MS-500試験無料問題集「Microsoft 365 Security Administration 認定」
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription.
A customer requests that you provide her with all documents that reference her by name.
You need to provide the customer with a copy of the content.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A customer requests that you provide her with all documents that reference her by name.
You need to provide the customer with a copy of the content.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-office365
Your company has a Microsoft 365 subscription.
The company forbids users to enroll personal devices in mobile device management (MDM).
Users in the sales department have personal iOS devices.
You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant.
The users must be prevented from backing up the app's data to iCloud.
What should you create?
The company forbids users to enroll personal devices in mobile device management (MDM).
Users in the sales department have personal iOS devices.
You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant.
The users must be prevented from backing up the app's data to iCloud.
What should you create?
正解:D
解答を投票する
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to create a case that prevents the members of a group named Operations from deleting email messages that contain the word IPO.
To complete this task, sign in to the Microsoft Office 365 admin center.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to create a case that prevents the members of a group named Operations from deleting email messages that contain the word IPO.
To complete this task, sign in to the Microsoft Office 365 admin center.
正解:
See explanation below.
Explanation
1. Navigate to the Security & Compliance Center.
2. In the Security & Compliance Center, click eDiscovery > eDiscovery, and then click Create a case.
3. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.
The new case is displayed in the list of cases on the eDiscovery page.
After you create a case, the next step is to add members to the case. The eDiscovery Manager who created the case is automatically added as a member. Members have to be assigned the appropriate eDiscovery permissions so they can access the case after you add them.
4. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
5. Click the name of the case that you want to add members to.
The Manage this case flyout page is displayed.
6. Under Manage members, click Add to add members to the case.You can also choose to add a role group to the case. Under Manage role groups, click Add.
7. In the list of people or role groups that can be added as members of the case, click the check box next to the names of the people or role groups that you want to add.
8. After you select the people or role groups to add as members of the group, click Add.In Manage this case, click Save to save the new list of case members.
9. Click Save to save the new list of case members.
You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for an Office 365 Group. Similarly, you can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
To create a hold for an eDiscovery case:
1. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
2. Click Open next to the case that you want to create the holds in.
3. On the Home page for the case, click the Hold tab.
4. On the Hold page, click Create.
5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.
6. (Optional) In the Description box, add a description of the hold.
7. Click Next.
8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.
a. Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams again.
to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.
a. In the box under Keywords, type a search query in the box so that only the content that meets the search criteria is placed on hold. You can specify keywords, message properties, or document properties, such as file names. You can also use more complex queries that use a Boolean operator, such as AND, OR, or NOT. If you leave the keyword box empty, then all content located in the specified content locations will be placed on hold.
b. Click Add conditions to add one or more conditions to narrow the search query for the hold. Each condition adds a clause to the KQL search query that is created and run when you create the hold. For example, you can specify a date range so that email or site documents that were created within the date ranged are placed on hold. A condition is logically connected to the keyword query (specified in the keyword box) by the AND operator. That means that items have to satisfy both the keyword query and the condition to be placed on hold.
9. After configuring a query-based hold, click Next.
10. Review your settings, and then click Create this hold.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide
Explanation
1. Navigate to the Security & Compliance Center.
2. In the Security & Compliance Center, click eDiscovery > eDiscovery, and then click Create a case.
3. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.
The new case is displayed in the list of cases on the eDiscovery page.
After you create a case, the next step is to add members to the case. The eDiscovery Manager who created the case is automatically added as a member. Members have to be assigned the appropriate eDiscovery permissions so they can access the case after you add them.
4. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
5. Click the name of the case that you want to add members to.
The Manage this case flyout page is displayed.
6. Under Manage members, click Add to add members to the case.You can also choose to add a role group to the case. Under Manage role groups, click Add.
7. In the list of people or role groups that can be added as members of the case, click the check box next to the names of the people or role groups that you want to add.
8. After you select the people or role groups to add as members of the group, click Add.In Manage this case, click Save to save the new list of case members.
9. Click Save to save the new list of case members.
You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for an Office 365 Group. Similarly, you can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
To create a hold for an eDiscovery case:
1. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
2. Click Open next to the case that you want to create the holds in.
3. On the Home page for the case, click the Hold tab.
4. On the Hold page, click Create.
5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.
