[更新されたのは2022年]Microsoft MS-500問題準備には無料サンプルのPDF
2022年最新の認定サンプル問題MS-500問題集と練習試験合格させます
Microsoft MS-500 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 76
You need to ensure that all users must change their password every 100 days.
To complete this task, sign in to the Microsoft 365 portal.
正解:
解説:
See explanation below.
Explanation
You need to configure the Password Expiration Policy.
* Sign in to the Microsoft 365 Admin Center.
* In the left navigation pane, expand the Settings section then select the Settings option.
* Click on Security and Privacy.
* Select the Password Expiration Policy.
* Ensure that the checkbox labelled Set user passwords to expire after a number of days is ticked.
* Enter 100 in the Days before passwords expire field.
* Click Save changes to save the changes.
質問 77
You have a Microsoft 365 subscription.
You need to enable auditing for all Microsoft Exchange Online users.
What should you do?
- A. Run the Set-MailboxDatabasecmdlet
- B. Run the Set-Mailboxcmdlet
- C. From the Exchange admin center, create a mail flow message trace rule.
- D. From the Exchange admin center, create a journal rule
正解: B
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing
質問 78
You need to configure threat detection for Active Directory. The solution must meet the security requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
質問 79
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: No
User1 will receive the two alerts classified as medium or higher.
Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 2: No
User2 will receive the two alerts classified as medium or higher.
Email alerts are sent to all global admins, security admins and security readers Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 3: No
User3 will not receive alters.
Email alerts are sent to all global admins, security admins and security readers.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-r
質問 80
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
* Administrators must be notified when the Security administrator role is activated.
* Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-config
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-change
質問 81
You need to resolve the issue that targets the automated email messages to the IT team.
Which tool should you run first?
- A. Azure AD Connect wizard
- B. Synchronization Rules Editor
- C. Synchronization Service Manager
- D. IdFix
正解: A
解説:
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization Overview Litware, Inc. is a financial company that has 1,000 users in its main office in Chicago and 100 users in a branch office in San Francisco.
質問 82
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that a user named Lee Gu can manage all the settings for Exchange Online. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Office 365 admin center.
正解:
解説:
In the Exchange Administration Center (EAC), navigate to Permissions > Admin Roles.
Select the group: Organization Management and then click on Edit.
In the Members section, click on Add.
Select the users, USGs, or other role groups you want to add to the role group, click on Add, and then click on OK.
Click on Save to save the changes to the role group.
Reference:
https://help.bittitan.com/hc/en-us/articles/115008104507-How-do-I-assign-the-elevated-admin-role-Organization-Management-to-the-account-that-is-performing-a-Public-Folder-migration-
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
質問 83
You have a Microsoft 365 subscription.
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and syncing files.
What should you do?
- A. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy
- B. Run the Set-SPODataConnectionSettingcmdlet and specify the AssignmentCollection parameter
- C. From the SharePoint admin center, configure the Access control settings
- D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy
正解: C
解説:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
質問 84
You have an AzureActive Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You register devices in contoso.com as shown in the following table.
You create app protection policies in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy
質問 85
You have a Microsoft 365 E5 subscription and 5,000 users.
You create several alert policies thatare triggered every time activities match rules.
You need to create an alert policy that is triggered when the volume of matched activities becomes unusual.
What should you do first?
- A. Enable MicrosoftOffice 365 analytics.
- B. Enable Microsoft Office 365 Cloud App Security.
- C. Enable Microsoft Office 365 auditing.
- D. Deploy a Microsoft Office 365 add-in to all the users.
正解: A
質問 86
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User5.
Does this meet the goal?
- A. Yes
- B. No
正解: B
解説:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/working-with-compliance-manager
質問 87
You need to recommend a solution that meets the technical and security requirements for sharing data with the partners.
What should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Create an access review.
- B. Assign the Guest inviter role to User1.
- C. Modify the External collaboration settings in the Azure Active Directory admin center.
