최신 MS-500 무료덤프 - Microsoft 365 Security Administration
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1. The review has the following settings:
Review name: Review1
Start date: 01-15-2020
Frequency: One time
End date: 02-14-2020
Users to review: Assigned to an application
Scope: Everyone
Applications: App1
Reviewers: Members (self)
Auto apply results to resource: Enable
Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1. The review has the following settings:
Review name: Review1
Start date: 01-15-2020
Frequency: One time
End date: 02-14-2020
Users to review: Assigned to an application
Scope: Everyone
Applications: App1
Reviewers: Members (self)
Auto apply results to resource: Enable
Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Graphical user interface, text Description automatically generated
Your company has two departments named department and department2 and a Microsoft 365 E5 subscription.
You need to prevent communication between the users in department1 and the users in department2.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets.
Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to prevent communication between the users in department1 and the users in department2.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets.
Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation
You have a Microsoft 365 E5 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Azure AD Identity Protection alerts for contoso.com are configured as shown in the following exhibit.
A user named User1 is configured to receive alerts from Azure AD Identity Protection.
You create users in contoso.com as shown in the following table.
The users perform the sign-ins shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Box 1: No
User1 will receive the two alerts classified as medium or higher.
Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 2: No
User2 will receive the two alerts classified as medium or higher.
Email alerts are sent to all global admins, security admins and security readers Sign-ins from infected device is classified as low. This risk detection identifies IP addresses, not user devices.
If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is why this risk detection is classified as Low.
Box 3: No
User3 will not receive alters.
Email alerts are sent to all global admins, security admins and security readers.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-r
You create a data loss prevention (DLP) policy as shown in the following shown:
What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?
What is the effect of the policy when a user attempts to send an email messages that contains sensitive information?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have multiple Microsoft 365 subscriptions.
You need to build an application that will retrieve the Microsoft Secure Score data of each subscription.
What should you use?
You need to build an application that will retrieve the Microsoft Secure Score data of each subscription.
What should you use?
정답: A
You have a Microsoft 365 Enterprise E5 subscription.
You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator.
What is a prerequisite for running Attack simulator?
You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator.
What is a prerequisite for running Attack simulator?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 subscription.
You have a Microsoft SharePoint Online site named Site1.
The files in Site1 are protected by using Microsoft Azure Information Protection.
From the Security & Compliance admin center, you create a label that designates personal data.
You need to auto-apply the new label to all the content in Site1.
What should you do first?
You have a Microsoft SharePoint Online site named Site1.
The files in Site1 are protected by using Microsoft Azure Information Protection.
From the Security & Compliance admin center, you create a label that designates personal data.
You need to auto-apply the new label to all the content in Site1.
What should you do first?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.
You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks:
Create and run playbooks.
Manage incidents.
The solution must use the principle of least privilege.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks:
Create and run playbooks.
Manage incidents.
The solution must use the principle of least privilege.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: C,E
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 tenant that contains three users named User1, User2, and User3.
You need to assign roles or role groups to the users as shown in the following table.
What should you use to assign a role or role group to each user? To answer, drag the appropriate tools to the correct roles or role groups. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to assign roles or role groups to the users as shown in the following table.
What should you use to assign a role or role group to each user? To answer, drag the appropriate tools to the correct roles or role groups. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Graphical user interface, text, application, chat or text message Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-com
Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed.
You have a Microsoft Azure subscription.
You are deploying Azure Advanced Threat Protection (ATP)
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Azure subscription.
You are deploying Azure Advanced Threat Protection (ATP)
You install an Azure ATP standalone sensor on a server named Server1 that runs Windows Server 2016.
You need to integrate the VPN and Azure ATP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-AuditConfig -Workload Exchange command.
Does that meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-AuditConfig -Workload Exchange command.
Does that meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which policies apply to which devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
NOTE: Each correct selection is worth one point.
정답:
Explanation
You have a Microsoft 365 subscription named contofco.com
You need to configure Microsoft OneDrive for Business external sharing to meet the following requirements:
* Enable flic sharing for users that rave a Microsoft account
* Block file sharing for anonymous users.
What should you do?
You need to configure Microsoft OneDrive for Business external sharing to meet the following requirements:
* Enable flic sharing for users that rave a Microsoft account
* Block file sharing for anonymous users.
What should you do?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 165 E5 subscription.
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?
정답: C