• Home
  • Articles
  • Microsoft 365 MS-500 Practice Test Engine Try These 247 Exam Questions [Q14-Q36]

Microsoft 365 MS-500 Practice Test Engine Try These 247 Exam Questions [Q14-Q36]

Share

Microsoft 365 MS-500 Practice Test Engine: Try These 247 Exam Questions

Guaranteed Success in Microsoft 365 MS-500 Exam Dumps

NEW QUESTION 14
You need to create Group3
What are two possible ways to create the group?

  • A. a security group in the Microsoft 365 admin center
  • B. a mail-enabled security group in the Microsoft 365 admin center
  • C. a security group in the Azure AD admin center
  • D. a distribution list in the Microsoft 365 admin center
  • E. an Office 365 group in the Microsoft 365 admin center

Answer: D,E

Explanation:
Topic 1, Litware, Inc
Overview
Litware, Inc. is a financial company that has 1,000 users in its main office in Chicago and 100 users in a branch office in San Francisco.
Existing Environment
Internal Network Infrastructure
The network contains a single domain forest. The forest functional level is Windows Server 2016.
Users are subject to sign-in hour restrictions as defined in Active Directory.
The network has the IP address range shown in the following table.

The offices connect by using Multiprotocol Label Switching (MPLS).
The following operating systems are used on the network:
* Windows Server 2016
* Windows 10 Enterprise
* Windows 8.1 Enterprise
The internal network contains the systems shown in the following table.

Litware uses a third-party email system.
Cloud Infrastructure
Litware recently purchased Microsoft 365 subscription licenses for all users.
Microsoft Azure Active Directory (Azure AD) Connect is installed and uses the default authentication settings.
User accounts are not yet synced to Azure AD.
You have the Microsoft 365 users and groups shown in the following table.

Planned Changes
Litware plans to implement the following changes:
* Migrate the email system to Microsoft Exchange Online
* Implement Azure AD Privileged Identity Management
Security Requirements
Litware identities the following security requirements:
* Create a group named Group2 that will include all the Azure AD user accounts. Group2 will be used to provide limited access to Windows Analytics
* Create a group named Group3 that will be used to apply Azure Information Protection policies to pilot users. Group3 must only contain user accounts
* Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest
* Prevent users locked out of Active Directory from signing in to Azure AD and Active Directory
* Implement a permanent eligible assignment of the Compliance administrator role for User1
* Integrate Windows Defender and Windows Defender ATP on domain-joined servers
* Prevent access to Azure resources for the guest user accounts by default
* Ensure that all domain-joined computers are registered to Azure AD
Multi-factor authentication (MFA) Requirements
Security features of Microsoft Office 365 and Azure will be tested by using pilot Azure user accounts.
You identify the following requirements for testing MFA.
* Pilot users must use MFA unless they are signing in from the internal network of the Chicago office.
MFA must NOT be used on the Chicago office internal network.
* If an authentication attempt is suspicious, MFA must be used, regardless of the user location
* Any disruption of legitimate authentication attempts must be minimized General Requirements Litware want to minimize the deployment of additional servers and services in the Active Directory forest.

 

NEW QUESTION 15
You have a Microsoft 365 subscription.
You identify the following data loss prevention (DLP) requirements:
* Send notifications to users if they attempt to send attachments that contain EU social security numbers
* Prevent any email messages that contain credit card numbers from being sent outside your organization
* Block the external sharing of Microsoft OneDrive content that contains EU passport numbers
* Send administrators email alerts if any rule matches occur.
What is the minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 16
You have a Microsoft 365 subscription that uses a default name of litwareinc.com.
You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/onedrive/manage-sharing

 

NEW QUESTION 17
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-MailboxFolderPermission -Identity "User1" -User [email protected] -AccessRights Owner command.
Does that meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps

 

NEW QUESTION 18
You need to implement Windows Defender ATP to meet the security requirements. What should you do?

  • A. Run WindowsDefenderATPOnboardingScript.cmd
  • B. Download and install the Microsoft Monitoring Agent
  • C. Create the ForceDefenderPassiveMode registry setting
  • D. Configure port mirroring

Answer: B

Explanation:
Explanation/Reference:
Testlet 3
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, and New York.
The company has the offices shown in the following table.

Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365.
Existing Environment
Infrastructure
The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.
The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.
Each client computer has a single volume.
Each office connects to the Internet by using a NAT device. The offices have the IP addresses shown in the following table.

Named locations are defined in Azure AD as shown in the following table.

From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.
Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.
The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Customer Lockbox is enabled in Microsoft 365.
Microsoft Intune Configuration
The devices enrolled in Intune are configured as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The Mark devices with no compliance policy assigned as setting is set to Compliant.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Use the principle of least privilege

Enable User1 to assign the Reports reader role to users

Ensure that User6 approves Customer Lockbox requests as quickly as possible

Ensure that User9 can implement Azure AD Privileged Identity Management

Question Set 4

 

NEW QUESTION 19
You have the Microsoft conditions shown in the following table.

You have the Azure Information Protection labels shown in the following table.

You have the Azure Information Protection policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

 

NEW QUESTION 20
Which role should you assign to User1?

  • A. Global administrator
  • B. User administrator
  • C. Privileged role administrator
  • D. Security administrator

Answer: C

Explanation:
Explanation/Reference:
Question Set 4

 

NEW QUESTION 21
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308









You need to protect against phishing attacks. The solution must meet the following requirements:
* Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
* As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.
2. Select Default Policy to refine it.
3. In the Impersonation section, select Edit.
4. Go to Add domains to protect and select the toggle to automatically include the domains you own.
5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the Quarantine message action.
Open the drop-down If email is sent by an impersonated domain and choose the Quarantine message action.
6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.
7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.
8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.
9. Choose Review your settings, make sure everything is correct, select Save, then Close.
Reference:
https://support.office.com/en-us/article/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=

 

NEW QUESTION 22
You are evaluating which devices are compliant in Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 23
Which role should you assign to User1?

