Free Access to Microsoft.MS-500.v2022-06-17.q108 with Valid Practice Test (Page 20)

Question 91

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11032396
You need to ensure that when users tag documents as classified, a classified watermark is applied to the documents.
To complete this task, sign in to the Microsoft Office 365 admin center.

Correct Answer:

1. In the admin center, select the Compliance admin center.
2. Select Classification > Sensitivity labels.
3. Select Create a label, and when the warning appears, select Yes.
4. Enter a Label name, Tooltip, and Description. Select Next.
5. Turn on Encryption. Choose when you want to assign permissions, whether you want your users' access to the content to expire, and whether you want to allow offline access.
6. Select Assign permissions > Add these email addresses or domains.
7. Enter an email address or domain name (such as Contoso.org). Select Add, and repeat for each email address or domain you want to add.
8. Select Choose permissions from preset or custom.
9. Use the drop-down list to select preset permissions, such as Reviewer or Viewer, or select Custom permissions. If you chose Custom, select the permissions from the list. Select Save >Save > Next.
10. Turn on Content marking, and choose the markings you want to use.
11. For each marking that you choose, select Customize text. Enter the text you want to appear on the document, and set the font and layout options. Select Save, and then repeat for any additional markings. Select Next.
12. Optionally, turn on Endpoint data loss prevention. Select Next.
13. Optionally, turn on Auto labeling. Add a condition. For example, under Detect content that contains, select Add a condition. Enter the condition; for example, add a condition that if passport, Social Security, or other sensitive information is detected, the label will be added. Select Next.
14. Review your settings, and select Create. Your label has been created. Repeat this process for any additional labels you want.
15. By default, labels appear in Office apps in this order: Confidential, Internal, and Public. To change the order, for each label, select More actions (the ellipsis), and then move the label up or down. Typically, permissions are listed from the lowest to highest level of permissions.
16. To add a sub-label to a label, select More actions, then Add sub level.
17. When finished, choose Publish labels> Choose labels to publish > Add. Select the labels you want to publish, and then select Add > Done > Next.
18. By default, the new label policy is applied to everyone. If you want to limit who the policy is applied to, select Choose users or groups > Add. Select who you want the policy to apply to, and then select Add > Done
> Next.
19. If you want a default label for documents and email, select the label you want from the drop-down list.
Review the remaining settings, adjust as needed, and then select Next.
20. Enter a Name and Description for your policy. Select Next.
21. Review your settings, then select Publish.
Reference:
https://support.office.com/en-us/article/create-and-manage-sensitivity-labels-2fb96b54-7dd2-4f0c-ac8d-170790d
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

Question 92

You need to create Group3.
What are two possible ways to create the group?

A.an Office 365 group in the Microsoft 365 admin center
B.a mail-enabled security group in the Microsoft 365 admin center
C.a security group in the Microsoft 365 admin center
D.a distribution list in the Microsoft 365 admin center
E.a security group in the Azure AD admin center

Correct Answer: A,D

Explanation/Reference:
Implement and manage identity and access
Testlet 3
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the offices shown in the following table.

Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft
365.
Existing Environment
Infrastructure
The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.
The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.
Each client computer has a single volume.
Each office connects to the Internet by using a NAT device. The offices have the IP addresses shown in the following table.

Named locations are defined in Azure AD as shown in the following table.

From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.
Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.
The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Customer Lockbox is enabled in Microsoft 365.
Microsoft Endpoint Manager Configuration
The devices enrolled in Microsoft Endpoint Manager are configured as shown in the following table.

The device compliance policies in Microsoft Endpoint Manager are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The Mark devices with no compliance policy assigned as setting is set to Compliant.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
* Use the principle of least privilege
* Enable User1 to assign the Reports reader role to users
* Ensure that User6 approves Customer Lockbox requests as quickly as possible
* Ensure that User9 can enable and configure Azure AD Privileged Identity Management

Question 93

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
Source Anchor: objectGUID

Password Hash Synchronization: Disabled

Password writeback: Disabled

Directory extension attribute sync: Disabled

Azure AD app and attribute filtering: Disabled

Exchange hybrid deployment: Disabled

User writeback: Disabled

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?

A.Yes
B.No

Question 94

You have a Microsoft 365 subscription.
You are creating a retention policy named Retention1 as shown in the following exhibit.

You apply Retention1 to SharePoint sites and OneDrive accounts.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Question 95

You install Azure ATP sensors on domain controllers.
You add a member to the Domain Admins group. You view the timeline in Azure ATP and discover that information regarding the membership change is missing.
You need to meet the security requirements for Azure ATP reporting.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question 91

Question 92

Question 93

Question 94

Question 95

Download PDF File