Microsoft 365 Security Administration (MS-500) Free Practice Test
Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Active Directory domain named contoso.com.
You install and run Azure AD Connect on a server named Server1 that runs Windows Server.
You need to view Azure AD Connect events.
You use the Directory Service event log on Server1.
Does that meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Active Directory domain named contoso.com.
You install and run Azure AD Connect on a server named Server1 that runs Windows Server.
You need to view Azure AD Connect events.
You use the Directory Service event log on Server1.
Does that meet the goal?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 2
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2.
You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements:
Use the principle of least privilege
Enable User1 to view sync errors by using Azure AD Connect Health
Enable User2 to configure Azure Active Directory Connect Health Settings Which two roles should you assign?
You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements:
Use the principle of least privilege
Enable User1 to view sync errors by using Azure AD Connect Health
Enable User2 to configure Azure Active Directory Connect Health Settings Which two roles should you assign?
Correct Answer: A,C
Question 3
Refer to exhibit.
Microsoft Defender for Endpoint contains the incidents shown in the following table.
For each of the following statements, select yes if the statement is true. Otherwise. select No.
Microsoft Defender for Endpoint contains the incidents shown in the following table.
For each of the following statements, select yes if the statement is true. Otherwise. select No.
Correct Answer:
Explanation
Graphical user interface, application Description automatically generated
Question 4
You have a Microsoft 365 subscription that contains 1,000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You modify the privacy profile, and then create a Data Subject Request (DSR) case.
Does this meet the goal?
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending User5.
Solution: You modify the privacy profile, and then create a Data Subject Request (DSR) case.
Does this meet the goal?
Correct Answer: A
Question 5
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.
You receive the following alerts:
* Suspected Netlogon privilege elevation attempt
* Suspected Kerberos SPN exposure
* Suspected DCSync attack
To which stage of the cyber-attack kill chain does each alert map? To answer, drag the appropriate alerts to the correct stages. Each alert may be used once. more than once, or rot at all. You may need to drag the split bar between panes or scroll to view content
You receive the following alerts:
* Suspected Netlogon privilege elevation attempt
* Suspected Kerberos SPN exposure
* Suspected DCSync attack
To which stage of the cyber-attack kill chain does each alert map? To answer, drag the appropriate alerts to the correct stages. Each alert may be used once. more than once, or rot at all. You may need to drag the split bar between panes or scroll to view content
Correct Answer:
Explanation
Graphical user interface, application Description automatically generated
Question 6
You have a Microsoft Sentinel workspace that has an Azure Active Directory (Azure AD) connector and an Office 365 connector.
From the workspace, you plan to create an analytics rule that will be based on a custom query and will run a security play.
You need to ensure that you can add the security playbook and the custom query to the rule.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
From the workspace, you plan to create an analytics rule that will be based on a custom query and will run a security play.
You need to ensure that you can add the security playbook and the custom query to the rule.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Question 7
How should you configure Group3? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
Question 8
You have a Microsoft 365 E5 subscription that uses Privacy Risk Management in Microsoft Priva.
You need to review the personal data type instances that were detected in the subscription.
What should you use in the Microsoft Purview compliance portal?
You need to review the personal data type instances that were detected in the subscription.
What should you use in the Microsoft Purview compliance portal?
Correct Answer: B