  • A. Global administrator
  • B. Security administrator
  • C. User administrator
  • D. Privileged role administrator

Answer: B

Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-give-acces

 

NEW QUESTION 24
You have a Microsoft 365 E5 subscription.
You implement Advanced Threat Protection (ATP) safe attachments policies for all users.
User reports that email messages containing attachments take longer than expected to be received.
You need to reduce the amount of time it takes to receive email messages that contain attachments. The
solution must ensure that all attachments are scanned for malware. Attachments that have malware must
be blocked.
What should you do from ATP?

  • A. Set the action to Dynamic Delivery
  • B. Set the action to Block
  • C. Add a condition
  • D. Add an exception

Answer: A

Explanation:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/dynamic-delivery-and-previewing

 

NEW QUESTION 25
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a tower risk level.
Solution: From the Access settings, you select Block access for User1.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

 

NEW QUESTION 26
You discover that Microsoft SharePoint content is shared with users from multiple domains.
You need to allow sharing invitations to be sent only to users in an email domain named contoso.com.
To complete this task, sign in to the Microsoft 365 portal.

Answer:

Explanation:
See explanation below.
Explanation
You need to configure the Sharing options in the SharePoint admin center.
* Go to the SharePoint admin Center.
* Navigate to Policies > Sharing.
* In the External Sharing section, click on More external sharing settings.
* Tick the Limit external sharing by domain
* Click the Add domains button.
* Select the Allow only specific domains option and type in the domain contoso.com.
* Click Save to save the changes.

 

NEW QUESTION 27
Your company has 500 computers.
You plan to protect the computers by using Microsoft Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives.
You need to recommend a remediation solution that meets the following requirements:
* Microsoft Defender ATP administrators must manually approve all remediation for the executives
* Remediation must occur automatically for all other users
What should you recommend doing from Microsoft Defender Security Center?

  • A. Configure two alert notification rules
  • B. Create two machine groups
  • C. Download an offboarding package for the computers of the 20 executives
  • D. Configure 20 system exclusions on automation allowed/block lists

Answer: B

Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/machine-groups- windows-defender-advanced-threat-protection

 

NEW QUESTION 28
Your company has a Microsoft 365 subscription, a Microsoft Azure subscription, and an Azure Active Directory (Azure AD) tenant named contoso.com.
The company has the offices shown in the following table.

The tenant contains the users shown in the following table.

You create the Microsoft Cloud App Security policy shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 29
You have a Microsoft 365 subscription.
You have a site collection named SiteCollection1 that contains a site named Site2. Site2 contains a document library named Customers.
Customers contains a document named Litware.docx. You need to remove Litware.docx permanently.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

 

NEW QUESTION 30
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308









You need to create an eDiscovery case that places a hold on the mailbox of a user named Allan Deyoung. The hold must retain email messages that have a subject containing the word merger or the word Contoso.
To complete this task, sign in to the Microsoft 365 admin center.

Answer:

Explanation:
See explanation below.
Explanation
1. Navigate to eDiscovery in the Security & Compliance Center, and then click Create a case.
2. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.

The new case is displayed in the list of cases on the page. You can hover the cursor over a case name to display information about the case, including the status of the case (Active or Closed), the description of the case (that was created in the previous step), and when the case was changed last and who changed it.
To create a hold for an eDiscovery case:
1. In the Security & Compliance Center, click to display the list of cases in your organization.
2. Click Open next to the case that you want to create the holds in.
3. On the Home page for the case, click the Hold tab.

4. On the Hold page, click Create.
5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.

6. (Optional) In the Description box, add a description of the hold.
7. Click Next.
8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.

* Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or
* teams again. to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group.
Select the user, group, team check box, click Choose, and then click Done.
Note
When you click Choose users, groups, or teams to specify mailboxes to place on hold, the mailbox picker that's displayed is empty. This is by design to enhance performance. To add people to this list, type a name (a minimum of 3 characters) in the search box.
9. After configuring a query-based hold, click
10. Review your settings, and then click
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide#step-4-pla

 

NEW QUESTION 31
You have a Microsoft 365 tenant.
You create an attack surface reduction policy that uses an application control profile as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: the member will receive a security warning.
Group1 is included in the policy so SmartScreen will be enabled. SmartScreen will display a warning.
Box 2: the site will open without warning.
Group2 is excluded from the policy so SmartScreen will not be enabled. Therefore, no warning will be displayed.

 

NEW QUESTION 32
You need to recommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 33
You have a Microsoft 365 subscription. All users use Microsoft Exchange Online.
Microsoft 365 is configured to use the default policy settings without any custom rules.
You manage message hygiene.
Where are suspicious email messages placed by default? To answer, drag the appropriate location to the correct message types. Each location may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:

Explanation

 

NEW QUESTION 34
You have a Microsoft 365 subscription.
You need to be notified by email whenever an administrator starts an eDiscovery search.
What should you do from the Security & Compliance admin center?

  • A. From Search & investigation, create an eDiscovery case.
  • B. From Alerts, create an alert policy.
  • C. From Search & investigation, create a guided search.
  • D. From Events, create an event.

Answer: B

Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

 

NEW QUESTION 35
You need to recommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 36
......

Test Engine to Practice MS-500 Test Questions: https://examdumps.passcollection.com/MS-500-valid-vce-dumps.html

Related Articles

more
Microsoft MS-500 Certification Practice Exam

Our website will provide you with latest test questions and the most reliable pass guide to make sure you pass exam smoothly, you just need to remember the key knowledge of exam prep.

Latest Exam Tests

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PassCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy