microsoft ms-500 practice test

Microsoft 365 Security Administration

Note: Test Case questions are at the end of the exam
Last exam update: Nov 12 ,2025
Page 1 out of 25. Viewing questions 1-15 out of 370

Question 1 Topic 1, Case Study 1Case Study Question View Case

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit.

What should you do to meet the security requirements?

  • A. Change the Assignment Type for Admin2 to Permanent
  • B. From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2
  • C. From the Azure Active Directory admin center, remove the Exchange administrator role to Admin1
  • D. Change the Assignment Type for Admin1 to Eligible
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2 Topic 1, Case Study 1Case Study Question View Case

You need to recommend a solution for the user administrators that meets the security requirements for auditing.
Which blade should you recommend using from the Azure Active Directory admin center?

  • A. Sign-ins
  • B. Azure AD Identity Protection
  • C. Authentication methods
  • D. Access review
Mark Question:
Answer:

A


Explanation:
References: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3 Topic 1, Case Study 1Case Study Question View Case

HOTSPOT
You plan to configure an access review to meet the security requirements for the workload administrators. You create an
access review policy and specify the scope and a group.
Which other settings should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Discussions
0 / 1000

Question 4 Topic 1, Case Study 1Case Study Question View Case

You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.
What should you include in the recommendation?

  • A. a device compliance policy
  • B. an access review
  • C. a user risk policy
  • D. a sign-in risk policy
Mark Question:
Answer:

D


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 1, Case Study 1Case Study Question View Case

You need to resolve the issue that generates the automated email messages to the IT team.
Which tool should you run first?

  • A. Synchronization Service Manager
  • B. Azure AD Connect wizard
  • C. Synchronization Rules Editor
  • D. IdFix
Mark Question:
Answer:

B


Explanation:
References:
https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6 Topic 2, Case Study 2Case Study Question View Case

Which IP address space should you include in the Trusted IP MFA configuration?

  • A. 131.107.83.0/28
  • B. 192.168.16.0/20
  • C. 172.16.0.0/24
  • D. 192.168.0.0/20
Mark Question:
Answer:

A


Explanation:
Pilot users must use MFA unless they are signing in from the internal network of the Chicago office. MFA must NOT be used
on the Chicago office internal network. We must therefore use the IP range of the external network.

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 2, Case Study 2Case Study Question View Case

HOTSPOT
How should you configure Group3? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/information-protection/prepare

Discussions
0 / 1000

Question 8 Topic 2, Case Study 2Case Study Question View Case

HOTSPOT
How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Discussions
0 / 1000

Question 9 Topic 2, Case Study 2Case Study Question View Case

You need to create Group3.
What are two possible ways to create the group?

  • A. a Microsoft 365 group in the Microsoft 365 admin center
  • B. a mail-enabled security group in the Microsoft 365 admin center
  • C. a security group in the Microsoft 365 admin center
  • D. a distribution list in the Microsoft 365 admin center
  • E. a security group in the Azure AD admin center
Mark Question:
Answer:

A D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 10 Topic 3, Case Study 3Case Study Question View Case

HOTSPOT
Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-
membership#supported-values

Discussions
0 / 1000

Question 11 Topic 3, Case Study 3Case Study Question View Case

HOTSPOT
You are evaluating which finance department users will be prompted for Azure MFA credentials.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Discussions
0 / 1000

Question 12 Topic 3, Case Study 3Case Study Question View Case

Which user passwords will User2 be prevented from resetting?

  • A. User6 and User7
  • B. User4 and User6
  • C. User4 only
  • D. User7 and User8
  • E. User8 only
Mark Question:
Answer:

E


Explanation:
Assign the Password admin role to a user who needs to reset passwords for non-administrators and Password
Administrators.
Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 13 Topic 3, Case Study 3Case Study Question View Case

You need to meet the technical requirements for User9. What should you do?

  • A. Assign the Privileged administrator role to User9 and configure a mobile phone number for User9
  • B. Assign the Compliance administrator role to User9 and configure a mobile phone number for User9
  • C. Assign the Security administrator role to User9
  • D. Assign the Global administrator role to User9
Mark Question:
Answer:

D


Explanation:
To implement PIM, you must be a global admin.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-
started#enable-pim

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14 Topic 3, Case Study 3Case Study Question View Case

Which role should you assign to User1?

  • A. Global administrator
  • B. User administrator
  • C. Privileged role administrator
  • D. Security administrator
Mark Question:
Answer:

C


Explanation:
Privileged Role Administrator can manage role assignments in Azure Active Directory, as well as within Azure AD Privileged
Identity Management.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#privileged-role-administrator

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 4, Case Study 4Case Study Question View Case

HOTSPOT
You need to recommend an email malware solution that meets the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Discussions
0 / 1000
To page 2