- D. Assign the Global administrator role to User1.
正解: A,B
解説:
Topic 2, Litware, Inc
Overview
Litware, Inc. is a financial company that has 1,000 users in its main office in Chicago and 100 users in a branch office in San Francisco.
Existing Environment
Internal Network Infrastructure
The network contains a single domain forest. The forest functional level is Windows Server 2016.
Users are subject to sign-in hour restrictions as defined in Active Directory.
The network has the IP address range shown in the following table.
The offices connect by using Multiprotocol Label Switching (MPLS).
The following operating systems are used on the network:
* Windows Server 2016
* Windows 10 Enterprise
* Windows 8.1 Enterprise
The internal network contains the systems shown in the following table.
Litware uses a third-party email system.
Cloud Infrastructure
Litware recently purchased Microsoft 365 subscription licenses for all users.
Microsoft Azure Active Directory (Azure AD) Connect is installed and uses the default authentication settings. User accounts are not yet synced to Azure AD.
You have the Microsoft 365 users and groups shown in the following table.
Planned Changes
Litware plans to implement the following changes:
Migrate the email system to Microsoft Exchange Online
Implement Azure AD Privileged Identity Management
Security Requirements
Litware identities the following security requirements:
* Create a group named Group2 that will include all the Azure AD user accounts. Group2 will be used to provide limited access to Windows Analytics
* Create a group named Group3 that will be used to apply Azure Information Protection policies to pilot users. Group3 must only contain user accounts
* Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest
* Prevent users locked out of Active Directory from signing in to Azure AD and Active Directory
* Implement a permanent eligible assignment of the Compliance administrator role for User1
* Integrate Windows Defender and Windows Defender ATP on domain-joined servers
* Prevent access to Azure resources for the guest user accounts by default
* Ensure that all domain-joined computers are registered to Azure AD
Multi-factor authentication (MFA) Requirements
Security features of Microsoft Office 365 and Azure will be tested by using pilot Azure user accounts.
You identify the following requirements for testing MFA.
Pilot users must use MFA unless they are signing in from the internal network of the Chicago office. MFA must NOT be used on the Chicago office internal network.
If an authentication attempt is suspicious, MFA must be used, regardless of the user location Any disruption of legitimate authentication attempts must be minimized General Requirements Litware want to minimize the deployment of additional servers and services in the Active Directory forest.
質問 88
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
- A. Configure auditing in the Office 365 Security & Compliance center.
- B. Integrate SIEM and Azure ATP.
- C. Modify the Domain synchronizer candidate's settings on the Azure ATP sensors.
- D. Turn off Delayed updates for the Azure ATP sensors.
正解: C
解説:
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5
質問 89
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.
You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks:
* Create and run playbooks.
* Manage incidents.
The solution must use the principle of least privilege.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Automation Operator
- B. Azure Sentinel responder
- C. Azure Sentinel contributor
- D. Logic App contributor
- E. Automation Runbook Operator
正解: C,D
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/sentinel/roles
質問 90
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308








You need to create a retention policy that contains a data label. The policy must delete all Microsoft Office
365 content that is older than six months.
To complete this task, sign in to the Microsoft 365 admin center.
正解:
解説:
See explanation below.
Explanation
Creating Office 356 labels is a two-step process. The first step is to create the actual label which includes the name, description, retention policy, and classifying the content as a record. Once this is completed, the second step requires the deployment of a label using a labelling policy which specifies the specific location to publish and applying the label automatically.
