Chapter 21: Assessments – Microsoft 365 Security Administration: MS-500 Exam Guide

Chapter 21: Assessments

In the following pages, we will review all practice questions from each of the chapters in this book, and provide the correct answers (and explanations, where applicable).

Chapter 1 – Planning for Hybrid Identity

  1. c. Multi-Factor Authentication (MFA).

    Explanation: MFA is a secure authentication method as opposed to an identity method.

  2. b. The IdFix tool.

    Explanation: IdFix is a tool that scans Active Directory (AD) and identifies any objects with attributes that are incompatible with Office 365 or that would result in a conflict or duplicate object.

  3. b. False

    Explanation: Password hash synchronization provides the same sign-on experience, where users are authenticated directly to Office 365/Azure AD.

  4. d. Azure AD Premium P1

    Explanation: Azure AD Premium P1 is the minimum subscription requirement for Self-Service Password Reset (SSPR). It is also available with Azure AD Premium P2. Intune and Azure Information Protection P1 licenses bear no relevance to SSPR.

  5. a. Start-ADSyncSyncCycle -PolicyType Initial

    Explanation: The Start-ADSyncSyncCycle -PolicyType Initial command will run a full synchronization. The Start-ADSyncSyncCycle -PolicyType Delta command will run only a delta/incremental synchronization. The remaining options in this question are not valid commands.

  6. a. True

    Explanation: Conditional Access is as described in the statement in this question.

  7. d. 40

    Explanation: 40 is the maximum number of agents permitted.

  8. c. Every 30 minutes

    Explanation: Azure AD Connect will automatically perform a synchronization to Azure AD every 30 minutes. Manual synchronizations may also be performed on demand.

  9. a. Code with the Microsoft Authenticator app, and b. SMS message to mobile device.

    Explanation: Security questions and email addresses are not valid methods.

  10. b. 2

    Explanation: Two Web Application Proxy servers is the minimum recommended requirement as per Microsoft best practice guidelines.

Chapter 2 – Authentication and Security

  1. a. True

    Explanation: N/A

  2. b. OAuth token

    Explanation: OAuth tokens can be used with MFA, not SSPR.

  3. c. Global Administrator

    Explanation: The other roles do not have the required privileges

  4. c. Five

    Explanation: N/A

  5. a. True

    Explanation: Users may not create access reviews but may be configured as reviewers by administrators.

  6. a. New-AzureADMSGroup

    Explanation: New-AzureADGroup will create a new Azure AD group to which members must be statically added. New-UnifiedGroup will create a new Office 365 group. Set-UnifiedGroup will allow changes to be made to existing Office 365 groups.

  7. a. True

    Explanation: N/A

  8. c. After 14 days

    Explanation: N/A

  9. b and d. SSPR with password writeback is a feature of both Azure AD Premium P1 and P2.

    Explanation: N/A

  10. a. True

    Explanation: N/A

Chapter 3 – Implementing Conditional Access Policies

  1. a. Require Azure Advanced Threat Protection

    Explanation: Require Azure Advanced Threat Protection is not a condition that exists or that can be applied to any Microsoft 365 location or service.

  2. a. True

    Explanation: N/A

  3. d. Block modern authentication

    Explanation: No such baseline policy exists.

  4. a. Setting named locations in Azure AD, and c. Setting up MFA trusted IPs

    Explanation: The other options do not relate to Conditional Access.

  5. a. True

    Explanation: N/A

  6. d. The Azure portal under Azure Active Directory | Monitoring | Sign-ins

    Explanation: The other options do not provide the ability to monitor Conditional Access events.

  7. a. Sign-in risk, b. Locations, and e. Device platforms

    Explanation: The three correct answers are available under the Assignments | Conditions section of a Conditional Access policy. Directory Roles is available under Assignments | Users and Groups, while MFA is available under Access Controls | Grant.

  8. a. True

    Explanation: N/A

  9. d. Linux

    Explanation: N/A

  10. a. True

    Explanation: N/A

Chapter 4 – Role Assignment and Privileged Identities in Microsoft 365

  1. b. Security Reader

    Explanation: Security Reader is an actual role, not a role component.

