2024年最新ののMicrosoft MS-500リアル試験問題集PDF
MS-500試験問題集、MS-500練習テスト問題
質問 # 176
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit.
The synchronization schedule is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 177
You need to ensure that unmanaged mobile devices are quarantined when the devices attempt to connect to Exchange Online.
To complete this task, sign in to the Microsoft 365 portal.
正解:
解説:
You need to configure the Exchange ActiveSync Access Settings.
Go to the Exchange admin center.
Click on Mobile in the left navigation pane.
On the Mobile Device Access page, click the Edit button in the Exchange ActiveSync Access Settings area.
Select the Quarantine option under When a mobile device that isn't managed by a rule or personal exemption connects to Exchange.
Optionally, you can configure notifications to be sent to administrators and a message to be sent to the mobile device user when a device is quarantined.
Click Save to save the changes.
質問 # 178
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You add internal as a blocked word in the group naming policy for contoso.com.
You add Contoso- as prefix in the group naming policy for contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
User Admin and Global Admin are exempt from group password policies.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/solutions/groups-naming-policy?view=o365-worldwide
質問 # 179
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Threat Protection (ATP) by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?
- A. Configure auditing in the Office 365 Security & Compliance center.
- B. Integrate SIEM and Azure ATP.
- C. Turn off Delayed updates for the Azure ATP sensors.
- D. Modify the Domain synchronizer candidate's settings on the Azure ATP sensors.
正解:D
解説:
Explanation
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5
質問 # 180
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports.
The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend modifying the licenses assigned to User5.
Does this meet the goal?
- A. Yes
- B. No
正解:A
質問 # 181
You have a Microsoft 165 ES subscription that contains users named User 1 and User2?
You have the audit log retention requirements shown in the following table.
You need to create audit retention policies to meet the requirements. The solution must minimize cost and the number of policies.
What is the minimum number of audit retention policies that you should create?
- A. 0
- B. 1
- C. 2
- D. 3
正解:C
質問 # 182
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true
-AdminAuditLogCmdlets *Mailbox* command.
Does that meet the goal?
- A. Yes
- B. No
正解:B
解説:
Reference:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/setadminauditlogconfig?view=exchange-ps
質問 # 183
You have an Azure subscription and a Microsoft 365 subscription.
You need to perform the following actions:
Deploy Azure Sentinel.
Collect the Microsoft 365 activity log by using Azure Sentinel.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
Graphical user interface, text, application, chat or text message Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
質問 # 184
You view Compliance Manager as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/meet-data-protection-and-regulatory-reqs-using-m
質問 # 185
You have an Azure Sentinel workspace.
You need to manage incidents based on alerts generated by Microsoft Cloud App Security.
What should you do first?
- A. From the Cloud App Security admin center, configure log collectors.
- B. From the Microsoft 365 compliance center, add and configure a data connector.
- C. From the Cloud App Security admin center, configure security extensions.
- D. From the Cloud App Security admin center, configure app connectors.
正解:C
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinel
質問 # 186
Several users in your Microsoft 365 subscription report that they received an email message without the attachment.
You need to review the attachments that were removed from the messages.
Which two tools can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. the Azure ATP admin center
- B. Microsoft Azure Security Center
- C. the Security & Compliance admin center
- D. Outlook on the web
- E. the Exchange admin center
正解:C、E
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/manage-quarantined-messages-and-files
質問 # 187
You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 188
Your company has a Microsoft 365 subscription that contains the users shown in the following table.
The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP).
Windows Defender ATP includes the roles shown in the following table:
Windows Defender ATP contains the machine groups shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 189
You have a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) deployment that has the custom network indicators turned on. Microsoft Defender ATP protects two computers that run Windows
10 as shown in the following table.
Microsoft Defender ATP has the machine groups shown in the following table.
From Microsoft Defender Security Center, you create the URLs/Domains indicators shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 190
You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.
You need to identify the following:
* Rules that are applied without Triggering a policy alert
* The top 10 files that have matched DLP policies
* Alerts that are miscategorized
Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 191
You need to meet the technical requirements for User9. What should you do?
- A. Assign the Privileged administrator role to User9 and configure a mobile phone number for User9
- B. Assign the Global administrator role to User9
- C. Assign the Security administrator role to User9
- D. Assign the Compliance administrator role to User9 and configure a mobile phone number for User9
正解:A
解説:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-give-access-to-pim
質問 # 192
You haw a Microsoft 365 subscription that contains the users shown in the following table.
