MS-500

MS-500 Test 1

You're a subscriber to Microsoft 365.

You must recommend a biometric authentication method that does not require a password.

What should your advice include?

the Microsoft Authenticator app

Windows Hello for Business

a PIN

a smart card

Correct! Wrong!

The correct answer:
For Windows 10 devices, Windows Hello for Business introduces a new non-password credential. It employs 2FA/MFA, or multilayered security, which is far more difficult to circumvent than protection based just on the proper username and password combination.

You have an on-premises Active Directory domain and a Microsoft 365 subscription on your network.

You want to set up a hybrid Azure Active Directory (Azure AD) tenancy with Azure Active Directory Identity Protection risk policies enabled.

To support the planned deployment, you must configure Azure AD Connect.

Which authentication mechanism for Azure AD Connect should you use?

Federation with PingFederate

Pass-through authentication

Federation with AD FS

Password Hash Synchronization

Correct! Wrong!

The correct answer:
One of the sign-in methods used to achieve hybrid identity is password hash synchronization. Azure AD Connect synchronizes a hash of a user's password from an on-premises Active Directory instance to an Azure AD instance in the cloud.

You have a number of Conditional Access policies in place that prevent noncompliant devices from accessing services.
You'll need to figure out which policies are blocking particular devices.
What type of material should you use?

Sign-ins in the Azure Active Directory admin center

Activity log in the Cloud App Security admin center

Audit logs in the Azure Active Directory admin center

the Setting compliance report in the Microsoft Endpoint Manager admin center

Correct! Wrong!

The correct answer:
Sign-ins in the Azure Active Directory admin center

You're working in a Microsoft 365 hybrid environment. Microsoft Intune is used to manage all of the PCs, which run Windows 10.
Create a conditional access policy in Microsoft Azure Active Directory (Azure AD) that allows only Windows 10 computers marked as compliant to connect to the on-premises network through VPN.
What should you start with?

From Active Directory Administrative Center, create a Dynamic Access Control policy

From the Azure Active Directory admin center, create a new certificate

From the Azure Active Directory admin center, configure authentication methods

Enable Application Proxy in Azure AD

Correct! Wrong!

The correct answer:
From the Azure Active Directory admin center, create a new certificate

You are a subscriber to Microsoft 365 E5.
You must guarantee that users with the Exchange administrator role have time-limited rights and must request authorization using multi-factor authentication (MFA).
What method should you employ in order to reach your objective?

Microsoft Azure AD group management

Security & Compliance permissions

Microsoft Azure Active Directory (Azure AD) Privileged Identity Management

Microsoft Office 365 user management

Correct! Wrong!

The correct answer:
Microsoft Azure Active Directory (Azure AD) Privileged Identity Management

You're a subscriber to Microsoft 365.
You can create a new user via the Microsoft 365 admin center.
You intend to give the user the Reports reader role.
The permissions of the Reports reader role must be viewed.
Which administrative center should you go with?

Microsoft 365

Security & Compliance

Cloud App Security

Azure Active Directory

Correct! Wrong!

The correct answer:
Microsoft's Azure Active Directory (Azure AD) is a cloud-based identity and access management (IAM) solution for businesses. The backbone of the Office 365 system is Azure Active Directory, which can sync with on-premise Active Directory and offer OAuth authentication to other cloud-based applications.

You have a Microsoft 365 tenancy named contoso.com that is linked to a hybrid Azure Active Directory (Azure AD) tenant.

For contoso.com, you must activate Azure AD Seamless Single Sign-On (Azure AD SSO).

What type of material should you use?

the Azure Active Directory admin center

Azure AD Connect

the Microsoft 365 admin center

the Microsoft 365 Security admin center

Correct! Wrong!

The correct answer:
Azure AD Connect is a Microsoft on-premises tool that helps you achieve your hybrid identity ambitions. You should also consider the cloud-managed Azure AD Connect cloud sync if you're evaluating how to best meet your goals.

Microsoft Azure Advanced Threat Protection is used by your organisation (ATP). For an Azure ATP sensor named Sensor1, you enable the delayed release of updates. When will Sensor1 be updated after the Azure ATP cloud service is updated?

1 hour

48 hours

24 hours

12 hours

Correct! Wrong!

The correct answer:
The time difference was 24 hours. The 24 hour delay period has been expanded to 72 hours in ATP release 2.62.

Your Microsoft 365 environment is a mix of the two.
Microsoft Office 365 ProPlus is installed on all machines, which runs Windows 10 Enterprise. Every one of
Active Directory is installed on PCs.
Server1 is a Windows Server 2016 server that you have. The telemetry database is stored on Server 1. You must prohibit Microsoft from receiving personal information from telemetry data.
What's your plan?

Configure a registry on Server1

On Server1, run readinessreportcreator.exe

On the computers, run tdadm.exe

Configure a registry on the computers

Correct! Wrong!

The correct answer:
Configure a registry on the computers

MS-500 Test 2

MS-500 Test 1

You're a subscriber to Microsoft 365. You must recommend a biometric authentication method that does not require a password. What should your advice include?

You have a number of Conditional Access policies in place that prevent noncompliant devices from accessing services. You'll need to figure out which policies are blocking particular devices. What type of material should you use?

You are a subscriber to Microsoft 365 E5. You must guarantee that users with the Exchange administrator role have time-limited rights and must request authorization using multi-factor authentication (MFA). What method should you employ in order to reach your objective?

You're a subscriber to Microsoft 365. You can create a new user via the Microsoft 365 admin center. You intend to give the user the Reports reader role. The permissions of the Reports reader role must be viewed. Which administrative center should you go with?

You have a Microsoft 365 tenancy named contoso.com that is linked to a hybrid Azure Active Directory (Azure AD) tenant. For contoso.com, you must activate Azure AD Seamless Single Sign-On (Azure AD SSO). What type of material should you use?

Microsoft Azure Advanced Threat Protection is used by your organisation (ATP). For an Azure ATP sensor named Sensor1, you enable the delayed release of updates. When will Sensor1 be updated after the Azure ATP cloud service is updated?

Related Post

You're a subscriber to Microsoft 365.

You must recommend a biometric authentication method that does not require a password.

What should your advice include?

You have a number of Conditional Access policies in place that prevent noncompliant devices from accessing services.
You'll need to figure out which policies are blocking particular devices.
What type of material should you use?

You are a subscriber to Microsoft 365 E5.
You must guarantee that users with the Exchange administrator role have time-limited rights and must request authorization using multi-factor authentication (MFA).
What method should you employ in order to reach your objective?

You're a subscriber to Microsoft 365.
You can create a new user via the Microsoft 365 admin center.
You intend to give the user the Reports reader role.
The permissions of the Reports reader role must be viewed.
Which administrative center should you go with?

You have a Microsoft 365 tenancy named contoso.com that is linked to a hybrid Azure Active Directory (Azure AD) tenant.

For contoso.com, you must activate Azure AD Seamless Single Sign-On (Azure AD SSO).

What type of material should you use?