MS-500 Mock Test Free – 50 Realistic Questions to Prepare with Confidence.
Getting ready for your MS-500 certification exam? Start your preparation the smart way with our MS-500 Mock Test Free – a carefully crafted set of 50 realistic, exam-style questions to help you practice effectively and boost your confidence.
Using a mock test free for MS-500 exam is one of the best ways to:
- Familiarize yourself with the actual exam format and question style
- Identify areas where you need more review
- Strengthen your time management and test-taking strategy
Below, you will find 50 free questions from our MS-500 Mock Test Free resource. These questions are structured to reflect the real exam’s difficulty and content areas, helping you assess your readiness accurately.
HOTSPOT - You have a Microsoft 365 tenant. You need to retain Azure Active Directory (Azure AD) audit logs for two years. Administrators must be able to query the audit log information by using the Azure Active Directory admin center. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
SIMULATION - You need to prevent any email messages that contain data covered by the U.K. Data Protection Act from being sent to recipients outside of your organization, unless the messages are sent to an external domain named adatum.com. To complete this task, sign in to the Microsoft 365 admin center.
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.You add internal as a blocked word in the group naming policy for contoso.com. You add Contoso- as prefix in the group naming policy for contoso.com. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription that contains the users shown in the following table.You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4. Solution: You create a conditional access policy for User1, User2, and User3. Does that meet the goal?
A. Yes
B. No
HOTSPOT - You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and a sensitivity label named Label1. The external sharing settings for Site1 are configured as shown in the Site1 exhibit. (Click the Site1 tab.)The external sharing settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)
Label 1 is applied to Site1. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have a Microsoft 365 subscription. You enable auditing for the subscription. You plan to provide a user named Auditor with the ability to review audit logs. You add Auditor to the Global administrator role group. Several days later, you discover that Auditor disabled auditing. You remove Auditor from the Global administrator role group and enable auditing. You need to modify Auditor to meet the following requirements: ✑ Be prevented from disabling auditing ✑ Use the principle of least privilege ✑ Be able to review the audit log To which role group should you add Auditor?
A. Security reader
B. Compliance administrator
C. Security operator
D. Security administrator
DRAG DROP - You have an Azure Sentinel workspace that has an Office 365 connector. You are threat hunting events that have suspicious traffic from specific IP addresses. You need to save the events and the relevant query results for future reference. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You need to recommend a solution that meets the technical and security requirements for sharing data with the partners. What should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Create an access review
B. Assign the Global administrator role to User1
C. Assign the Guest inviter role to User1
D. Modify the External collaboration settings in the Azure Active Directory admin center
Your company has a Microsoft 365 E5 subscription that uses Microsoft Defender for identity. You plan to create a detection exclusion in Microsoft Defender for Identity. What should you use to create the detection exclusion?
A. Microsoft Defender for Identity portal
B. Microsoft 365 Compliance center
C. Microsoft Defender for Cloud Apps portal
D. Microsoft 365 Defender portal
DRAG DROP - You have a Microsoft 365 E5 subscription. You need to meet the following requirements: • Prevent the sharing of files between the users in a department named department1 and the users in a department named department2. • Generate an alert if a user downloads large quantities of sensitive customer data. Which type of policy should you use for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
A company named Contoso, Ltd. acquires a company named Fabrikam, Inc. Users at each company continue to use their company’s Microsoft 365 tenant. Both companies have hybrid Azure Active Directory (Azure AD) tenants configured as shown in the following table.In the Contoso tenant, you create a new Microsoft 365 group named FabrikamUsers, and you add FabrikamUsers as a member of a Microsoft Teams team named Corporate. You need to add Fabrikam users to the FabrikamUsers group. What should you do first?
A. Configure the Contoso tenant to use pass-through authentication as the authentication method.
B. In the Contoso tenant, create a new conditional access policy.
C. In the Contoso tenant, create guest accounts for all the Fabrikam users.
D. Configure the Fabrikam tenant to use federation as the authentication method.
HOTSPOT - You have a Microsoft 365 E5 subscription. Users and device objects are added and removed daily. Users in the sales department frequently change their device. You need to create three following groups:The solution must minimize administrative effort. What is the minimum number of groups you should create for each type of membership? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports in the Threat management dashboard. Which role provides User1 with the required role permissions?
A. Security administrators
B. Exchange administrator
C. Compliance administrator
D. Message center reader
HOTSPOT - You have a Microsoft 365 tenant. A conditional access policy is configured for the tenant as shown in the Policy exhibit. (Click the Policy tab.)The User Administrator role is configured as shown in the Role setting exhibit. (Click the Role setting tab.)
The User Administrator role has the assignments shown in the Assignments exhibit. (Click the Assignments tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.You have a retention label configured as shown in the following exhibit.
You apply the label to the resources. Which items can you delete?
A. Mail1 only
B. File1.docx and File2.xlsx only
C. Mail1 and File1.docx only
D. Mail1 and File2.xlsx only
E. Mail1, File1.docx, and File2.xlsx
You have a Microsoft 365 subscription. Your company uses Jamf Pro to manage macOS devices. You plan to create device compliance policies for the macOS devices based on the Jamf Pro data. You need to connect Microsoft Endpoint Manager to Jamf Pro. What should you do first?
A. From the Azure Active Directory admin center, add a Mobility (MDM and MAM) application.
B. From the Endpoint Management admin center, add the Mobile Threat Defense connector.
C. From the Endpoint Management admin center, configure Partner device management.
D. From the Azure Active Directory admin center, register an application.
SIMULATION - You plan to create a script to automate user mailbox searches. The script will search the mailbox of a user named Allan Deyoung for messages that contain the word injunction. You need to create the search that will be included in the script. To complete this task, sign in to the Microsoft 365 admin center.
HOTSPOT - You have a Microsoft 365 subscription that contains a user named User1. You enroll devices in Microsoft Intune as shown in the following table.Each device has two line-of-business apps named App1 and App2 installed. You create application control policies targeted to all the app types in Microsoft Endpoint Manager as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
SIMULATION - You need to ensure that all the email messages in the mailbox of a user named Allan Deyoung are retained for a period of 90 days, even if the messages are deleted. To complete this task, sign in to the Microsoft 365 admin center.
HOTSPOT - You have a Microsoft 365 subscription that contains the users shown in the following table.Group1 is a member of a group named Group3. The Azure Active Directory (Azure AD) tenant contains the Windows 10 devices shown in the following table.
Microsoft Endpoint Manager has the devices shown in the following table.
Microsoft Endpoint Manager contains the compliance policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have a Microsoft 365 E5 subscription that contains the users shown in the following table.You plan to implement Azure Active Directory (Azure AD) Identity Protection. You need to identify which users can perform the following actions: ✑ Configure a user risk policy. ✑ View the risky users report. Which users should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription that contains the users shown in the following table.You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4. Solution: You enable SSPR for Group2. Does that meet the goal?
A. Yes
B. No
You have a Microsoft 365 subscription that contains a user named User1. You need to assign User1 permissions to search Microsoft Office 365 audit logs. What should you use?
A. the Azure Active Directory admin center
B. the Exchange admin center
C. the Microsoft 365 Defender portal
D. the Microsoft 365 Compliance center
You have a Microsoft 365 E3 subscription. You plan to audit all Microsoft Exchange Online user and admin activities. You need to ensure that all the Exchange audit log records are retained for one year. What should you do?
A. Modify the retention period of the default audit retention policy.
B. Create a custom audit retention policy.
C. Assign Microsoft 365 Enterprise E5 licenses to all users.
D. Modify the record type of the default audit retention policy.
DRAG DROP - You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity. You receive the following alerts: ✑ Suspected Netlogon privilege elevation attempt ✑ Suspected Kerberos SPN exposure ✑ Suspected DCSync attack To which stage of the cyber-attack kill chain does each alert map? To answer, drag the appropriate alerts to the correct stages. Each alert may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
HOTSPOT - You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: ✑ Assignments: Include Group1, Exclude Group2 ✑ Conditions: User risk of Low and above ✑ Access: Allow access, Require password change You need to identify how the policy affects User1 and User2. What occurs when User1 and User2 sign in from an unfamiliar location? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - Which users are members of ADGroup1 and ADGroup2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
SIMULATION - Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time. When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided. Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab. Username and password -Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Microsoft 365 Username: admin@LODSe244001.onmicrosoft.com Microsoft 365 Password: &=Q8v@2qGzYz If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab instance: 11032396 - You need to create a case that prevents the members of a group named Operations from deleting email messages that contain the word IPO. To complete this task, sign in to the Microsoft Office 365 admin center.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy. A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. You modify the content expiration settings of the label. Does that meet the goal?
A. Yes
B. No
You have a Microsoft 365 alert named Alert2 as shown in the following exhibit.You need to manage the status of Alert2. To which status can you change Alert2?
A. Active or Investigating only
B. Dismissed only
C. The status cannot be changed.
D. Investigating only
E. Investigating, Active, or Dismissed
Your company has 500 computers. You plan to protect the computers by using Microsoft Defender for Endpoint. Twenty of the computers belong to company executives. You need to recommend a remediation solution that meets the following requirements: ✑ Microsoft Defender for Endpoint administrators must manually approve all remediation for the executives ✑ Remediation must occur automatically for all other users What should you recommend doing from Microsoft 365 Defender portal?
A. Configure 20 system exclusions on automation allowed/block lists
B. Configure two alert notification rules
C. Download an offboarding package for the computers of the 20 executives
D. Create two device groups
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level. Solution: You configure the user risk policy to block access when the user risk level is high. Does this meet the goal?
A. Yes
B. No
You have a Microsoft 365 tenant. You have a database that stores customer details. Each customer has a unique 13-digit identifier that consists of a fixed pattern of numbers and letters. You need to implement a data loss prevention (DLP) solution that meets the following requirements: ✑ Email messages that contain a single customer identifier can be sent outside your company. ✑ Email messages that contain two or more customer identifiers must be approved by the company's data privacy team. Which two components should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. a sensitive information type
B. a sensitivity label
C. a retention label
D. a DLP policy
E. a mail flow rule
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription that contains the users shown in the following table.You discover that all the users in the subscription can access Compliance Manager reports. The Compliance Manager Reader role is not assigned to any users. You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports. Solution: You recommend modifying the licenses assigned to User5. Does this meet the goal?
A. Yes
B. No
HOTSPOT - You have a Microsoft 365 subscription that uses a default domain name of contoso.com. The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. (Click the Exhibit tab.)In contoso.com, you create the users shown in the following table.
What is the effect of the configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.You need to identify which user can enable Microsoft Defender for Endpoint roles. Which user should you identify?
A. User1
B. User4
C. User3
D. User2
Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled. The security logs of the servers are collected by using a third-party SIEM solution. You purchase a Microsoft 365 subscription and plan to deploy Microsoft Defender for Identity by using standalone sensors. You need to ensure that you can detect when sensitive groups are modified and when malicious services are created. What should you do?
A. Configure Event Forwarding on the domain controllers.
B. Configure auditing in the Office 365 Security & Compliance center.
C. Turn on Delayed updates for the Microsoft Defender for Identity sensors.
D. Enable the Audit account management Group Policy setting for the servers.
HOTSPOT - Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table.The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.
You create a sensitivity label named Label1. You need to publish Label1. To which groups can you publish Label1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
SIMULATION - You need to ensure that all users must change their password every 100 days. To complete this task, sign in to the Microsoft 365 portal.
You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Endpoint Manager. You need to enable Microsoft Defender Exploit Guard (Microsoft Defender EG) on the devices. Which type of device configuration profile should you use?
A. Endpoint protection
B. Device restrictions
C. Identity protection
D. Microsoft Defender for Endpoint
You plan to deploy a new Microsoft 365 subscription that will contain 500 users. You need to ensure that the following actions are performed when the users sign in to the subscription: • Evaluate the users’ risk level based on their location and travel. • Require high-risk users to sign in by using Azure Multi-Factor Authentication (Azure MFA). The solution must minimize cost. Which license should you assign to each user?
A. Enterprise Mobility + Security E3
B. Microsoft 365 Business Premium
C. Microsoft 365 E3
D. Microsoft 365 E5
HOTSPOT - You have a Microsoft SharePoint Online site named Site1 that has the users shown in the following table.You create the retention labels shown in the following table.
You publish the retention labels to Site1. On March 1, 2021, you assign the retention labels to the files shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed. You have a Microsoft Azure subscription. You are deploying Microsoft Defender for Identity. You install a Microsoft Defender for Identity standalone sensor on a server named Server1 that runs Windows Server 2016. You need to integrate the VPN and Microsoft Defender for Identity. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have a Microsoft 365 subscription and a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) subscription. You have devices enrolled in Microsoft Endpoint Manager as shown in the following table:You integrate Microsoft Defender ATP and Endpoint Manager. You plan to evaluate the Microsoft Defender ATP risk level for the devices. You need to identify which devices can be evaluated. Which devices should you identify?
A. Device1 and Device2 only
B. Device1 only
C. Device1 and Device3 only
D. Device1, Device2 and Device3
You need to recommend a solution for the user administrators that meets the security requirements for auditing. Which blade should you recommend using from the Azure Active Directory admin center?
A. Sign-ins
B. Azure AD Identity Protection
C. Authentication methods
D. Access review
HOTSPOT - You have a Microsoft 365 E5 subscription that contains the users shown in the following table.For contoso.com, you create a group naming policy that has the following configuration. - You plan to create the groups shown in the following table.
Which users can be used to create each group? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You need to resolve the issue that generates the automated email messages to the IT team. Which tool should you run first?
A. Synchronization Service Manager
B. Azure AD Connect wizard
C. Synchronization Rules Editor
D. IdFix
HOTSPOT - You have a Microsoft Defender for Endpoint deployment that has the custom network indicators turned on. Microsoft Defender for Endpoint protects two computers that run Windows 10 as shown in the following table.Microsoft Defender for Endpoint has the device groups shown in the following table.
From Microsoft Defender Security Center, you turn on custom network indicators and create the URLs/Domain indicators shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.You plan to implement privileged access in Microsoft 365. Which groups can you specify as the default approval group?
A. Group1, Group2, or Group3 only
B. Group4 only
C. Group1, Group2, Group3, or Group4
D. Group1, Group3, or Group4 only
E. Group3 or Group4 only
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy. A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. You modify the encryption settings of the label. Does that meet the goal?
A. Yes
B. No
Access Full MS-500 Mock Test Free
Want a full-length mock test experience? Click here to unlock the complete MS-500 Mock Test Free set and get access to hundreds of additional practice questions covering all key topics.
We regularly update our question sets to stay aligned with the latest exam objectives—so check back often for fresh content!
Start practicing with our MS-500 mock test free today—and take a major step toward exam success!