  2. b. False

    Explanation: Azure AD Premium P2 is the requirement for Privileged Identity Management (PIM).

  3. a. In the Access Control (IAM) option within the Resource blade

    Explanation: N/A

  4. a. Privileged Role Administrator, and c. Security Administrator

    Explanation: N/A

  5. a. True

    Explanation: N/A

  6. a. Wait for an email notification that contains the PIM approver's response to the request, and c. Log in to the Azure portal, navigate to Privileged Identity Management, and select My requests.

    Explanation: N/A

  7. c. Azure AD Basic

    Explanation: N/A

  8. a. True

    Explanation: N/A

  9. d. The approval will automatically be sent to the PIM administrator.

    Explanation: N/A

  10. a. True

    Explanation: N/A

Chapter 5 – Azure AD Identity Protection

  1. b. Flagged Users

    Explanation: N/A

  2. a. True

    Explanation: An MFA registration policy may be configured from the Azure AD Identity Protection portal under the Protect section.

  3. b. MFA authentication

    Explanation: MFA in fact helps to mitigate sign-in risk.

  4. b. Azure AD Premium P2

    Explanation: Identity Protection is not available with the other subscriptions.

  5. a. True

    Explanation: This can be achieved by using User risk and Sign in risk policies from Azure AD Identity Protection.

  6. b. 14 days

    Explanation: N/A

  7. c. Ensure your break-glass account is excluded from the user risk policy and the sign-in risk policy.

    Explanation: The other options are not relevant to the goal.

  8. b. False

    Explanation: With a user risk policy, you may enforce a password reset. To enforce MFA, you would use a sign-in risk policy.

  9. c. Moderate

    Explanation: No such level exists.

  10. a. True

    Explanation: Administrators may apply these settings in Azure AD Identity Protection by navigating to Report | Risky Users, highlighting the user, and then selecting the option to Confirm user compromised.

Chapter 6 – Configuring an Advanced Threat Protection Solution

  1. b. Windows 10 workstation

    Explanation: N/A

  2. d. Monthly

    Explanation: N/A

  3. a. True

    Explanation: EM+S E5 or a standalone Azure ATP license is the minimum requirement.

  4. a. Azure ATP portal, b. Azure ATP sensor, and d. Azure ATP cloud service.

    Explanation: Neither Azure ATP Configuration Manager nor Azure ATP Cloud App Security exist.

  5. a. True

    Explanation: N/A

  6. b. Pending, and d. Deferred

    Explanation: N/A

  7. b. Directory services report

    Explanation: No such report exists

  8. a. True

    Explanation: This can be achieved by accessing the Azure ATP portal, navigating to Configuration | Windows Defender ATP, and setting the option for Integration with Windows Defender ATP to On.

  9. a. Excel (xlsx)

    Explanation: N/A

  10. a. True

    Explanation: Azure Advanced Threat Protection (ATP) creates three Azure AD groups – Administrators, Viewers, and Users.

Chapter 7 – Configuring Microsoft Defender ATP to Protect Devices

  1. a. Microsoft 365 E5, and c. Windows 10 Enterprise E5

    Explanation: The remaining answers will not enable the use of Microsoft Defender ATP.

  2. a. True

    Explanation: This can be achieved by configuring an Endpoint Protection Device configuration profile.

  3. a. securitycenter.windows.com, and b. securitycenter.microsoft.com

    Explanation: The other URLs are not valid.

  4. b. Endpoint Protection

    Explanation: The remaining choices would not enable the required configuration.

  5. a. Control Panel | Windows Features

    Explanation: The remaining choices would not enable the required configuration.

  6. a. True

    Explanation: Windows Defender Application Guard (WDAG) may be configured and deployed using either System Center Configuration Manager (SCCM) or Intune.

  7. b. Settings

    Explanation: The remaining choices would not enable the required configuration.

  8. a. 30 days

    Explanation: N/A

  9. a. True

    Explanation: This can be done when configuring Microsoft Defender ATP for the first time during step 3 of the setup.

