Free Access to Microsoft.MS-500.v2022-08-15.q301 with Valid Practice Test (Page 16)

Question 71

You have a Microsoft 365 tenant.
You need to retain Azure Active Directory (Azure AD) audit logs for two years. Administrators must be able to query the audit log information by using the Azure Active Directory admin center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question 72

You have an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.
Contoso.com contains the groups shown in the following table.

You plan to create a supervision policy named Policy1.
You need to identify which groups can be supervised by using Policy1.
Which groups should you identify?

A.Group1 and Group4 only
B.Group1 only
C.Group1, Group3, and Group4 only
D.Group2 and Group3 only
E.Group1, Group2, and Group3 only

Question 73

Which IP address space should you include in the MFA configuration?

A.131.107.83.0/28
B.192.168.16.0/20
C.172.16.0.0/24
D.192.168.0.0/20

Correct Answer: B

Explanation/Reference:
Testlet 3
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, and New York.
The company has the offices shown in the following table.

Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365.
Existing Environment
Infrastructure
The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.
The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.
Each client computer has a single volume.
Each office connects to the Internet by using a NAT device. The offices have the IP addresses shown in the following table.

Named locations are defined in Azure AD as shown in the following table.

From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list.
Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.
The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Customer Lockbox is enabled in Microsoft 365.
Microsoft Intune Configuration
The devices enrolled in Intune are configured as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The Mark devices with no compliance policy assigned as setting is set to Compliant.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Use the principle of least privilege

Enable User1 to assign the Reports reader role to users

Ensure that User6 approves Customer Lockbox requests as quickly as possible

Ensure that User9 can implement Azure AD Privileged Identity Management

Question 74

You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
* Administrators must be notified when the Security administrator role is activated.
* Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question 75

You need to recommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File