analyze command
Analyze - Analyses the entity with various incrimination engines to reach a verdict.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts



You have a Microsoft 365 E5 subscription and a Microsoft Sentinel workspace named Sentinel1.
You need to launch the Guided Investigation – Process Alerts notebook in Sentinel1.
What should you create first?

  1. an Azure logic app
  2. a Log Analytics workspace
  3. an Azure Machine Learning workspace
  4. a Kusto query

Answer(s): C

Explanation:

Create an Azure ML workspace from Microsoft Sentinel.

Hunt for security threats with Jupyter notebooks
As part of your security investigations and hunting, launch and run Jupyter notebooks to programmatically analyze your data.

You can create an Azure Machine Learning (ML) workspace, launch notebook from Sentinel portal to your Azure ML workspace, and run code in the notebook.


Reference:

https://learn.microsoft.com/en-us/azure/sentinel/notebooks-hunt



You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.


The devices are enrolled in Microsoft Endpoint Manager.
Which devices will be included in the encryption report?

  1. Device1, Device3, and Device4 only
  2. Device1 only
  3. Device1 and Device2 only
  4. Device2 and Device4 only
  5. Device1, Device2, Device3, and Device4

Answer(s): C

Explanation:

The encryption report supports reporting on devices that run the following operating system versions:

macOS 10.13 or later
Windows version 1607 or later


Reference:

https://learn.microsoft.com/en-us/mem/intune/protect/encryption-monitor



You have a Microsoft 365 E5 subscription named contoso.com.
You create a user named User1.

You need to ensure that User1 can change the status of Microsoft Defender for Identity health alerts. The solution must use principle of the least principle.

What should you do?

  1. From the Microsoft 365 Defender portal, assign User1 the Security Operator role.
  2. From the Microsoft 365 admin center, add User1 to the Azure ATP contoso.com Administrators group.
  3. From the Microsoft 365 admin center, add User1 to the Azure ATP contoso.com Users group.
  4. From the Microsoft 365 admin center, assign User1 the Hybrid Identity Administrator role.

Answer(s): A

Explanation:

Security Operator
Users with this role can manage alerts and have global read-only access on security-related features, including all information in Microsoft 365 Defender portal, Azure Active Directory, Identity Protection, Privileged Identity Management and Microsoft Purview compliance portal.

Can do:
* microsoft.directory/identityProtection/allProperties/allTasks
Create and delete all resources, and read and update standard properties in Azure AD Identity Protection.

* microsoft.directory/privilegedIdentityManagement/allProperties/read
Read all resources in Privileged Identity Management.

Incorrect:
* Administrators - too many permissions.
* Users group - too few permissions.
* Hybrid Identity Administrator - not correction permissions
Users in this role can create, manage and deploy provisioning configuration setup from AD to Azure AD using Cloud Provisioning as well as manage Azure AD Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), Seamless Single Sign-On (Seamless SSO), and federation settings. Users can also troubleshoot and monitor logs using this role.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference



Page 44 of 86



Post your Comments and Discuss Microsoft MS-500 exam with other Community members:

Romero commented on March 23, 2022
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Darville commented on February 09, 2023
I passed my exam thanks to this brain dumps. The dump is comprehensive and the practice questions were tough but effective.
UNITED STATES
upvote

Con2000 commented on April 25, 2022
This exam dumps is valid in South Africa.
SOUTH AFRICA
upvote

Willard commented on April 23, 2022
The questions are helpful for passing the exam as they are from actual exam but if you want to learn just books.
UNITED KINGDOM
upvote

Romero commented on March 23, 2022
I never use these dumps sites but I had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES
upvote

Manpreet commented on March 23, 2022
I passed the exam today. This exam questions dump is quite accurate.
UNITED STATES
upvote

IT. Boss commented on October 15, 2021
I just logged in to my account and I have officially passed the exam. Gerat job on these exam dumps guys.
CANADA
upvote

Tesla.101 commented on October 15, 2021
The practice questions are precise and spot-on. It helped me pass.
SINGAPORE
upvote

QandA Guy commented on July 20, 2021
I have just passed this exam. So I wanted to thank you guys.
MEXICO
upvote

Lim commented on June 24, 2020
Thank you for releasing the Mac version of the Xengine App. I can practice the questions and simulate the exam on my MacBook now.
SWEDEN
upvote

Romero commented on April 18, 2020
This fukcing dumps are real. Just passed my exam yesterday.
UNITED STATES
upvote

Amanda commented on April 09, 2020
To all you guys out there. First of all stay at home and try to schedule your exam online if available. Second I did mine exam yesterday and got my certificate. The Xengine Software is very cool.
UNITED STATES
upvote

TestGirl commented on October 18, 2019
The file had a lot of the questions from the exam. However, it was missing 15% of the questions from my exam
UNITED STATES
upvote