You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4.
Solution: You enable SSPR for Group3.
.
Does this meet the goal?
- A. Yes
- B. No
正解:B
解説:
Explanation
By default, self-service password reset is enabled for Directory writers and Security administrator but not for Azure Information Protection administrators and Cloud application administrators. Therefore, we must enable SSPR for User3 by applying it to Group2 and not Group3 as User4 is in Group3. User4 would thus be affected if we enable it on Group3.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-p
質問 # 193
You have a Microsoft 365 subscription that contains 1,000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You start a message trace, and then create a Data Subject request (DSR) case.
Does this meet the goal?
- A. Yes
- B. No
正解:B
解説:
Explanation
References:
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019
質問 # 194
You have a Microsoft 365 ES subscription linked to an Azure Active Directory (Azure AD) tenant The tenant contains a user named User1 and multiple Windows 10 devices. The deuces are Azure AD joined and protected by using BitLocker Drive Encryption (BitLocker).
You need to ensure that User1 can perform tip following actions:
View BitLocker recovery keys.
Configure the usage location for the users in tenant.
The solution must use the principle of least privilege.
Which two roles should you assign to User' in the Microsoft 365 admin center? To answer, select the appropriate roles in the answer area.
Each correct selection is one point.
正解:
解説:
質問 # 195
You have an Azure Sentinel workspace.
You configure a rule to generate Azure Sentinel alerts when Azure Active Directory (Azure AD) Identity Protection detects risky sign-ins. You develop an Azure Logic Apps solution to contact users and verify whether reported risky sign-ins are legitimate.
You need to configure the workspace to meet the following requirements:
Call the Azure logic app when an alert is triggered for a risky sign-in.
To the Azure Sentinel portal, add a custom dashboard that displays statistics for risky sign-ins that are detected and resolved.
What should you configure in Azure Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
質問 # 196
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
The User Administrator role is configured in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.
You make User4 eligible for the User Administrator role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 197
You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active Directory (Azure AD) tenant as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide
質問 # 198
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. OneDrive stores files that are shared with external users. The files are configured as shown in the following table.
You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:
* Rulel:
* Conditions: Label 1, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 0
* Rule2:
* Conditions: Label 1 or Label2
* Actions: Restrict access to the content
* Priority: 1
* Rule3:
* Conditions: Label2, Detect content that's shared with people outside my organization
* Actions: Restrict access to the content for external users
* User notifications: Notify the user who last modified the content
* User overrides: On
* Priority: 2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 199
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308








You need to ensure that a user named Allan Deyoung can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft 365 admin center.
正解:
解説:
* After signing in to the Microsoft 365 admin center, navigate to the Security & Compliance Center.
* In the left pane of the security and compliance center, select Permissions, and then select the checkbox next to eDiscovery Manager.
* On the eDiscovery Manager flyout page, do one of the following based on the eDiscovery permissions that you want to assign.
To make a user an eDiscovery Manager: Next to eDiscovery Manager, select Edit. In the Choose eDiscovery Manager section, select the Choose eDiscovery Manager hyperlink, and then select + Add. Select the user (or users) you want to add as an eDiscovery manager, and then select Add. When you're finished adding users, select Done. Then, on the Editing Choose eDiscovery Manager flyout page, select Save to save the changes to the eDiscovery Manager membership.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwi
質問 # 200
......
Microsoft MS-500試験は、複数選択問題から構成され、候補者がMicrosoft 365環境でセキュリティソリューションを実装および管理できる能力をテストするために設計されています。この試験は、システム管理者、セキュリティ管理者、およびITプロフェッショナルを含む情報技術とセキュリティの経験を持つ個人を対象としています。Microsoft MS-500試験に合格することは、セキュリティ脅威がますます顕著になっている現代のビジネス世界において、Microsoft 365環境を管理および保護する能力を示すことになります。
PDF問題(2024年最新)実際のMicrosoft MS-500試験問題:https://jp.fast2test.com/MS-500-premium-file.html
問題集返金保証付きのMS-500問題集には90%オフ:https://drive.google.com/open?id=1Dd0BQJD6TY7yKtagANZgqTGQhCmYsrAs