MS-500 Microsoft 365 Security Administration exams demo

QUESTION 1
You need to create Group2.
What are two possible ways to create the group?
A. an Office 365 group in the Microsoft 365 admin center
B. a mail-enabled security group in the Microsoft 365 admin center
C. a security group in the Microsoft 365 admin center
D. a distribution list in the Microsoft 365 admin center
E. a security group in the Azure AD admin center
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which IP address space should you include in the Trusted IP MFA configuration?
A. 131.107.83.0/28
B. 192.168.16.0/20
C. 172.16.0.0/24
D. 192.168.0.0/20
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
.

.

.

.

QUESTION 4
You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.
What should you include in the recommendation?
A. a device compliance policy
B. an access review
C. a user risk policy
D. a sign-in risk policy
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy
QUESTION 5
You need to resolve the issue that generates the automated email messages to the IT team.
Which tool should you run first?
A. Synchronization Service Manager
B. Azure AD Connect wizard
C. Synchronization Rules Editor
D. IdFix
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
References:
.

.

.

.
Question Set 4
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD)
tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant.
Azure AD Connect has the following settings:
Source Anchor: objectGUID
Password Hash Synchronization: Disabled
Password writeback: Disabled
Directory extension attribute sync: Disabled
Azure AD app and attribute filtering: Disabled
Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?
A. Yes
B. No
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD)
tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant.
Azure AD Connect has the following settings:
Source Anchor: objectGUID
Password Hash Synchronization: Disabled
Password writeback: Disabled
96CE4376707A97CE80D4B1916F054522
Directory extension attribute sync: Disabled
Azure AD app and attribute filtering: Disabled
Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?
A. Yes
B. No
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/security/azure-ad-secure-steps
QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD)
tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant.
Azure AD Connect has the following settings:
Source Anchor: objectGUID
Password Hash Synchronization: Disabled
Password writeback: Disabled
Directory extension attribute sync: Disabled
Azure AD app and attribute filtering: Disabled
Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?
A. Yes
B. No
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference: