MS-500 | ExamData

Question#91

HOTSPOT -
You have a Microsoft 365 subscription that uses a default domain name of litwareinc.com.
You configure the Sharing settings in Microsoft OneDrive as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off

Question#92

You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to prevent users in the finance department from sharing files with users in the research department.
Which type of policy should you configure?

A. information barrier
B. insider risk management
C. Conditional Access
D. communication compliance

Discover Answer

Answer: A
Microsoft Purview Information Barriers (IB) is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint Online, and OneDrive for Business.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers

Question#93

You have a Microsoft 365 E5 subscription.
You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites:
✑ web1.contoso.com
web2.contoso.com

The solution must minimize administrative effort.
To what should you set the Service domains setting for Endpoint DLP?

A. web1.contoso.com and web2.contoso.com
B. contoso.com
C. *.contoso.com
D. web*.contoso.com

Discover Answer

Answer: A
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about

Question#94

You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You need to ensure that users can only share files with users at specified partner companies. The solution must minimize administrative effort.
What should you do?

A. Limit external sharing by domain.
B. Set External sharing to New and existing guests.
C. Allow only users in specific security groups to share externally.
D. Set File and folder links to Specific people.

Discover Answer

Answer: A
Limiting domains -
You can limit domains by allowing only the domains you specify or by allowing all domains except those you block.
To limit domains at the organization level
1. Go to Sharing in the SharePoint admin center, and sign in with an account that has admin permissions for your organization.
2. Under Advanced settings for external sharing, select the Limit external sharing by domain check box, and then select Add domains.
3. To create an allowlist (most restrictive), select Allow only specific domains; to block only the domains you specify, select Block specific domains.
4. List the domains (maximum of 3000) in the box provided, using the format domain.com.
5. Etc.
Reference:
https://docs.microsoft.com/en-us/sharepoint/restricted-domains-sharing

Question#95

HOTSPOT -
You have a Microsoft 365 E5 tenant that contains a published sensitivity label named Sensitivity1.
You plan to create an Azure Active Directory group named Group1 and assign Sensitivity1 to Group1.
How should you configure Group1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Box 1: EnableMIPLabels -
The sensitivity label option is only displayed for groups when all the following conditions are met:
* The feature is enabled, EnableMIPLabels is set to True in from the Azure AD PowerShell module.
* The group is a Microsoft 365 group.
* Etc.

Box 2: Microsoft 365 -
Incorrect:
* Not ClassificationList:
Classic classifications are the old classifications you set up by defining values for the ClassificationList setting in Azure AD PowerShell. When this feature is enabled, those classifications will not be applied to groups.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-assign-sensitivity-labels

Question#96

HOTSPOT -
You have a Microsoft E5 subscription that contains two users named User1 and User2.
You have a Microsoft SharePoint site named Site1. Site1 stores files that contain IP addresses as shown in the following table.

User1 is assigned the SharePoint admin role for Site1. User2 is a member of Site1.
You create the data loss prevention (DLP) policy shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Box 1: Yes -
Note: Key tasks of the SharePoint admin
Here are some of the key tasks users can do when they are assigned to the SharePoint admin role:

Create sites -

Delete sites -
Manage sharing settings at the organization level

Add and remove site admins -

Manage site storage limits -

Box 2: No -
File1.text contains 3 IP addresses.

Box 3: Yes -
File2.docx contains only 1 IP address.

Question#97

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

You plan to use the encryption report in Microsoft Endpoint Manager to view devices that have encryption enabled.
Which devices will be included in the encryption report?

A. Device1 only
B. Device and Device2 only
C. Device1 and Device4 only
D. Device1, Device2, and Device4 only
E. Device1, Device2, Device3, and Device4

Discover Answer

Answer: D
Encryption of data storage on a device: Supported on Android 4.0 and later, or KNOX 4.0 and later.
MacOS, Windows 10: There is an Intune setting: Encryption of data storage on a device
There is no Intune encryption setting for iOS/iPadOS.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-mac-os

Question#98

HOTSPOT -
You have a Microsoft SharePoint Online site named Site1 that has the users shown in the following table.

You create the retention labels shown in the following table.

You publish the retention labels to Site1.
On March 1, 2021, you assign the retention labels to the files shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Box 1: No -
User1 is the owner. Retention1 applies to File1. Retention1 has a 4 year retention period.
Note: How retention settings work with content in place
When content has retention settings assigned to it, that content remains in its original location. Most of the time, people continue to work with their documents or mail as if nothing's changed. But if they edit or delete content that's included in the retention policy, a copy of the content is automatically retained.

Box 2: Yes -
March 10 2025 is outside the retention period. The file can be deleted.

Box 3: No -
The file has already been deleted by the retention policy at that point in time.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide

Question#99

HOTSPOT -
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and a sensitivity label named Label1.
The external sharing settings for Site1 are configured as shown in the Site1 exhibit. (Click the Site1 tab.)

The external sharing settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)

Label 1 is applied to Site1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Box 1: Yes -
The Sensitive label setting of Label1 in the second exhibit 2overrides the setting in exhibit 1.

Box 2: No -
Box 3: No

Question#100

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 contains 100 users and has dynamic user membership.
All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.
You create a sensitivity label named Label1 and publish Label1 as the default label for Group1.
You need to ensure that the users in Group1 must apply Label1 to their email and documents.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Install the Azure Information Protection unified labeling client on the Windows 10 devices.
B. From the Microsoft 365 Compliance center, modify the settings of the Label1 policy.
C. Install the Active Directory Rights Management Services (AD RMS) client on the Windows 10 devices.
D. From the Microsoft 365 Compliance center, create an auto-labeling policy.
E. From the Azure Active Directory admin center, set Membership type for Group1 to Assigned.

Discover Answer

Answer: DE
D: How to configure auto-labeling policies for SharePoint, OneDrive, and Exchange
Note: When you create a sensitivity label, you can automatically assign that label to files and emails when it matches conditions that you specify.
There are two different methods for automatically applying a sensitivity label to content in Microsoft 365:
* Client-side labeling when users edit documents or compose (also reply or forward) emails: Use a label that's configured for auto-labeling for files and emails
(includes Word, Excel, PowerPoint, and Outlook).
* Service-side labeling when content is already saved (in SharePoint or OneDrive) or emailed (processed by Exchange Online): Use an auto-labeling policy.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide