MS-500試験無料問題集「Microsoft 365 Security Administration 認定」
You have a hybrid Microsoft 365 environment.
All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed. All the computers are joined to Active Directory.
You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft.
What should you do?
All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed. All the computers are joined to Active Directory.
You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft.
What should you do?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription that contains 1,000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You start a message trace, and then create a Data Subject request (DSR) case.
Does this meet the goal?
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You start a message trace, and then create a Data Subject request (DSR) case.
Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription that contains the users shown in the following table.
You create and enforce an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy that has the following settings:
Assignments: Include Group1, Exclude Group2
Conditions: User risk level of Medium and above
Access: Allow access, Require password change
The users attempt to sign in. The risk level for each user is shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create and enforce an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy that has the following settings:
Assignments: Include Group1, Exclude Group2
Conditions: User risk level of Medium and above
Access: Allow access, Require password change
The users attempt to sign in. The risk level for each user is shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Box 1: Yes.
User1 is in Group1 which the policy applies to.
Box 2: No
User2 is in Group2 which is excluded from the policy.
Box 3: No
User3 is in Group1 which is included in the policy and Group2 which is excluded from the policy. In this case, the exclusion wins so the policy does not apply to User3.
You discover that Microsoft SharePoint content is shared with users from multiple domains.
You need to allow sharing invitations to be sent only to users in an email domain named contoso.com.
To complete this task, sign in to the Microsoft 365 portal.
You need to allow sharing invitations to be sent only to users in an email domain named contoso.com.
To complete this task, sign in to the Microsoft 365 portal.
正解:
See explanation below.
Explanation
You need to configure the Sharing options in the SharePoint admin center.
Go to the SharePoint admin Center.
Navigate to Policies > Sharing.
In the External Sharing section, click on More external sharing settings.
Tick the Limit external sharing by domain checkbox.
Click the Add domains button.
Select the Allow only specific domains option and type in the domain contoso.com.
Click Save to save the changes.
Explanation
You need to configure the Sharing options in the SharePoint admin center.
Go to the SharePoint admin Center.
Navigate to Policies > Sharing.
In the External Sharing section, click on More external sharing settings.
Tick the Limit external sharing by domain checkbox.
Click the Add domains button.
Select the Allow only specific domains option and type in the domain contoso.com.
Click Save to save the changes.
You have an on-premises Hyper-V infrastructure that contains the following:
An Active Directory domain
A domain controller named Server1
A member server named Server2
A security policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.
You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.
What should you configure on each server? To answer, drag the appropriate components to the correct servers.
Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
7
An Active Directory domain
A domain controller named Server1
A member server named Server2
A security policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.
You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.
What should you configure on each server? To answer, drag the appropriate components to the correct servers.
Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
7
正解:
Explanation
Your on-premises network contains an Active Directory domain that syncs to Azure Active Directory (Azure AD) by using Azure AD Connect. The functional level of the domain. You need to deploy Windows Hello for Business. The solution must meet the following requirements:
* Ensure that users can access Microsoft 365 services and on-premises resources.
* Minimize administrative efforts
How should you deploy Windows Hello for Business, and which type of trust should you use? To answer, select the appropriate options in the answer area.
* Ensure that users can access Microsoft 365 services and on-premises resources.
* Minimize administrative efforts
How should you deploy Windows Hello for Business, and which type of trust should you use? To answer, select the appropriate options in the answer area.
正解:
See the explanation for answer.
Explanation
Answer is as below.
Explanation
Answer is as below.
Your company plans to merge with another company.
A user named Debra Berger is an executive at your company.
You need to provide Debra Berger with all the email content of a user named Alex Wilber that contains the word merger.
To complete this task, sign in to the Microsoft 365 portal.
A user named Debra Berger is an executive at your company.
You need to provide Debra Berger with all the email content of a user named Alex Wilber that contains the word merger.
To complete this task, sign in to the Microsoft 365 portal.
正解:
See explanation below.
Explanation
You need to run a content search then export the results of the search.
Go to the Microsoft 365 Compliance admin center.
Navigate to Content Search under the Solutions section in the left navigation pane.
Click on + New Search to create a new search.
In the Keywords box, type in 'merger'.
In the Locations section, select Specific locations then click the Modify link.
Click on the Choose users, groups or teams link.
Type Alex Wilber in the search field the select his account from the search results.
Click the Choose button to add the user then click Done.
Click Save to close the locations pane.
Click Save & run to run the search.
The next step is to export the results. Select the search then under Export results to a computer, click Start export.
On the Export the search results page, under Output options, select All items.
Under Export Exchange content as, select One PST file for each mailbox.
Click on Start export. When the export has finished, there will be an option to download the exported PST file.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/export-search-results?view=o365-worldwide
Explanation
You need to run a content search then export the results of the search.
Go to the Microsoft 365 Compliance admin center.
Navigate to Content Search under the Solutions section in the left navigation pane.
Click on + New Search to create a new search.
In the Keywords box, type in 'merger'.
In the Locations section, select Specific locations then click the Modify link.
Click on the Choose users, groups or teams link.
Type Alex Wilber in the search field the select his account from the search results.
Click the Choose button to add the user then click Done.
Click Save to close the locations pane.
Click Save & run to run the search.
The next step is to export the results. Select the search then under Export results to a computer, click Start export.
On the Export the search results page, under Output options, select All items.
Under Export Exchange content as, select One PST file for each mailbox.
Click on Start export. When the export has finished, there will be an option to download the exported PST file.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/export-search-results?view=o365-worldwide
You haw a Microsoft 365 subscription that contains the users shown in the following table.
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group3.
.
Does this meet the goal?
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group3.
.
Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 E5 subscription that has Microsoft Defender for Office 365 enabled.
You need to review the zero-hour auto purge (ZAP) configuration for the subscription.
Which two threat policies should you review? Each correct answer presents part of the solution NOTE: Each correct selection is worth one point,
You need to review the zero-hour auto purge (ZAP) configuration for the subscription.
Which two threat policies should you review? Each correct answer presents part of the solution NOTE: Each correct selection is worth one point,
正解:A,F
解答を投票する
You need to ensure that all users must change their password every 100 days.
To complete this task, sign in to the Microsoft 365 portal.
To complete this task, sign in to the Microsoft 365 portal.
正解:
See explanation below.
Explanation
You need to configure the Password Expiration Policy.
Sign in to the Microsoft 365 Admin Center.
In the left navigation pane, expand the Settings section then select the Settings option.
Click on Security and Privacy.
Select the Password Expiration Policy.
Ensure that the checkbox labelled Set user passwords to expire after a number of days is ticked.
Enter 100 in the Days before passwords expire field.
Click Save changes to save the changes.
Explanation
You need to configure the Password Expiration Policy.
Sign in to the Microsoft 365 Admin Center.
In the left navigation pane, expand the Settings section then select the Settings option.
Click on Security and Privacy.
Select the Password Expiration Policy.
Ensure that the checkbox labelled Set user passwords to expire after a number of days is ticked.
Enter 100 in the Days before passwords expire field.
Click Save changes to save the changes.