Languages: English
Audiences: IT Professionals
Technology: Microsoft 365
Skills measured
This exam measures your ability to accomplish the technical tasks listed
below. The percentages indicate the relative weight of each major topic area on
the exam. The higher the percentage, the more questions you are likely to see on
that content area on the exam. View video tutorials about the variety of
question types on Microsoft exams.
Do you have feedback about the relevance of the skills measured on this exam?
Please send Microsoft your comments. All feedback will be reviewed and
incorporated as appropriate while still maintaining the validity and reliability
of the certification process. Note that Microsoft will not respond directly to
your feedback. We appreciate your input in ensuring the quality of the Microsoft
Certification program.
If you have concerns about specific questions on this exam, please submit an
exam challenge.
If you have other questions or feedback about Microsoft Certification exams or
about the certification program, registration, or promotions, please contact
your Regional Service Center.
Implement and manage identity and access (30-25%)
Secure Microsoft 365 hybrid environments
May include but is not limited to: Configure and manage security integration
components in Microsoft 365 hybrid environments, including connectivity,
synchronization services, and authentication, plan Azure AD authentication
options, plan Azure AD synchronization options, monitor and interpret Azure AD
Connect events
Secure user accounts
May include but is not limited to: Implement Azure AD dynamic group membership,
implement Azure AD Self-service password reset, manage Azure AD access reviews
Implement authentication methods
May include but is not limited to: Plan sign-on security, implement multi-factor
authentication (MFA), manage and monitor MFA, implement device sign-on methods,
manage authentication methods, monitor authentication methods
Implement conditional access
May include but is not limited to: Plan for compliance and conditional access
policies, configure and manage device compliance policy, configure and manage
conditional access policy, monitor Conditional Access and Device Compliance
Implement role-based access control (RBAC)
May include but is not limited to: Plan for RBAC, configure RBAC, monitor RBAC
usage
Implement Azure AD Privileged Identity Management (PIM)
May include but is not limited to: Plan for Azure PIM, configure and manage
Azure PIM, monitor Azure PIM
Implement Azure AD Identity Protection
May include but is not limited to: Implement user risk policy, implement sign-in
risk policy, configure Identity Protection alerts, review and respond to risk
events
Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
May include but is not limited to: Plan an Azure Advanced Threat Protection
(ATP) solution, install and configure Azure ATP, manage Azure ATP workspace
health, generate Azure ATP reports, integrate Azure ATP with Windows Defender
ATP, monitor Azure ATP, manage suspicious activities
Implement device threat protection
May include but is not limited to: Plan and implement a Windows Defender ATP
solution, manage Windows Defender ATP, monitor Windows Defender ATP
Implement and manage device and application protection
May include but is not limited to: Plan for device protection, configure and
manage Windows Defender Application Guard, configure and manage Windows Defender
Application Control, configure and manage Windows Defender Exploit Guard,
configure Secure Boot, configure and manage Windows 10 device encryption,
configure and manage non-Windows device encryption, plan for securing
applications data on devices, define managed apps for Mobile Application
Management (MAM), protect your enterprise data using Windows Information
Protection (WIP), configure WIP policies, configure Intune App Protection
policies for non-Windows devices
Implement and manage Office 365 messaging protection
May include but is not limited to: Configure Office 365 ATP anti-phishing
protection, configure Office 365 ATP anti-phishing policies, define users and
domains to protect with Office 365 ATP Anti-phishing, configure Office 365 ATP
anti-spoofing, configure actions against impersonation, configure Office 365 ATP
anti-spam protection, enable Office 365 ATP Safe-Attachments, configure Office
365 ATP Safe Attachments policies, configure Office 365 ATP Safe Attachments
options, configure Office 365 ATP Safe Links options, configure Office 365 ATP
Safe Links blocked URLs, configure Office 365 ATP Safe Links policies
Implement and manage Office 365 threat protection
May include but is not limited to: Configure Office 365 Threat Intelligence,
integrate Office 365 Threat Intelligence with Office 365 services, integrate
Office 365 Threat Intelligence with Windows Defender ATP, review threats and
malware trends on the Office 365 ATP Threat Management dashboard, review threats
and malware trends with Office 365 ATP Threat Explorer and Threat Tracker,
create and review Office 365 ATP incidents, review quarantined items in ATP
including Microsoft SharePoint Online, OneDrive for Business, Exchange Online,
and Microsoft Teams, monitor online anti-malware solutions using Office 365 ATP
reports, perform tests using Attack Simulator
Implement and manage information protection (15-20%)
Secure data access within Office 365
May include but is not limited to: Plan secure data access within Office 365,
implement and manage Customer Lockbox, configure data access in Office 365
collaboration workloads, configure B2B sharing for external users
Manage Azure information Protection (AIP)
May include but is not limited to: Plan an AIP solution, activate Azure Rights
Management, configure usage rights, configure and manage super users, customize
policy settings, create and configure labels and conditions, create and
configure templates, configure languages, configure and use the AIP scanner,
