MS-500試験無料問題集「Microsoft 365 Security Administration 認定」
Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed.
You have a Microsoft Azure subscription.
You are deploying Azure Advanced Threat Protection (ATP)
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Azure subscription.
You are deploying Azure Advanced Threat Protection (ATP)
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn
You have a Microsoft 365 E5 subscription that contains a security group named Group1 and the users shown in the following table.
You assign the Compliance Manager roles to the users as shown in the following table.
You add two assessments to Compliance Manager as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You assign the Compliance Manager roles to the users as shown in the following table.
You add two assessments to Compliance Manager as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Text Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-assessments?view=o365-world
You have a Microsoft 365 subscription that include three users named User1, User2, and User3.
A file named File1.docx is stored in Microsoft OneDrive. An automated process updates File1.docx every minute.
You create an alert policy named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
A file named File1.docx is stored in Microsoft OneDrive. An automated process updates File1.docx every minute.
You create an alert policy named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You register devices in contoso.com as shown in the following table.
You create app protection policies in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You register devices in contoso.com as shown in the following table.
You create app protection policies in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation
References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-config
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-change
You have a Microsoft 365 E5 subscription that contains a user named Used.
You need to ensure that User! can use the Microsoft 365 compliance center to search audit logs and identify which users were added to Microsoft 365 role groups. The solution must use the principle of least privilege.
To which role group should you add User1?
You need to ensure that User! can use the Microsoft 365 compliance center to search audit logs and identify which users were added to Microsoft 365 role groups. The solution must use the principle of least privilege.
To which role group should you add User1?
正解:D
解答を投票する
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. All the devices in the tenant are managed by using Microsoft Intune.
You purchase a cloud app named App1 that supports session controls.
You need to ensure that access to App can be reviewed in real time.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You purchase a cloud app named App1 that supports session controls.
You need to ensure that access to App can be reviewed in real time.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation
References:
https://docs.microsoft.com/en-us/cloud-app-security/access-policy-aad
You need to implement a solution to manage when users select links in documents or email messages from Microsoft Office 365 ProPlus applications or Android devices. The solution must meet the following requirements:
Block access to a domain named fabrikam.com
Store information when the users select links to fabrikam.com
To complete this task, sign in to the Microsoft 365 portal.
Block access to a domain named fabrikam.com
Store information when the users select links to fabrikam.com
To complete this task, sign in to the Microsoft 365 portal.
正解:
See explanation below.
Explanation
You need to configure a Safe Links policy.
Go to the Office 365 Security & Compliance admin center.
Navigate to Threat Management > Policy > Safe Links.
In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.
In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.
In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.
Click Save to save the changes.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=
Explanation
You need to configure a Safe Links policy.
Go to the Office 365 Security & Compliance admin center.
Navigate to Threat Management > Policy > Safe Links.
In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.
In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.
In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.
Click Save to save the changes.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to identify which users can perform the following actions:
Configure a user risk policy.
View the risky users report.
Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to identify which users can perform the following actions:
Configure a user risk policy.
View the risky users report.
Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365.
You need to protect users from malicious emails that attempt to capture their credentials. The solution must ensure that suspicious emails contain tips alerting the users to potential threats.
What should you create?
You need to protect users from malicious emails that attempt to capture their credentials. The solution must ensure that suspicious emails contain tips alerting the users to potential threats.
What should you create?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription that contains the users shown in the following table.
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You create a conditional access policy for User1, User2, and User3, Does this meet the goal?
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You create a conditional access policy for User1, User2, and User3, Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 description that contains a user named User1.
You need to that User1 can review registration and usage activity reports for Azure Multi-Factor Authentication (Azure MFA) for the subscription. The solution must meet the following requirements:
* Minimize Costs
* use the principle Of least privilege
What should you assign to user1?
You need to that User1 can review registration and usage activity reports for Azure Multi-Factor Authentication (Azure MFA) for the subscription. The solution must meet the following requirements:
* Minimize Costs
* use the principle Of least privilege
What should you assign to user1?
正解:
Explanation
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: You configure the sign-in risk policy to block access when the sign-in risk level is high.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: You configure the sign-in risk policy to block access when the sign-in risk level is high.
Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)