exam questions Flashcards by Joe L

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?

A. conditional access policies
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. authentication method policies

C. Azure AD Privileged Identity Management (PIM)

How well did you know this?

Not at all

Perfectly

Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?

A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
C. Conditional access policies
D. resource locks

C. Conditional access policies

How well did you know this?

Not at all

Perfectly

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. Azure Multi-Factor Authentication (MFA)
C. Azure Active Directory (Azure AD) Identity Protection
D. conditional access policies

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

How well did you know this?

Not at all

Perfectly

In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active directory (Azure AD)?

A. Active Directory Federation Services (AD FS)
B. Azure Sentinel
C. Azure AD Connect
D. Azure AD Privileged Identity Management (PIM)

C. Azure AD Connect

How well did you know this?

Not at all

Perfectly

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

A. to control how often users must change their passwords
B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
C. to encrypt a password by using globally recognized encryption standards
D. to prevent users from using specific words in their passwords

D. to prevent users from using specific words in their passwords

How well did you know this?

Not at all

Perfectly

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

A. access reviews
B. managed identities
C. conditional access policies
D. Azure AD Identity Protection

A. access reviews

How well did you know this?

Not at all

Perfectly

HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:

Answer Area
Azure Active Directory (Azuer AD) is ?????????? used for authentication and authorization.

an extended detection and response (XDR) system
an identity provider
a managed resource group
a security information and event management (SIEM) system

an identity provider

How well did you know this?

Not at all

Perfectly

HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:

Answer Area
?????????? enables collaboration with business partners from external organizations such as suppliers, partners, and vendors. External users appear as guest users in the directory.

Active Directory Domain Services (AD DS)
Active Directory forest trusts
Azure Active Directory (Azure AD) business-to business (B2B)
Azure Active Directory business-to consumer B2C (Azure AD B2C)

Azure Active Directory (Azure AD) business-to business (B2B)

How well did you know this?

Not at all

Perfectly

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area

Statements:
* All Azure Active Directory (Azure AD) license editions include the same features. - Yes/No
* You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal. - Yes/No
* You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant. - Yes/No

All Azure Active Directory (Azure AD) license editions include the same features. - No
You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal. - Yes
You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant. - No

How well did you know this?

Not at all

Perfectly

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area

Statements:
* Azure AD Connect can be used to implement hybrid identity. - Yes/No
* Hybrid identity requires the implementation of two Microsoft 365 tenants. - Yes/No
* Hybrid identity refers to the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD). - Yes/No

Azure AD Connect can be used to implement hybrid identity. - Yes
Hybrid identity requires the implementation of two Microsoft 365 tenants. - No
Hybrid identity refers to the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD). - Yes

How well did you know this?

Not at all

Perfectly

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area

Statements:
* You can create custom roles in Azure Active Directory (Azure AD). - Yes/No
* Global administrator is a role in Azure Active Directory (Azure AD). - Yes/No
* An Azure Active Directory (Azure AD) user can be assigned only one role. - Yes/No

You can create custom roles in Azure Active Directory (Azure AD). - Yes
Global administrator is a role in Azure Active Directory (Azure AD). - Yes
An Azure Active Directory (Azure AD) user can be assigned only one role. - No

How well did you know this?

Not at all

Perfectly

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area

Statements:
* Azure Active Directory (Azure AD) is deployed to an on-premise environment. - Yes/No
* Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription. - Yes/No
* Azure Active Directory (Azure AD) is an identity and access management service. - Yes/No

Azure Active Directory (Azure AD) is deployed to an on-premise environment. - No
Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription. - Yes
Azure Active Directory (Azure AD) is an identity and access management service. - Yes

How well did you know this?

Not at all

Perfectly

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area

Statements:
* Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users’ risk level. - Yes/No
* Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public. - Yes/No
* Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level. - Yes/No

Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users’ risk level. - No
Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public. - Yes
Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level. - Yes

How well did you know this?

Not at all

Perfectly

HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:

Answer Area
?????????? requires additional verification, such as a verification code sent to a mobile phone.

Multi-factor authentication (MFA)
Pass-through authentication
Password writeback
Single sign-on (SSO)

Multi-factor authentication (MFA)

How well did you know this?

Not at all

Perfectly

Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. text message (SMS)
B. Microsoft authenticator app
C. email verification
D. phone call
E. security question

A. text message (SMS)
B. Microsoft authenticator app
D. phone call

How well did you know this?

Not at all

Perfectly

Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments of your organization?

A. sensitivity label policies
B. Customer Lockbox
C. information barriers
D. Privileged Access Management (PAM)

C. information barriers

How well did you know this?

Not at all

Perfectly

What should you use in Microsoft 365 security center to view security trends and track the protection status of identities?

A. Attack simulator
B. Reports
C. Hunting
D. incidents

B. Reports

How well did you know this?

Not at all

Perfectly

What can you specify in Microsoft 365 sensitivity labels?

A. how long files must be preserved
B. when to archive an email message
C. which watermark to add to files
D. where to store files

C. which watermark to add to files

How well did you know this?

Not at all

Perfectly

What two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Display policy tips to users who are about to violate your organization policies.
B. Enable disk encryption on endpoints.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
D. Apply security baselines to devices.

A. Display policy tips to users who are about to violate your organization policies.
C. Protect documents in Microsoft OneDrive that contain sensitive information.

How well did you know this?

Not at all

Perfectly

Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?

A. Content Search
B. sensitivity labels
C. retention policies
D. eDiscovery

B. sensitivity labels

How well did you know this?

Not at all

Perfectly

What is a use case for implementing information barrier policies in Microsoft 365?

A. to restrict unauthorized access to Microsoft 365
B. to restrict Microsoft Teams chatt between certain groups within an organization
C. to restrict Microsoft Exchange Online email between certain groups within an organization
D. to restrict data sharing to external email recipients

B. to restrict Microsoft Teams chatt between certain groups within an organization

How well did you know this?

Not at all

Perfectly

Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?

A. Audit
B. Compliance Manager
C. Content Search
D. Alerts

C. Content Search

How well did you know this?

Not at all

Perfectly

Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?

A. retention policies
B. data loss prevention (DLP) policies
C. conditional access policies
D. information barriers

B. data loss prevention (DLP) policies

How well did you know this?

Not at all

Perfectly

Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?

A. Microsoft Service Trust Portal
B. Compliance Manager
C. Microsoft 365 compliance center
D. Microsoft Support

A. Microsoft Service Trust Portal

How well did you know this?

Not at all

Perfectly

What can you protect by using the information protection solution in the Microsoft 365 compliance center? A. computers from zero-day exploits B. users from phishing attempts C. files from malware and viruses D. sensitive data from being exposed to unauthorized users

D. sensitive data from being exposed to unauthorized users

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? provides a central location for managing information protection, information governance, and data loss prevention (DLP) policies. * Azure Defender * the Microsoft 365 compliance center * the Microsoft 365 security center * Microsoft Endpoint Manager

* the Microsoft 365 compliance center

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area You can use ?????????? in the Microsoft 365 security center to identify devices that are affected by an alert. * classifications * incidents * policies * Secure score

* incidents

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area You can use ?????????? in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack. * Reports * Hunting * Attack simulator * Incidents

* Incidents

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * With Advanced Audit in Microsoft 365, you can identify when email items were accessed. - Yes/No * Advanced Audit in Microsoft 365 supports the same retention period of audit logs as core auditing. - Yes/No * Advanced Audit in Microsoft 365 allocates customer-dedicated bandwidth for accessing audit data. - Yes/No

* With Advanced Audit in Microsoft 365, you can identify when email items were accessed. - Yes * Advanced Audit in Microsoft 365 supports the same retention period of audit logs as core auditing. - No * Advanced Audit in Microsoft 365 allocates customer-dedicated bandwidth for accessing audit data. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * You can use advanced audit in Microsoft 365 to view billing details. - Yes/No * You can use Advanced Audit in Microsoft 365 to view the contents of an email message. - Yes/No * You can use Advanced Audit in Microsoft 365 to identify when a user uses the search bar in Outlook on the web to search for items in mailbox. - Yes/No