  10. a. Current Status, and c. Status History

    Explanation: The remaining choices are not available options.

Chapter 8 – Message Protection in Office 365

  1. c. Office 365 Enterprise E3

    Explanation: ATP is not included with Office 365 E3.

  2. a. True

    Explanation: You can use Get-SafeAttachmentPolicy, Get-SafeAttachmentPolicy, New-SafeAttachmentPolicy, or Remove-SafeAttachmentPolicy.

  3. b. New-SafeLinksRule

    Explanation: New-SafeLinksRule will allow you to create a custom safe links rule. Get-SafeLinksRule allows you to view the safe links rule settings. Set-SafeLinksRule lets you edit existing safe links rule settings. Start-SafeLinksRule is not a valid command.

  4. c. 7

    Explanation: N/A

  5. a. True

    Explanation: N/A

  6. d. Threat management | Policy

    Explanation: N/A

  7. d. Move message to the deleted items folder.

    Explanation: N/A

  8. a. True

    Explanation: N/A

  9. a. Block, b. Dynamic Delivery, and d. Monitor

    Explanation: Edit and Scan are not valid actions.

  10. b. False

    Explanation: Sender Policy Framework (SPF) does not prevent users from sending external emails. It is used to ensure that external mails can be verified as originating from authorized sources to prevent spoofing.

Chapter 9 – Threat Intelligence and Tracking

  1. b. Service Administrator

    Explanation: The Service Administrator may only open and manage service requests, and view and share message center posts.

  2. a. True

    Explanation: N/A

  3. c. 30 days

    Explanation: N/A

  4. a. Threat management | Review

    Explanation: The quarantine is not accessible from the other sections.

  5. b. False

    Explanation: The maximum setting is 30 days.

  6. d. Whale phishing

    Explanation: N/A

  7. b. False

    Explanation: N/A

  8. b. Open Message

    Explanation: N/A

  9. a. True

    Explanation: N/A

  10. b. The Security trends widget

    Explanation: N/A

Chapter 10 – Controlling Secure Access to Information Stored in Office 365

  1. a. True

    Explanation: Privileged Access Management (PAM) currently only supports Exchange Online, and no other Office 365 locations.

  2. b. 5

    Explanation: N/A

  3. c. 4 hours

    Explanation: N/A

  4. d. Task group

    Explanation: A task group is not a policy type.

  5. b. Unmanaged users

    Explanation: N/A

  6. c. Settings | Security & privacy

    Explanation: N/A

  7. a. Invite user, c. Create user

    Explanation: N/A

  8. b. False

    Explanation: SharePoint Online external sharing settings are set from the SharePoint Admin Center.

  9. a. Microsoft 365 E5, and D. Office 365 E5

    Explanation: The customer lockbox is only available in E5 subscriptions.

  10. a. True

    Explanation: This can be set up by using a Conditional Access Policy.

Chapter 11 – Azure Information Protection

  1. b. EM+S E3

    Explanation: N/A

  2. a. True

    Explanation: This can be done with the Enable-AIPService command.

  3. b. AADRM

    Explanation: N/A

  4. b. Highlight

    Explanation: N/A

  5. a. True

    Explanation: Unified labeling enables sensitivity labels to be used on other platforms, such as macOS.

  6. b. Install-AIPScanner

    Explanation: The other commands listed are invalid.

  7. d. The Azure Information Protection viewer, and e. The track and revoke option within Microsoft Office applications.

    Explanation: N/A

  8. b. False

    Explanation: The Azure Information Protection scanner requires a server.

  9. a. Add-AIPServiceRoleBasedAdministrator

    Explanation: N/A

  10. a. User Administrator

    Explanation: N/A

Chapter 12 – Data Loss Prevention

  1. a. True

    Explanation: N/A

  2. b. PowerApps, and e. Yammer groups

    Explanation: N/A

  3. c. Reports | Dashboard

    Explanation: N/A

  4. c. Dictionary (regular expression)

    Explanation: There is no such setting.

  5. a. True

    Explanation: Conditions are set within Data loss prevention (DLP) policy rules, and the actions will be applied if the policy is triggered.

