無料Microsoft MS-500学習ガイド試験問題と解答
MS-500試験問題集、MS-500練習テスト問題
MS-500の認定試験は英語、日本語、中国語(簡体字)、韓国語、スペイン語のいずれかで提供される多肢選択問題から成り立ちます。この試験は、Microsoft 365のセキュリティとコンプライアンス機能及びその実装に深い理解を持った候補者が必要な、挑戦的かつ包括的な試験です。
Microsoft MS-500(Microsoft 365 Security Administration)認定試験は、Microsoft 365エンタープライズ環境を管理および保護するために必要なスキルと知識を検証するように設計されています。この試験は、Microsoft 365でセキュリティおよびコンプライアンスソリューションの実装と管理を担当するIT専門家向けです。この試験では、アイデンティティとアクセス管理、脅威保護、情報保護、ガバナンスとコンプライアンスなどのトピックを対象としています。この試験に合格することにより、ITの専門家は、今日のますますデジタル世界に設定された重要なスキルである安全なMicrosoft 365環境を実装および維持する習熟度を実証できます。
質問 # 170
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. OneDrive stores files that are shared with external users. The files are configured as shown in the following table.
You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:
* Rulel:
* Conditions: Label 1, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 0
* Rule2:
* Conditions: Label 1 or Label2
* Actions: Restrict access to the content
* Priority: 1
* Rule3:
* Conditions: Label2, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 171
You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active Directory (Azure AD) tenant as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#when-office-apps-apply-content-marking-and-encryption
質問 # 172
Your company has a Microsoft 365 subscription, a Microsoft Azure subscription, and an Azure Active Directory (Azure AD) tenant named contoso.com.
The company has the offices shown in the following table.
The tenant contains the users shown in the following table.
You create the Microsoft Cloud App Security policy shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 173
You have an Azure Active Directory (Azure AD) tenant named Contoso.com that contains the users shown in the following table.
The User Administrator role is configured in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.
You make User4 eligible for the User Administrator role.
For each of the following statements, Select Yes if the Statement is true. Otherwise, select No./ NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 174
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.
You have the Privileged Access settings configured as shown in the following exhibit.
You have a privileged access policy that has the following settings:
* Policy name: New Transport Rule
* Policy type: Task
* Policy scope Exchange
* Approval Type: Manual
* Approver group: Group 1
User1 requests access to the New Transport Rule policy for a duration of two hours.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 175
You have a Microsoft 365 subscription.
You create a retention policy and apply the policy to Exchange Online mailboxes.
You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible.
What should you do?
- A. From Exchange Online PowerShell, run Start-ManagedFolderAssistant
- B. From the Security & Compliance admin center, create a data loss prevention (DLP) policy
- C. From Exchange Online PowerShell, run Start-RetentionAutoTagLearning
- D. From the Security & Compliance admin center, create a label policy
正解:D
解説:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
質問 # 176
You have a Microsoft 365 subscription that contains the users shown in the following table.
Group1 is member of a group named Group3.
The Azure Active Directory (Azure AD) tenant contains the Windows 10 devices shown in the following table.
Microsoft Endpoint Manager has the devices shown in the following table.
Microsoft Endpoint Manager contains the compliance policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 177
You have a Microsoft 365 subscription that include three users named User1, User2, and User3.
A file named File1.docx is stored in Microsoft OneDrive. An automated process updates File1.docx every minute.
You create an alert policy named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies
質問 # 178
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308








You need to ensure that a user named Allan Deyoung uses multi-factor authentication (MFA) for all authentication requests.
To complete this task, sign in to the Microsoft 365 admin center.
正解:
解説:
See explanation below.
Explanation
1. Open the Admin Center and go to Users > Active Users
2. Open Multi-factor authentication
Don't select any user yet, just open the Multi-factor authentication screen. You will find the button in the toolbar.
3. Open the Service settingsBefore we start enabling MFA for the users, we first go through the service settings. The button to the settings screen doesn't stand out, but it's just below the title
4. Setup MFA Office 365
A few settings are important here:
* Make sure you check the App password. Otherwise, users can't authenticate in some applications (like the default mail app in Android).
* Also, take a look at the remember function. By default, it is set to 14 days.
5. Enable MFA for Office 365 users
After you have set the settings to your liking click on save and then on users (just below the title Multi-factor authentication).
You see the list of your users again. Here you can select single or multiple users to enable MFA.
At the moment you enable Office 365 MFA for a user it can get the setup screen as soon as the users browse to one of the Office 365 products.
Reference:
https://lazyadmin.nl/office-365/how-to-setup-mfa-in-office-365/
質問 # 179
You have a Microsoft 365 subscription.
You have a site collection named SiteCollection1 that contains a site named Site2. Site2 contains a document library named Customers.
Customers contains a document named Litware.docx. You need to remove Litware.docx permanently.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
質問 # 180
You have an on-premises Hyper-V infrastructure that contains the following:
An Active Directory domain
A domain controller named Server1
A member server named Server2
A security policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.
You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.
What should you configure on each server? To answer, drag the appropriate components to the correct servers. Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 181
You have a Microsoft 365 subscription.
You enable auditing for the subscription.
You plan to provide a user named Auditor with the ability to review audit logs.
You add Auditor to the Global administrator role group.
Several days later, you discover that Auditor disabled auditing.
You remove Auditor from the Global administrator role group and enable auditing.
You need to modify Auditor to meet the following requirements:
* Be prevented from disabling auditing
* Use the principle of least privilege
* Be able to review the audit log
To which role group should you add Auditor?
- A. Security operator
- B. Security administrator
- C. Security reader
- D. Compliance administrator
正解:A
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance- center
質問 # 182
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit.
The synchronization schedule is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 183
Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed.
You have a Microsoft Azure subscription.
You are deploying Azure Advanced Threat Protection (ATP)
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn
質問 # 184
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1.
You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two actions should you use in the search? To answer, select the appropriate activities in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation

References:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance
質問 # 185
You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active Directory (Azure AD) tenant as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#when-office-apps-apply-content-marking-and-encryption
質問 # 186
Which IP address space should you include in the MFA configuration?
- A. 192.168.0.0/20
- B. 192.168.16.0/20
- C. 131.107.83.0/28
- D. 172.16.0.0/24
正解:B
解説:
Topic 2, Fabrikam inc.
Overview
Fabrikam, Inc. is manufacturing company that sells products through partner retail stores. Fabrikam has 5,000 employees located in offices throughout Europe.
Existing Environment
Network Infrastructure
The network contains an Active Directory forest named fabrikam.com. Fabrikam has a hybrid Microsoft Azure Active Directory (Azure AD) environment.
The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription.
Problem Statements
Fabrikam identifies the following issues:
* Since last Friday, the IT team has been receiving automated email messages that contain "Unhealthy Identity Synchronization Notification" in the subject line.
* Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming.
Requirements
Planned Changes
Fabrikam plans to implement the following changes:
* Fabrikam plans to monitor and investigate suspicious sign-ins to Active Directory
* Fabrikam plans to provide partners with access to some of the data stored in Microsoft 365 Application Administration Fabrikam identifies the following application requirements for managing workload applications:
* User administrators will work from different countries
* User administrators will use the Azure Active Directory admin center
* Two new administrators named Admin1 and Admin2 will be responsible for managing Microsoft Exchange Online only Security Requirements Fabrikam identifies the following security requirements:
* Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed
* Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement
* Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations
* Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory
* Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location
* The location of the user administrators must be audited when the administrators authenticate to Azure AD
* Email messages that include attachments containing malware must be delivered without the attachment
* The principle of least privilege must be used whenever possible
質問 # 187
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend removing User1 from the Compliance Manager Contributor role.
Does this meet the goal?
- A. No
- B. Yes
正解:A
解説:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/working-with-compliance-manager
質問 # 188
You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From the Cloud App Security admin center, create a file policy.
- B. From the Security & Compliance admin center, publish a label.
- C. From the SharePoint admin center, modify the Site Settings.
- D. From the SharePoint admin center, modify the records management settings.
- E. From the SharePoint & Compliance admin center, create a label.
正解:B、E
解説:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/protect-sharepoint-online-files-with-office-365-la
質問 # 189
You have a Microsoft 365 subscription.
You identify the following data loss prevention (DLP) requirements:
* Send notifications to users if they attempt to send attachments that contain EU social security numbers
* Prevent any email messages that contain credit card numbers from being sent outside your organization
* Block the external sharing of Microsoft OneDrive content that contains EU passport numbers
* Send administrators email alerts if any rule matches occur.
What is the minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in the answer area.
正解:
解説:
質問 # 190
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback
質問 # 191
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.
You have the Privileged Access settings configured as shown in the following exhibit.
You have a privileged access policy that has the following settings:
* Policy name: New Transport Rule
* Policy type: Task
* Policy scope Exchange
* Approval Type: Manual
* Approver group: Group 1
User1 requests access to the New Transport Rule policy for a duration of two hours.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 192
Note: This question is part of a series of questions thatpresent the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question inthis section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User5.
Does this meet the goal?
- A. No
- B. Yes
正解:A
質問 # 193
......
最新のMS-500実際の無料試験問題は更新された329問があります:https://jp.fast2test.com/MS-500-premium-file.html
検証済みMS-500問題集PDF資料 [2023年更新]:https://drive.google.com/open?id=1Dd0BQJD6TY7yKtagANZgqTGQhCmYsrAs