00:00

QUESTION 11

- (Exam Topic 4)
You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune.
You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network.
What should you do first?

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/ad-ca-vpn-connectivitywindows10

QUESTION 12

- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains a user named Used.
You need to ensure that User! can use the Microsoft 365 compliance center to search audit logs and identify which users were added to Microsoft 365 role groups. The solution must use the principle of least privilege.
To which role group should you add User1?

Correct Answer: C

QUESTION 13

- (Exam Topic 4)
You have a Microsoft 365 subscription.
You create and run a content search from the Security & Compliance admin center. You need to download the results of the content search.
What should you obtain first?

Correct Answer: A
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results

QUESTION 14

- (Exam Topic 2)
You need to configure threat detection for Active Directory. The solution must meet the security requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
MS-500 dumps exhibit
Solution:
MS-500 dumps exhibit

Does this meet the goal?

Correct Answer: A

QUESTION 15

- (Exam Topic 4)
You have a hybrid Microsoft 365 deployment that contains the Windows 10 devices shown in the following table.
MS-500 dumps exhibit
You assign a Microsoft Endpoint Manager disk encryption policy that automatically and silently enables BitLocker Drive Encryption (BitLocker) on all the devices.
Which devices will have BitLocker enabled?

Correct Answer: B
To silently enable BitLocker, the device must be Azure AD Joined or Hybrid Azure AD Joined and the device must contain TPM (Trusted Platform Module) 2.0.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/encrypt-devices