To create an Office 365 label, following these steps:
1. Open Security and Compliance Centre;
2. Click on Classifications;
3. Click on Labels;
4. The label will require configuration including: name your label (Name), add a description for the admins ( Description for Admins), add a description for the users (Description for Users);
5. Click Next once the configuration is completed;
6. Click Label Settings on the left-hand side menu;
7. The Label Settings will need to be configured. On this screen, you can toggle the Retention switch to either
"on" or "off". If you choose "on", then you can answer the question "When this label is applied to content" with one of two options. The first option is to . From the pick boxes, you can choose the length of retention and upon the end of the retention, the action that will take place. The three actions are to delete the data, trigger an approval flow for review, or nothing can be actioned. The second option is to not retain the data after a specified amount of time or based on the age of the data; and
8. The label has now been created.
To create a label policy, follow these steps:
1. Open Security and Compliance Centre
2. Click on Data Governance, Retention
3. Choose Label Policies box at the top of the screen; and
4. There are now two options. The first is to . If your organization wants its end users to apply the label manually, then this is the option you would choose. Note that this is location based. The second op tion is to Auto-apply Labels. With Auto-apply, you would have the ability to automatically apply a label when it meets the specified criteria.
References:
https://www.maadarani.com/office-365-classification-and-retention-labels/
質問 91
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User5.
Does this meet the goal?
- A. Yes
- B. No
正解: B
質問 92
You have a Microsoft 365 subscription.
You identify the following data loss prevention (DLP) requirements:
* Send notifications to users if they attempt to send attachments that contain EU social security numbers
* Prevent any email messages that contain credit card numbers from being sent outside your organization
* Block the external sharing of Microsoft OneDrive content that contains EU passport numbers
* Send administrators email alerts if any rule matches occur.
What is the minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 93
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
* Assignments: Include Group1, Exclude Group2
* Conditions: Sign in risk of Low and above
* Access: Allow access, Require password multi-factor authentication
You need to identify how the policy affects User1 and User2.
What occurs when each user signs in from an anonymous IP address? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 94
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 contains the folders shown in the following table.
At 09:00, you create a Microsoft Cloud App Security policy named Policy1 as shown in the following exhibit.
After you create Policy1, you upload files to Site1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/data-protection-policies
質問 95
You have the Microsoft conditions shown in the following table.
You have the Azure Information Protection labels shown in the following table.
You have the Azure Information Protection policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Explanation
質問 96
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend removing User1 from the Compliance Manager Contributor role.
Does that meet the goal?
- A. Yes
- B. No
正解: B
解説:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/working-with-compliance-manager
質問 97
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308








You need to ensure that a user named Allan Deyoung can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft 365 admin center.
正解:
解説:
See explanation below.
Explanation
* After signing in to the Microsoft 365 admin center, navigate to the Security & Compliance Center.
* In the left pane of the security and compliance center, select Permissions, and then select the checkbox next to eDiscovery Manager.
* On the eDiscovery Manager flyout page, do one of the following based on the eDiscovery permissions that you want to assign.
To make a user an eDiscovery Manager: Next to eDiscovery Manager, select Edit. In the Choose eDiscovery Manager section, select the Choose eDiscovery Manager hyperlink, and then select + Add.
Select the user (or users) you want to add as an eDiscovery manager, and then select Add. When you're finished adding users, select Done. Then, on the Editing Choose eDiscovery Manager flyout page, select Save to save the changes to the eDiscovery Manager membership.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwi
質問 98
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You add internal as a blocked word in the group naming policy for contoso.com.
You add Contoso- as prefix in the group naming policy for contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
User Admin and Global Admin are exempt from group password policies.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/solutions/groups-naming-policy?view=o365-worldwide
質問 99
You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown in the following table.
Policy1 if configured as showing in the following exhibit.
Policy2 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies?redirectSourcePath=%252fen-us%252farticle%252fOverview-of-retention-policies-5e377752-700d-4870-9b6d-12bfc12d2423#the-principles-of-retention-or-what-takes-precedence
質問 100
How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 101
......
MS-500豪華セット学習ガイドにはオンライン試験エンジン:https://jp.fast2test.com/MS-500-premium-file.html
MS-500テスト準備トレーニング練習試験問題練習テスト:https://drive.google.com/open?id=1Dd0BQJD6TY7yKtagANZgqTGQhCmYsrAs