6. (Optional) In the Description box, add a description of the hold.
7. Click Next.
8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.
a. Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams again.
to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.
a. In the box under Keywords, type a search query in the box so that only the content that meets the search criteria is placed on hold. You can specify keywords, message properties, or document properties, such as file names. You can also use more complex queries that use a Boolean operator, such as AND, OR, or NOT. If you leave the keyword box empty, then all content located in the specified content locations will be placed on hold.
b. Click Add conditions to add one or more conditions to narrow the search query for the hold. Each condition adds a clause to the KQL search query that is created and run when you create the hold. For example, you can specify a date range so that email or site documents that were created within the date ranged are placed on hold. A condition is logically connected to the keyword query (specified in the keyword box) by the AND operator. That means that items have to satisfy both the keyword query and the condition to be placed on hold.
9. After configuring a query-based hold, click Next.
10. Review your settings, and then click Create this hold.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide
You company has a Microsoft 36S E5 subscription and a hybrid Azure active Directory named contoso.com.
Contoso.com includes the following users:
You configure Password protection for Contoso.com as shown in the following exhibit.
Contoso.com includes the following users:
You configure Password protection for Contoso.com as shown in the following exhibit.
正解:
Explanation
You have an Azure Sentinel workspace that has an Office 365 connector.
You are threat hunting events that have suspicious traffic from specific IP addresses.
You need to save the events and the relevant query results for future reference.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You are threat hunting events that have suspicious traffic from specific IP addresses.
You need to save the events and the relevant query results for future reference.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/bookmarks
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription.
You configure Microsoft Defender for Endpoint as shown in the following table.
You onboard devices to Microsoft Defender for Endpoint as shown in the following table.
Microsoft Defender for Endpoint contains the incidents shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You configure Microsoft Defender for Endpoint as shown in the following table.
You onboard devices to Microsoft Defender for Endpoint as shown in the following table.
Microsoft Defender for Endpoint contains the incidents shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
正解:
Explanation
You need to ensure that unmanaged mobile devices are quarantined when the devices attempt to connect to Exchange Online.
To complete this task, sign in to the Microsoft 365 portal.
To complete this task, sign in to the Microsoft 365 portal.
正解:
See explanation below.
Explanation
You need to configure the Exchange ActiveSync Access Settings.
Go to the Exchange admin center.
Click on Mobile in the left navigation pane.
On the Mobile Device Access page, click the Edit button in the Exchange ActiveSync Access Settings area.
Select the Quarantine option under When a mobile device that isn't managed by a rule or personal exemption connects to Exchange.
Optionally, you can configure notifications to be sent to administrators and a message to be sent to the mobile device user when a device is quarantined.
Click Save to save the changes.
Explanation
You need to configure the Exchange ActiveSync Access Settings.
Go to the Exchange admin center.
Click on Mobile in the left navigation pane.
On the Mobile Device Access page, click the Edit button in the Exchange ActiveSync Access Settings area.
Select the Quarantine option under When a mobile device that isn't managed by a rule or personal exemption connects to Exchange.
Optionally, you can configure notifications to be sent to administrators and a message to be sent to the mobile device user when a device is quarantined.
Click Save to save the changes.
You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization.
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email address that you intend to spoof belongs to the Executive group members.
What should you do first?
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email address that you intend to spoof belongs to the Executive group members.
What should you do first?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription that contains 100 users and a Microsoft 365 group named Group1.
All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.
A sensitivity label named Label1 is published as the default label for Group1.
You add two sublabels named Sublabel1 and Sublabel2 to Label1.
You need to ensure that the settings in Sublabel1 are applied by default to Group1.
What should you do?
All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.
A sensitivity label named Label1 is published as the default label for Group1.
You add two sublabels named Sublabel1 and Sublabel2 to Label1.
You need to ensure that the settings in Sublabel1 are applied by default to Group1.
What should you do?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Refer to exhibit.
Microsoft Defender for Endpoint contains the incidents shown in the following table.
For each of the following statements, select yes if the statement is true. Otherwise. select No.
Microsoft Defender for Endpoint contains the incidents shown in the following table.
For each of the following statements, select yes if the statement is true. Otherwise. select No.
正解:
Explanation
Graphical user interface, application Description automatically generated