Microsoft 365 Security Administration v1.0 (MS-500)

Page:    1 / 12   
Total 168 questions

You have a hybrid Microsoft Exchange Server organization. All users have Microsoft 365 E5 licenses.
You plan to implement an Advanced Threat Protection (ATP) anti-phishing policy.
You need to enable mailbox intelligence for all users.
What should you do first?

  • A. Configure attribute filtering in Microsoft Azure Active Directory Connect (Azure AD Connect)
  • B. Purchase the ATP add-on
  • C. Select Directory extension attribute sync in Microsoft Azure Active Directory Connect (Azure AD Connect)
  • D. Migrate the on-premises mailboxes to Exchange Online


Answer : D

References:
https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies

HOTSPOT -
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Four Windows 10 devices are joined to the tenant as shown in the following table.


On which devices can you use BitLocker To Go and on which devices can you turn on auto-unlock? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.


You register devices in contoso.com as shown in the following table.

You create app protection policies in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

References:
https://docs.microsoft.com/en-us/intune/apps/app-protection-policy

DRAG DROP -
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. All the devices in the tenant are managed by using Microsoft Endpoint Manager.
You purchase a cloud app named App1 that supports session controls.
You need to ensure that access to App1 can be reviewed in real time.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:




Answer :

Reference:
https://docs.microsoft.com/en-us/cloud-app-security/access-policy-aad

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.
You need to allow a user named User1 to view ATP reports in the Threat management dashboard.
Which role provides User1 with the required role permissions?

  • A. Security reader
  • B. Reports reader
  • C. Information Protection administrator
  • D. Exchange administrator


Answer : A

Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-worldwide#what-permissions-are-needed-to-view-the- atp-reports

You have a Microsoft 365 Enterprise E5 subscription.
You use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). You plan to use Microsoft Office 365 Attack simulator.
What is a prerequisite for running Attack simulator?

  • A. Enable multi-factor authentication (MFA)
  • B. Configure Office 365 Advanced Threat Protection (ATP)
  • C. Create a Conditional Access App Control policy for accessing Office 365
  • D. Integrate Office 365 Threat Intelligence and Microsoft Defender ATP


Answer : A

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulator

You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization.
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email addresses that you intend to spoof belong to the Executive group members.
What should you do first?

  • A. From the Azure ATP admin center, configure the primary workspace settings
  • B. From the Microsoft Azure portal, configure the user risk policy settings in Azure AD Identity Protection
  • C. Enable MFA for the Research group members
  • D. Migrate the Executive group members to Exchange Online


Answer : C

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulator

You have a Microsoft 365 E5 subscription.
You implement Advanced Threat Protection (ATP) safe attachments policies for all users.
User reports that email messages containing attachments take longer than expected to be received.
You need to reduce the amount of time it takes to receive email messages that contain attachments. The solution must ensure that all attachments are scanned for malware. Attachments that have malware must be blocked.
What should you do from ATP?

  • A. Set the action to Block
  • B. Add an exception
  • C. Add a condition
  • D. Set the action to Dynamic Delivery


Answer : D

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/dynamic-delivery-and-previewing

HOTSPOT -
Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed.
You have a Microsoft Azure subscription.
You are deploying Azure Advanced Threat Protection (ATP).
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn

HOTSPOT -
You have a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) deployment that has the custom network indicators turned on. Microsoft
Defender ATP protects two computers that run Windows 10 as shown in the following table.


Microsoft Defender ATP has the machine groups shown in the following table.

From Microsoft Defender Security Center, you create the URLs/Domains indicators shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

SIMULATION -
You need to ensure that a user named Allan Deyoung uses multi-factor authentication (MFA) for all authentication requests.
To complete this task, sign in to the Microsoft 365 admin center.



Answer : See explanation below.

Explanation:
1. Open the Admin Center and go to Users > Active Users
2. Open Multi-factor authentication
Don’t select any user yet, just open the Multi-factor authentication screen. You will find the button in the toolbar.


3. Open the Service settings
Before we start enabling MFA for the users, we first go through the service settings. The button to the settings screen doesn’t stand out, but it’s just below the title

4. Setup MFA Office 365
A few settings are important here:
-> Make sure you check the App password. Otherwise, users can’t authenticate in some applications (like the default mail app in Android).
Also, take a look at the remember function. By default, it is set to 14 days.


5. Enable MFA for Office 365 users
After you have set the settings to your liking click on save and then on users (just below the title Multi-factor authentication).
You see the list of your users again. Here you can select single or multiple users to enable MFA.
At the moment you enable Office 365 MFA for a user it can get the setup screen as soon as the users browse to one of the Office 365 products.

Reference:
https://lazyadmin.nl/office-365/how-to-setup-mfa-in-office-365/

SIMULATION -
You need to ensure that all links to malware.contoso.com within documents stored in Microsoft Office 365 are blocked when the documents are accessed from
Office 365 ProPlus applications.
To complete this task, sign in to the Microsoft 365 admin center.



Answer : See explanation below.

Explanation:
1. After signing in to the Microsoft 365 admin center, navigate to Threat management, choose Policy > Safe Links.
2. In the Policies that apply to the entire organization section, select Default, and then choose Edit (the Edit button resembles a pencil).


3. In the Block the following URLs section, add the malware.contoso.com link.
4. In the Settings that apply to content except email section, select all the options.
5. Choose Save.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-worldwide

SIMULATION -
You need to protect against phishing attacks. The solution must meet the following requirements:
-> Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
-> As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.



Answer : See explanation below.

Explanation:
1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.
2. Select Default Policy to refine it.
3. In the Impersonation section, select Edit.
4. Go to Add domains to protect and select the toggle to automatically include the domains you own.
5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the Quarantine message action.
Open the drop-down If email is sent by an impersonated domain and choose the Quarantine message action.
6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.
7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.
8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.
9. Choose Review your settings, make sure everything is correct, select Save, then Close.
Reference:
https://support.office.com/en-us/article/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a-9151-f7176cce4f2c#ID0EAABAAA=Try_it
!
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#example-anti-phishing-policy-to- protect-a-user-and-a-domain

Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table.


You plan to implement Azure Advanced Threat Protection (ATP) for the domain.
You install an Azure ATP standalone sensor on Server1.
You need to monitor the domain by using Azure ATP.
What should you do?

  • A. Configure port mirroring for Server1.
  • B. Install the Microsoft Monitoring Agent on DC1.
  • C. Install the Microsoft Monitoring Agent on Server1.
  • D. Configure port mirroring for DC1.


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-port-mirroring

An administrator plans to deploy several Azure Advanced Threat Protection (ATP) sensors.
You need to provide the administrator with the Azure information required to deploy the sensors.
What information should you provide?

  • A. an Azure Active Directory Authentication Library (ADAL) token
  • B. the public key
  • C. the access key
  • D. the URL of the Azure ATP admin center


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/workspace-portal

Page:    1 / 12   
Total 168 questions