* You can use advanced audit in Microsoft 365 to view billing details. - No * You can use Advanced Audit in Microsoft 365 to view the contents of an email message. - No * You can use Advanced Audit in Microsoft 365 to identify when a user uses the search bar in Outlook on the web to search for items in mailbox. - Yes

What are the two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution. NOTE: Each correct selection is worth one point. A. automated investigation and remediation B. transport encryption C. shadow IT detection D. attack surface reduction

A. automated investigation and remediation D. attack surface reduction

What feature in Microsoft Defender for Endpoint provides the first line of defense against cyber threats by reducing the attack surface? A. automated remediation B. automated investigation C. advanced hunting D. network protection

D. network protection

Which feature provides the extended detection and response (XDR) capability of Azure Sentinel? A. integration with Microsoft 365 compliance center B. support for threat hunting C. integration with Microsoft 365 Defender D. support for Azure Monitor Workbooks

C. integration with Microsoft 365 Defender

What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware? A. Microsoft Defender for Office 365 B. Microsoft Defender Antivirus C. Microsoft Defender for Identity D. Microsoft Defender for Endpoint

A. Microsoft Defender for Office 365

What can you use to provide threat detection for Azure SQL Managed Instance? A. Microsoft Secure Score B. application security groups C. Azure Defender D. Azure Bastion

C. Azure Defender

What do you use to provide real-time integration between Azure Sentinel and another security source? A. Azure AD Connect B. a Log Analytics workspace C. Azure Information Protection D. a connector

D. a connector

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate threats. * Microsoft Cloud App Security * Microsoft Defender for Endpoint * Microsoft Defender for Identity * Microsoft Defender for Office 365

* Microsoft Defender for Identity

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area Microsoft Defender for Identity can identify advanced threats from ?????????? signals. * Azure Active Directory (Azure AD) * Azure AD Connect * on-premise Active Directory Domain Services (AD DS)

* on-premise Active Directory Domain Services (AD DS)

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? can use conditional access policies to control sessions in real time. * Azure Active Directory (Azure AD) Privileged Identity Management (PIM) * Azure Defender * Azure Sentinel * Microsoft Cloud App Security

* Microsoft Cloud App Security

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Azure Defender can detect vulnerabilities and threats for Azure Storage. - Yes/No * Cloud Security Posture Management (CSPM) is available for all Azure subscriptions. - Yes/No * Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises. - Yes/No

* Azure Defender can detect vulnerabilities and threats for Azure Storage. - Yes * Cloud Security Posture Management (CSPM) is available for all Azure subscriptions. - Yes * Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Microsoft defender for Endpoint can protect Android devices. - Yes/No * Microsoft Defender for Endpoint can protect Azure virtual machines that run Windows 10. - Yes/No * Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses. - Yes/No

* Microsoft defender for Endpoint can protect Android devices. - Yes * Microsoft Defender for Endpoint can protect Azure virtual machines that run Windows 10. - Yes * Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses. - No

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Microsoft Secure Score in the Microsoft 365 security center can provide recommendations for Microsoft Cloud App Security. - Yes/No * From the Microsoft 365 security center, you can view how your Microsoft Secure Score compares to the score of organizations like yours. - Yes/No * Microsoft Secure Score in the Microsoft 365 security center gives you points if you address the improvement action by using a third-party application or software. - Yes/No

* Microsoft Secure Score in the Microsoft 365 security center can provide recommendations for Microsoft Cloud App Security. - Yes * From the Microsoft 365 security center, you can view how your Microsoft Secure Score compares to the score of organizations like yours. - Yes * Microsoft Secure Score in the Microsoft 365 security center gives you points if you address the improvement action by using a third-party application or software. - Yes

What can you use to provision Azure resources across multiple subscriptions in a consistent manner? A. Azure Defender B. Azure Blueprints C. Azure Sentinel D. Azure Policy

B. Azure Blueprints

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response. * Azure Adviser * Azure Bastion * Azure Monitor * Azure Sentinel

* Azure Sentinel

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area In Azure Sentinel, you can automate common tasks by using ?????????? * deep investigation tools. * hunting search-and-query tools. * playbooks. * workbooks.

* playbooks.

Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. fingerprint B. facial recognition C. PIN D. email verification E. security question

A. fingerprint B. facial recognition C. PIN

What is an example of encryption at rest? A. encrypting communications by using a site-to-site VPN B. encrypting a virtual machine disk C. accessing a website by using an encrypted HTTPS connection D. sending an encrypted email

B. encrypting a virtual machine disk

Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Azure virtual machines B. Azure Active Directory (Azure AD) users C. Microsoft Exchange Online inboxes D. Azure virtual networks E. Microsoft SharePoint Online sites

A. Azure virtual machines D. Azure virtual networks

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area When users sign in to the Azure portal, they are first ?????????? * assigned permissions. * authenticated. * authorized. * resolved.

* authenticated.

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? is the process of identifying whether a signed-in user can access a specific resource. * Authentication * Authorization * Federation * Single sign-on (SSO)

* Authorization

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? a file makes the data in the file readable and usable to viewers that have the appropriate key. * Archiving * Compressing * Deduplication * Encrypting

* Encrypting

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area When you enable security defaults in Azure Active Directory (Azure AD), ?????????? will be enabled for all Azure AD users. * Azure AD Identity Protection * Azure AD Privileged Identity Management (PIM) * multi-factor authentication (MFA)

* multi-factor authentication (MFA)

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area Federation is used to establish ?????????? between organizations. * multi-factor authentication (MFA) * a trust relationship * user account synchronization * a VPN connection

* a trust relationship

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area With Windows Hello for Business, a user's biometric data used for authentication ?????????? * is stored on an external device. * is stored on a local device only. * is stored in Azure Active Directory (Azure AD) * is replicated to all the devices designated by the user.

* is stored on a local device only.

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Conditional access policies can use the device state as a signal. - Yes/No * Conditional access policies apply before first-factor authentication is complete. - Yes/No * Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application. - Yes/No

* Conditional access policies can use the device state as a signal. - Yes * Conditional access policies apply before first-factor authentication is complete. - No * Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Conditional access policies always enforce the use of multi-factor authentication. - Yes/No * Conditional access policies can be used to block access to an application based on the location of a user. - Yes/No * Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices. - Yes/No

* Conditional access policies always enforce the use of multi-factor authentication. - No * Conditional access policies can be used to block access to an application based on the location of a user. - Yes * Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices. - No

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Conditional access policies can be applied to global administrators. - Yes/No * Conditional access policies are evaluated before a user is authenticated. - Yes/No * Conditional access policies can use a device platform, such as Android or iOS, as a signal. - Yes/No

* Conditional access policies can be applied to global administrators. - Yes * Conditional access policies are evaluated before a user is authenticated. - No * Conditional access policies can use a device platform, such as Android or iOS, as a signal. - Yes

A company needs to provide a user with three hour time bound access to resources to carry out some Audit operation in Azure. What should you use? A. Conditional access policies B. Azure Multi-Factor Authentication (MFA) C. Azure Active Directory (Azure AD) Identity Protection D. Azure AD Privileged Identity Management (PIM)

D. Azure AD Privileged Identity Management (PIM)

Which process provides best practices, documentation and tools that cloud architects, IT professionals and business decision makers need to successfully achieve their short and long term objectives? A. Microsoft Cloud Adoption Framework B. Role-Based Access Control (RBAC) C. Resource Lock D. Microsoft Best Practices Documentation

A. Microsoft Cloud Adoption Framework

A company wants to detect and block known weak passwords and their variants including specific words in their passwords. What should you implement to achieve this? A. Active Directory Federation Services (ADFS) B. Azure Active Directory Password Protection C. Conditional Access Policies D. Azure Multi-Factor Authentication (MFA)

B. Azure Active Directory Password Protection

In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Plan B. Manage C. Adopt D. Govern E. Define Strategy

A. Plan E. Define Strategy

In the Microsoft Cloud Adoption Framework for Azure, which two phases are implemented after the Adopt phase? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Plan B. Govern C. Ready D. Manage E. Define Strategy