  6. b. Exchange Admin Center

    Explanation: The only other location you can configure DLP policies is from the Exchange Admin Center.

  7. b. False

    Explanation: When DLP policies are set to test with policy tips, users will receive policy tips and administrators will receive alerts relating to the DLP policy.

  8. b. Teams Chat, and c. Channel Messages

    Explanation: Only Teams Chat and Channel Messages may be protected.

  9. b. Distribution Groups

    Explanation: Distribution Groups are used to target or exclude Exchange email content from DLP policies.

  10. b. False

    Explanation: Policy tips are not available within Office for Mac.

Chapter 13 – Cloud App Discovery and Security

  1. b. Advanced Cloud App Security

    Explanation: Advanced Cloud App Security is not the name of a product.

  2. b. False

    Explanation: Cloud App Security may be used with Office 365 Enterprise E5, EM+S E5, and Microsoft 365 E5.

  3. b. Administrator overview

    Explanation: There is no such report as Administrator overview.

  4. a. True

    Explanation: Session Based Conditional Access policies may be set up within the Azure portal and then integrated with Cloud App Security.

  5. d. Discover | Cloud app catalog

    Explanation: N/A

  6. a. Send alert as email, c. Send alert as text message, and e. Send alerts to Power Automate

    Explanation: Microsoft Flow and RSS feeds are not available as alerts.

  7. a. Security Administrator, and c. Global Administrator

    Explanation: Only the Security Administrator and Global Administrator roles have permission to configure Cloud App Security.

  8. a. True

    Explanation: This may be configured from the Discover | Create snapshot report option.

  9. d. https://portal.cloudappsecurity.com

    Explanation: The other options are not valid URLs.

  10. c. Investigate | Files

    Explanation: Investigate | Files will show you activity on files. You could also use Investigate | Activity log. The other option in this question would not provide you with information on files.

Chapter 14 – Security Analytics and Auditing Capabilities

  1. b. From the Excel telemetry dashboard workbook

    Explanation: Telemetry data may only be viewed by using the telemetry Excel workbook.

  2. b. False

    Explanation: Audit logging may be turned on from the Security and Compliance Center. However, PowerShell must be used if you want to turn it off.

  3. b. https://devicemanagement.portal.azure.com

    Explanation: The other URLs link to other Microsoft 365 dashboards.

  4. d. Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

    Explanation: The other commands are not valid.

  5. a. True

    Explanation: The telemetry agent collects telemetry data and sends it to the shared folder. The telemetry processor then collects the data from the shared folder and sends it to the telemetry database. Finally, the data placed in the database is presented in the telemetry dashboard.

  6. a. Alerts | Alert Policies

    Explanation: Alerts | Alert policies will allow you to set up a policy for audit alerts.

  7. c. EM+S E3

    Explanation: EM+S E3 does not have rights to configure Desktop Analytics. You would need one of the other licenses listed in the options.

  8. c. 90

    Explanation: 90 days is the maximum number of days that the audit log can provide information. However, it is possible to set up an audit log retention policy.

  9. c. Office Deployment Tool

    Explanation: The Office Deployment Tool will deploy Microsoft Office, not Windows diagnostics.

  10. a. True

    Explanation: Several default polices for alerts are available.

Chapter 15 – Personal Data Protection in Microsoft 365

  1. a. True

    Explanation: Content searches may be applied to all Office 365 locations, or to specific locations by clicking on Modify within the search. This will enable you to select individual services such as Exchange email, Teams messages, SharePoint sites, and OneDrive accounts.

  2. c. Classification | Retention labels

    Explanation: Retention labels cannot be configured from the other options.

  3. a. True

    Explanation: The eDiscovery export tool may be used to export content search results and reports.

  4. d. Threat detection reports

    Explanation: Threat detection reports relate to security as opposed to compliance.

  5. b. Guided search

    Explanation: As well as New search, you may conduct a Guided search, which will initiate a wizard to take you through the process of setting up a content search.

  6. a. File plan descriptors

    Explanation: File plan descriptors will automatically apply labels to content based on conditions that are set within file plan descriptors.

  7. b. False

    Explanation: If you have file plan descriptors enabled in your retention label, then it is not possible to choose settings to manually apply the retention labels.

  8. c. Search | Content search

    Explanation: You would typically start the content search from Search | Content search. It is also possible to start a content search from within an eDiscovery case. Therefore, eDiscovery | Advanced eDiscovery, and eDiscovery | eDiscovery are both possible answers.

  9. a. Control | Templates

    Explanation: From the Control | Templates option, you may highlight a template and choose the option to Create Policy. You may also create policies from the Control | Policies option, however, you may not base policies on a template from here.

  10. a. True

    Explanation: This can be done from the Outlook Web App (OWA) by right-clicking on a message and selecting Assign policy.

Chapter 16 – Data Governance and Retention

  1. a. Information governance | Archive

    Explanation: The other options will not allow you to enable the online archives. It is, however, also possible to enable online archives for users in the Exchange admin center.

  2. b. False

    Explanation: Exchange Online Plan 2 is the minimum requirement to set Litigation Hold for a user mailbox.

  3. b. The Security Center

    Explanation: Retention policies are a compliance feature, not a security feature.

  4. c. The hold will preserve content indefinitely.

    Explanation: Unless a hold duration is specified, the hold will have no end date and will continue indefinitely or until the hold is removed.

  5. a. True

    Explanation: One of the main reasons for an Online Archive is to minimize the space that Offline Outlook Data (OST) files take up on a user's computer. Therefore, Online Archives (as the name suggests) may only be accessed when connected to the internet.

  6. c: The compliance center

    Explanation: This may only be done from the Microsoft 365 compliance center.

  7. c. The other services will be automatically deselected from the policy.

    Explanation: Teams Channel Messages and Teams Chats may not exist in the same retention policy as other Office 365 services.

  8. a. True

    Explanation: A retention policy is flexible and includes settings that will allow you to delete or retain content depending upon your requirements.

  9. b. At the user level

    Explanation: Litigation Hold must be applied at the user level.

  10. b. Mailbox Import/Export

    Explanation: The other roles will not allow pst import.

Chapter 17 – Search and Investigation

  1. b. Security Administrator

    Explanation: eDiscovery is a compliance feature, not a security feature.

  2. a. Office 365 E5, and d. Office 365 E3 with the Advanced Compliance add-on

    Explanation: None of the other licenses listed will allow Advanced eDiscovery.

  3. a. True

    Explanation: N/A

  4. b. eDiscovery | eDiscovery

    Explanation: This function may not be completed within a standard content search.

  5. b. False

    Explanation: A reviewer may view, but not create or edit.

  6. b. Google Chrome

    Explanation: Internet Explorer and Edge are the only eDiscovery-compatible browsers when exporting eDiscovery reports and results.

  7. b. False

    Explanation: The Security Reader does not have these rights.

  8. c. 24 hours

    Explanation: N/A

  9. a. True

    Explanation: N/A

  10. c. Locations on Hold

    Explanation: The other selections would negate the settings already defined in the eDiscovery case.

Chapter 18 – Data Privacy Compliance

  1. a. True

    Explanation: N/A

  2. b. Data privacy | GDPR dashboard

    Explanation: The other options are not valid.

  3. d. Message trace

    Explanation: Message Trace is a mail flow interrogation tool.

  4. d. Discover

    Explanation: The other options do not enable you to carry out the required function.

  5. a. True

    Explanation: A Data Subject Request (DSR) will trigger the content search as part of the process.

  6. a. https://compliance.microsoft.com

    Explanation: This feature may only be accessed via the Microsoft 365 compliance center.

  7. a. True

    Explanation: N/A

  8. b. False

    Explanation: The ability to manage assessments directly from the Microsoft Compliance Score dashboard feature is not yet available from this dashboard. You can do so by accessing the Microsoft Compliance Manager tool.

  9. b. Investigate

    Explanation: N/A

  10. c. Improvement actions

    Explanation: You will find these recommendations in the Improvement actions section.