최신 MS-500 무료덤프 - Microsoft 365 Security Administration
You have a Microsoft 365 subscription.
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and syncing files.
What should you do?
Some users access Microsoft SharePoint Online from unmanaged devices.
You need to prevent the users from downloading, printing, and syncing files.
What should you do?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 subscription that contains a security group named Group1 and the users shown in the following table.
You assign the Compliance Manager roles to the users as shown in the following table.
You add two assessments to Compliance Manager as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You assign the Compliance Manager roles to the users as shown in the following table.
You add two assessments to Compliance Manager as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Text Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-assessments?view=o365-world
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You add internal as a blocked word in the group naming policy for contoso.com.
You add Contoso- as prefix in the group naming policy for contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You add internal as a blocked word in the group naming policy for contoso.com.
You add Contoso- as prefix in the group naming policy for contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation
User Admin and Global Admin are exempt from group password policies.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/solutions/groups-naming-policy?view=o365-worldwide
You have a Microsoft SharePoint Online sire named Site1 that contains the files shown in the following table.
You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.
You apply DLP1 to Site1.
Which policy tips will appear for File2?
You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.
You apply DLP1 to Site1.
Which policy tips will appear for File2?
정답: B
You have a Microsoft 365 subscription that contains 1,000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You start a message trace, and then create a Data Subject request (DSR) case.
Does this meet the goal?
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You start a message trace, and then create a Data Subject request (DSR) case.
Does this meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 subscription that contains the users shown in the following table.
You implement Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
From PIM, you review the Application Administrator role and discover the users shown in the following table.
The Application Administrator role is configured to use the following settings in PIM:
Maximum activation duration: 1 hour
Notifications: Disable
Incident/Request ticket: Disable
Multi-Factor Authentication: Disable
Require approval: Enable
Selected approver: No results
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You implement Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
From PIM, you review the Application Administrator role and discover the users shown in the following table.
The Application Administrator role is configured to use the following settings in PIM:
Maximum activation duration: 1 hour
Notifications: Disable
Incident/Request ticket: Disable
Multi-Factor Authentication: Disable
Require approval: Enable
Selected approver: No results
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation
You have a Microsoft 365 subscription.
Your company uses Jamf Pro to manage macOS devices.
You plan to create device compliance policies for the macOS devices based on the Jamf Pro data.
You need to connect Microsoft Endpoint Manager to Jamf Pro.
What should you do first?
Your company uses Jamf Pro to manage macOS devices.
You plan to create device compliance policies for the macOS devices based on the Jamf Pro data.
You need to connect Microsoft Endpoint Manager to Jamf Pro.
What should you do first?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have multiple Microsoft 365 subscriptions.
You need to build an application that will retrieve the Microsoft Secure Score data of each subscription.
What should you use?
You need to build an application that will retrieve the Microsoft Secure Score data of each subscription.
What should you use?
정답: A
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table.
The domain is synced to an Azure AD tenant that contains the groups shown in the following table.
You create a sensitivity label named Label1.
You need to publish Label1.
To which groups can you publish Label1? To answer, se
NOTE: Each correct selection is worth one point.
The domain is synced to an Azure AD tenant that contains the groups shown in the following table.
You create a sensitivity label named Label1.
You need to publish Label1.
To which groups can you publish Label1? To answer, se
NOTE: Each correct selection is worth one point.
정답:
Explanation
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Box 1: No
User1 will receive the two alerts classified as medium or higher.
Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 2: No
User2 will receive the two alerts classified as medium or higher.
Email alerts are sent to all global admins, security admins and security readers Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 3: No
User3 will not receive alters.
Email alerts are sent to all global admins, security admins and security readers.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-r
Your company has 500 computers.
You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives.
You need to recommend a remediation solution that meets the following requirements:
Windows Defender ATP administrators must manually approve all remediation for the executives Remediation must occur automatically for all other users What should you recommend doing from Windows Defender Security Center?
You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives.
You need to recommend a remediation solution that meets the following requirements:
Windows Defender ATP administrators must manually approve all remediation for the executives Remediation must occur automatically for all other users What should you recommend doing from Windows Defender Security Center?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 subscription that includes a user named User1.
You have a conditional access policy that applies to Microsoft Exchange Online. The conditional access policy is configured to use Conditional Access App Control.
You need to create a Microsoft Cloud App Security policy that blocks User1 from printing from Exchange Online.
Which type of Cloud App Security policy should you create?
You have a conditional access policy that applies to Microsoft Exchange Online. The conditional access policy is configured to use Conditional Access App Control.
You need to create a Microsoft Cloud App Security policy that blocks User1 from printing from Exchange Online.
Which type of Cloud App Security policy should you create?
정답: C
You have a Microsoft 365 subscription.
You receive a General Data Protection Regulation (GDPR) request for the custom dictionary of a user.
From the Compliance admin center you need to create a content search.
How should you configure the content search1?
You receive a General Data Protection Regulation (GDPR) request for the custom dictionary of a user.
From the Compliance admin center you need to create a content search.
How should you configure the content search1?
정답: D
You create a data loss prevention (DLP) policy as shown in the following shown:
What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?
What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You need to implement Windows Defender ATP to meet the security requirements. What should you do?
정답: A
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-config
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-change
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a tower risk level.
Solution: From the Access settings, you select Block access for User1.
Does this meet the goal?
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a tower risk level.
Solution: From the Access settings, you select Block access for User1.
Does this meet the goal?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You plan to add a file named ConfidentialHR.docx to a Microsoft SharePoint library.
You need to ensure that a user named Megan Bowen is notified when another user accesses ConfidentialHR.xlsx.
To complete this task, sign in to the Microsoft 365 portal.
You need to ensure that a user named Megan Bowen is notified when another user accesses ConfidentialHR.xlsx.
To complete this task, sign in to the Microsoft 365 portal.
정답:
See explanation below.
Explanation
You need to configure an alert policy.
Go to the Security & Compliance Admin Center.
Navigate to Alerts > Alert Policies.
Click on + New alert policy to create a new policy.
Give the policy a name and select a severity level. For example: Medium.
In the Category section, select Information Governance and click Next.
In the Select an activity section, select Any file or folder activity.
Click Add a condition and select File name.
Type in the filename ConfidentialHR.xlsx and click Next.
In the email recipients section, add Megan Bowen and click Next.
Click Finish to create the alert policy.
Explanation
You need to configure an alert policy.
Go to the Security & Compliance Admin Center.
Navigate to Alerts > Alert Policies.
Click on + New alert policy to create a new policy.
Give the policy a name and select a severity level. For example: Medium.
In the Category section, select Information Governance and click Next.
In the Select an activity section, select Any file or folder activity.
Click Add a condition and select File name.
Type in the filename ConfidentialHR.xlsx and click Next.
In the email recipients section, add Megan Bowen and click Next.
Click Finish to create the alert policy.