MS-500 | ExamData

Question#141

You have a Microsoft 365 subscription.
You need to be notified by email whenever an administrator starts an eDiscovery search.
What should you do from the Microsoft 365 Compliance center?

A. From Search & investigation, create a guided search.
B. From Reports, create a managed schedule.
C. From Alerts, create an alert policy.
D. From eDiscovery, create an eDiscovery case.

Discover Answer

Answer: C
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

Question#142

You have a Microsoft 365 subscription.
You have a Data Subject Request (DSR) case named Case1.
You need to ensure that Case1 includes all the email posted by the data subject to the Microsoft Exchange Online public folders.
Which additional property should you include in the Content Search query?

A. kind:externaldata
B. itemclass:ipm.externaldata
C. itemclass:ipm.post
D. kind:email

Discover Answer

Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-gdpr-data-subject-requests-with-the-dsr-case-tool?view=o365-worldwide

Question#143

You have a Microsoft 365 E5 subscription.
A security manager receives an email message every time a data loss prevention (DLP) policy match occurs.
You need to limit alert notifications to actionable DLP events.
What should you do?

A. From the Microsoft 365 Compliance center, modify the Policy Tips settings of a DLP policy.
B. From the Cloud App Security portal, apply a filter to the alerts.
C. From the Microsoft 365 Compliance center, modify the User overrides settings of a DLP policy.
D. From the Microsoft 365 Compliance center, modify the matched activities threshold of an alert policy.

Discover Answer

Answer: D
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

Question#144

HOTSPOT -
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1.
You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two activities should you use in the search? To answer, select the appropriate activities in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

Question#145

You have a Microsoft 365 subscription.
You create and run a content search from the Microsoft 365 Compliance center.
You need to download the results of the content search.
What should you obtain first?

A. an export key
B. a password
C. a certificate
D. a pin

Discover Answer

Answer: A
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results

Question#146

You have an Azure Active Directory (Azure AD) tenant that has a Microsoft 365 subscription.
You recently configured the tenant to require multi-factor authentication (MFA) for risky sign-ins.
You need to review the users who required MFA.
What should you do?

A. From the Microsoft 365 admin center, review a Security & Compliance report
B. From the Microsoft 365 Compliance center, run an audit log search and download the results to a CSV file
C. From the Azure Active Directory admin center, review the Authentication methods activities
D. From the Azure Active Directory admin center, download the sign-ins to a CSV file

Discover Answer

Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

Question#147

HOTSPOT -
You have a Microsoft 365 sensitivity label that is published to all the users in your Azure Active Directory (Azure AD) tenant as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#when-office-apps-apply-content-marking-and- encryption

Question#148

HOTSPOT -
You have a Microsoft 365 subscription that includes three users named User1, User2, and User3.
A file named File1.docx is stored in Microsoft OneDrive. An automated process updates File1.docx every minute.
You create an alert policy named Policy1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

Question#149

You have a Microsoft 365 subscription.
All users are assigned a Microsoft 365 E5 license.
How long will auditing data be retained?

A. 30 days
B. 90 days
C. 365 days
D. 5 years

Discover Answer

Answer: C
For users assigned an Office 365 E5 or Microsoft 365 E5 license, audit records are retained for one year (365 days) by default.
Incorrect Answers:
B: For users assigned any non-E5 Office 365 or Microsoft 365 license, audit records are retained for 90 days.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

Question#150

HOTSPOT -
You have a Microsoft 365 subscription.
You create a retention label named Label1 as shown in the following exhibit.

You publish Label1 to SharePoint sites.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels