Microsoft MS-500 - Microsoft 365 Security Administration Exam
Page: 1 / 71
Total 352 questions
Question #1 (Topic: Question Set 1)
You have several Conditional Access policies that block noncompliant devices from connecting to services.
You need to identify which devices are blocked by which policies.
What should you use?
You need to identify which devices are blocked by which policies.
What should you use?
A. the Setting compliance report in the Microsoft Endpoint Manager admin center
B. Sign-ins in the Azure Active Directory admin center
C. Activity log in the Cloud App Security portal
D. Audit logs in the Azure Active Directory admin center
Answer: B
Question #2 (Topic: Question Set 1)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?
A. Yes
B. No
Answer: B
Question #3 (Topic: Question Set 1)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?
A. Yes
B. No
Answer: A
Question #4 (Topic: Question Set 1)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?
A. Yes
B. No
Answer: B
Question #5 (Topic: Question Set 1)
HOTSPOT
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Click the Exhibit tab.)
In contoso.com, you create the users shown in the following table.
What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Click the Exhibit tab.)
In contoso.com, you create the users shown in the following table.
What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer: 