B. Govern D. Manage

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing? A. the management of mobile devices B. the permissions for the user data stored in Azure C. the creation and management of user accounts D. the management of the physical hardware

D. the management of the physical hardware

In the shared responsibility model for an Azure deployment, what is Customer solely responsible for managing? A. the management of mobile devices B. the permissions for the user data stored in Azure C. the creation and management of user accounts D. the management of the physical hardware

C. the creation and management of user accounts

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment. * Azure Blueprints * Azure Policy * The Microsoft Cloud Adoption Framework for Azure * A resource lock

* The Microsoft Cloud Adoption Framework for Azure

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area You can manage Microsoft Intune by using the ?????????? * Azure Active Directory admin center. * Microsoft 365 compliance center. * Microsoft 365 security center. * Microsoft Endpoint Manager admin center.

* Microsoft Endpoint Manager admin center.

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area Applications registered in Azure Active Directory (Azure AD) are associated automatically to a ?????????? * guest account. * managed identity. * service principal. * user account.

* service principal.

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area Azure DDoS Protection Standard can be used to protect ?????????? * Azure Active Directory (Azure AD) applications. * Azure Active Directory (Azure AD) users. * resource groups. * virtual networks.

* virtual networks.

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Digitally signing a document requires a private key. - Yes/No * Verifying the authenticity of a digitally signed document requires the public key of the signer. - Yes/No * Verifying the authenticity of a digitally signed document requires the private key of the signer. - Yes/No

* Digitally signing a document requires a private key. - Yes * Verifying the authenticity of a digitally signed document requires the public key of the signer. - Yes * Verifying the authenticity of a digitally signed document requires the private key of the signer. - No

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * In software as a service (SaaS), applying service packs to applications is the responsibility of the organization. - Yes/No * In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider. - Yes/No * In Azure cloud deployment types, managing the security of information and data is the responsibility of the organization. - Yes/No

* In software as a service (SaaS), applying service packs to applications is the responsibility of the organization. - No * In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider. - Yes * In Azure cloud deployment types, managing the security of information and data is the responsibility of the organization. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Microsoft Intune can be used to manage Android devices. - Yes/No * Microsoft Intune can be used to provision Azure subscriptions. - Yes/No * Microsoft Intune can be used to manage organization-owned devices and personal devices. - Yes/No

* Microsoft Intune can be used to manage Android devices. - Yes * Microsoft Intune can be used to provision Azure subscriptions. - No * Microsoft Intune can be used to manage organization-owned devices and personal devices. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * You can create one Azure Bastion per virtual network. - Yes/No * Azure Bastion provides secure user connections by using RDP. - Yes/No * Azure Bastion provides a secure user connection to an Azure virtual machine by using the Azure portal. - Yes/No

* You can create one Azure Bastion per virtual network. - Yes * Azure Bastion provides secure user connections by using RDP. - Yes * Azure Bastion provides a secure user connection to an Azure virtual machine by using the Azure portal. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Azure Policy supports automatic remediation. - Yes/No * Azure Policy can be used to ensure that new resources adhere to corporate standards. - Yes/No * Compliance evaluation in Azure Policy occurs only when a target resource is created or modified. - Yes/No

* Azure Policy supports automatic remediation. - Yes * Azure Policy can be used to ensure that new resources adhere to corporate standards. - Yes * Compliance evaluation in Azure Policy occurs only when a target resource is created or modified. - No

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * You can add a resource lock to an Azure subscription. - Yes/No * You can add only one resource lock to an Azure resource. - Yes/No * You can delete a resource group containing resources that have resource locks. - Yes/No

* You can add a resource lock to an Azure subscription. - Yes * You can add only one resource lock to an Azure resource. - No * You can delete a resource group containing resources that have resource locks. - No

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Control is a key privacy principle of Microsoft. - Yes/No * Transparency is a key privacy principle of Microsoft. - Yes/No * Shared responsibility is a key privacy principle of Microsoft. - Yes/No

* Control is a key privacy principle of Microsoft. - Yes * Transparency is a key privacy principle of Microsoft. - Yes * Shared responsibility is a key privacy principle of Microsoft. - No

The zero-trust model operates on the principle of "trust no one, verify everything". You need to implement the zero-trust model in your organization. Which two options are the guiding principles of a zero-trust model? A. Verify explicitly B. Assume breach C. Role based access D. Perimeter security

A. Verify explicitly B. Assume breach

Match the type of attack on the left to the correct description on the right. Type of attack (left): A. Brute force attacks B. Phishing C. Spear phishing D. Spray attacks Descriptions (right): 1. an attack that tries many passwords against one or more accounts, sometimes using dictionaries of commonly used passwords 2. an attack which attempts to match a username against a list of weak passwords 3. an attack which is received in the form of an email that appears to come from a reputable source 4. a highly targeted form of email attack which can be used to create highly credible emails

A. Brute force attacks - 1. an attack that tries many passwords against one or more accounts, sometimes using dictionaries of commonly used passwords D. Spray attacks - 2. an attack which attempts to match a username against a list of weak passwords B. Phishing - 3. an attack which is received in the form of an email that appears to come from a reputable source C. Spear phishing - 4. a highly targeted form of email attack which can be used to create highly credible emails

Match the Azure Active Directory (Azure AD) device identity on the left to the correct description on the right. Azure AD device identity (left): A. Azure AD registered devices B. Azure AD joined devices C. Hybrid Azure AD joined devices Descriptions (right): 1. These devices are owned by an organization and are signed in with an Active Directory Domain Service account belonging to that organization. The exist in the cloud and on-premises. 2. These devices are typically personally-owned, rather than by the organization. They are signed in with a personal Microsoft account or another local account. 3. These devices exist only in the cloud and are owned by an organization. They are signed in with an organization Azure AD account.

C. Hybrid Azure AD joined devices - 1. These devices are owned by an organization and are signed in with an Active Directory Domain Service account belonging to that organization. The exist in the cloud and on-premises. A. Azure AD registered devices - 2. These devices are typically personally-owned, rather than by the organization. They are signed in with a personal Microsoft account or another local account. B. Azure AD joined devices - 3. These devices exist only in the cloud and are owned by an organization. They are signed in with an organization Azure AD account.

You need to look for a hybrid identity solution between Azure Active Directory (Azure AD) and your on premises active directory. It needs to provide a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers. Which authentication method should you use? A. Password Hash synchronization B. Pass-through authentication C. Federated authentication D. Directory synchronization

B. Pass-through authentication

To improve identity security within the organization, the security team wants to implement Windows Hello for Business. You need to explain the benefits of Windows Hello for Business. Which statement is true? A. Windows Hello is an authentication feature built into Windows Server 2012 R26. B. Windows Hello is an alternative to multi-factor authentication. C. Windows Hello is a secure feature that uses PINs and bio-metric data to authenticate users. D.Windows Hello is a feature only for Azure Active Directory premium customers.

C. Windows Hello is a secure feature that uses PINs and bio-metric data to authenticate users.

Sign-in risk is a signal used by Conditional Access policies to decide whether to grant or deny access. What is sign-in risk? A. The probability that the device is owned by the identity owner. B. The probability that the authentication request is not authorized by the identity owner. C. The probability that the user is authorized to view data from a particular application. D. The probability that a given identity or account is compromised.

B. The probability that the authentication request is not authorized by the identity owner.

Which two Azure Active Directory features can be implemented for end users to see the relevant legal disclaimers or the compliance requirement statement being displayed? A. Terms of use B. Conditional Access Policy C. Privileged Identity Management D. Identity Protection

A. Terms of use B. Conditional Access Policy

You want to restrict and audit an administrator's access in Azure Active Directory (Azure AD). Which two Azure AD features can you use to provide just-in-time and audit administrator access to Azure resources? A. Azure AD conditional access policies B. Azure AD privileged Identity Management (PIM) C. Azure AD privileged Access Management (PAM) D. Azure AD Identity Protection

B. Azure AD privileged Identity Management (PIM) C. Azure AD privileged Access Management (PAM)

Which basic native cost-effective Azure service can be used to filter the traffic to Azure Virtual Machines? A. Bastion B. Firewall C. Network Security Groups D. DDoS Protection