deploy the RMS connector, manage tenant keys, deploy the AIP client, track and
revoke protected documents, integrate AIP with Microsoft Online Services
Manage Data Loss Prevention (DLP)
May include but is not limited to: Plan a DLP solution, create and manage DLP
policies, create and manage sensitive information types, monitor DLP reports,
manage DLP notifications, create queries to locate sensitive data
Implement and manage Microsoft Cloud App Security
May include but is not limited to: Plan Cloud App Security implementation,
configure Office 365 Cloud App Security, perform productivity app discovery
using Cloud App Security, manage entries in the Cloud app catalog, manage
third-party apps in Office 365 Cloud App Security, manage Microsoft Cloud App
Security, configure Cloud App Security connectors, configure Cloud App Security
policies, configure and manage Cloud App Security templates, configure Cloud App
Security users and permissions, review and respond to Cloud App Security alerts,
review and interpret Cloud App Security dashboards and reports, review and
interpret Cloud App Security activity log and governance log
Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
May include but is not limited to: Interpret Windows Analytics, configure
Windows Telemetry options, configure Office Telemetry options, review and
interpret security reports and dashboards, plan for custom security reporting
with Intelligent Security Graph, review Office 365 secure score action and
recommendations, configure reports and dashboards in Azure Log Analytics, review
and interpret reports and dashboards in Azure Log Analytics, configure alert
policies in the Office 365 Security and Compliance Center
Manage and analyze audit logs and reports
May include but is not limited to: Plan for auditing and reporting, configure
Office 365 auditing and reporting, perform audit log search, review and
interpret compliance reports and dashboards, configure audit alert policy
Configure Office 365 classification and labeling
May include but is not limited to: Plan for data governance classification and
labels, search for personal data, apply labels to personal data, monitor for
leaks of personal data, create and publish Office 365 labels, configure label
policies
Manage data governance and retention
May include but is not limited to: Plan for data governance and retention,
review and interpret data governance reports and dashboards, configure retention
policies, define data governance event types, define data governance supervision
policies, configure Information holds, find and recover deleted Office 365 data,
import data in the Security and Compliance Center, configure data archiving,
manage inactive mailboxes
Manage search and investigation
May include but is not limited to: Plan for content search and eDiscovery,
delegate permissions to use search and discovery tools, use search and
investigation tools to perform content searches, export content search results,
manage eDiscovery cases
Manage data privacy regulation compliance
May include but is not limited to: Plan for regulatory compliance in Microsoft
365, review and interpret GDPR dashboards and reports, manage Data Subject
Requests (DSRs), review Compliance Manager reports, create and perform
Compliance Manager assessments and action items
Preparation options
Find classroom and online training
Explore more training on Microsoft Learn
Who should take this exam?
Candidates for this exam implement, manage, and monitor security and
compliance solutions for Microsoft 365 and hybrid environments. The Microsoft
365 Security Administrator proactively secures M365 enterprise environments,
responds to threats, performs investigations, and enforces data governance. The
Microsoft 365 Security Administrator collaborates with the Microsoft 365
Enterprise Administrator, business stakeholders, and other workload
administrators to plan and implement security strategies and ensures that the
solutions comply with the policies and regulations of the organization.
Candidates for this exam are familiar with M365 workloads and have strong skills
and experience with identity protection, information protection, threat
protection, security management, and data governance. This role focuses on the
M365 environment and includes hybrid environments.
Question: 1
Note: This question is part of series of questions that present the same
scenario. Each question in the series contains a unique solution that might meet
the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to
it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure
Active Directory
(Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises
Active Directory and the tenant. Azure AD Connect has the following settings:
Source Anchor: objectGUID
Password Hash Synchronization: Disabled
Password writeback: Disabled
Directory extension attribute sync: Disabled
Azure AD app and attribute filtering: Disabled
Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD
Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?
A. Yes
B. No
Answer: B
Question: 2
Note: This question is part of series of questions that present the same
scenario. Each question in the series contains a unique solution that might meet
the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to
it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure
Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises
Active Directory and the tenant. Azure AD Connect has the following settings:
Source Anchor: objectGUID
Password Hash Synchronization: Disabled
Password writeback: Disabled
Directory extension attribute sync: Disabled
Azure AD app and attribute filtering: Disabled
Exchange hybrid deployment: Disabled
User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD
Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?
A. Yes
B. No
Answer: A
Click here to
view complete Q&A of MS-500 exam
Certkingdom Review,
Certkingdom PDF Torrents
Best Microsoft MS-500 Certification, Microsoft MS-500 Training at certkingdom.com