C. Network Security Groups

Select the answer that correctly completes the sentence. Your Chief Information Security Officer does not want to allow port 3389/22 for connecting to virtual machines in Azure. You need to implement __________ service to securely connect (SSH/RDP) into an Azure Linux/Windows machine through the browser and the Azure portal. A. Azure Bastion B. Azure Firewall C. Azure Load Balancer D. Network Security Groups

A. Azure Bastion

An organization has developed an application and wants to give the capability to its users to sign in using Facebook, Google and Twitter credentials. You need to recommend an authentication solution to the team. Which one of the below options would be best suited? A. Azure AD B2C B. Service principal C. Legacy authentication D. Assigned identities

A. Azure AD B2C

You want to get alerts for Data exfiltration, honeytokens, and other attacks such as account enumeration, remote code execution, etc. Which one of the following tools will you use to get alerts of these attacks on your on-prem AD? A. Defender for Endpoint B. Defender for Office365 C. Defender for Identity D. Defender for AD

C. Defender for Identity

You have a hybrid infrastructure in place for your organization. What type of identity solution is your organization using if your organization has hashes of the password stored in the cloud? A. Pass-through authentication B. Password hash synchronization C. Federation authentication D. None of the above

B. Password hash synchronization

Recently your IT team has been under great pressure because of the numerous numbers of requests they have been receiving from the team for password resets. You find that this can also lead to bigger security risks for the organization. What should you recommend being implemented here? A. Self-Service password reset (SSPR) B. FIDO2 C. Bitlocker encryption D. None of the above

A. Self-Service password reset (SSPR)

Which feature is more secure than a password? A. Hybrid security B. Windows Hello C. OAUTH D. Security questions

B. Windows Hello

You need to strengthen your cloud security posture and have a secure score in comparison to industry standards. You also need to view reports of various security configurations donen in the environment. Which tool helps you complete this task? A. Azure Sentinel B. Microsoft Defender for Cloud C. Azure Firewall D. Microsoft 365 Defender

B. Microsoft Defender for Cloud

Select the answer that correctly completes the sentence. Azure __________ is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution. It provides a singel solution for alert detection, threat visibility, proactive hunting, and threat protection. A. Advisor B. Bastion C. Monitor D. Sentinel

D. Sentinel

Which three features are additional in Microsoft Defender for Office 365 Plan 2 when compared with the Microsoft Defender for Office 365 Plan 1? A. Threat Trackers B. Automated Investigation and response C. Safe Attachments D. Anti-phishing Protection E. Attack Simulator

A. Threat Trackers B. Automated Investigation and response E. Attack Simulator

Select the answer that correctly completes the sentence. __________ is one of the tools in the Microsoft 365 Defender portal and is a representation of a company's security posture. A. Security Center B. Secure Score C. Monitor D. Sentinel

B. Secure Score

An organization uses different types of devices, including Windows, iOS, and Android devices. The administrator for that organization wants to create a security baseline profile in Intune that they will apply across the devices. Which device can the security baseline profile be applied to? A. Android devices B. iOS devices C. Windows devices D. Android & iOS devices

C. Windows devices

What is the preferred way to add Microsoft compliance documents and resources that are relevant to your organization in the Service Trust Portal? A. Save the documents to your My Library. B. Print each document so you can easily refer to them. C. Download each document. D. Go to the resources section.

A. Save the documents to your My Library.

Your organization uses Microsoft Teams to collaborate on all projects. The compliance administrator wants to prevent users from accidentally sharing sensitive information in a Microsoft Teams chat session. Which capability can address this requirement? A. Use data loss prevention policies B. Use Records Management capabilities C. Use retention policies D. Use Azure Information Protection

A. Use data loss prevention policies

Select the answer that correctly completes the sentence. You need to control the use of administrator accounts with standing access to sensitive data. This will ensure that administrators only receive the level of access they need and at the correct time. You will use a(n) __________. A. communication compliance B. audit log C. role-based access management D. privileged access management

D. privileged access management

You need to use the advanced e-Discovery capability to help your legal team with a case. Which workflow should you use? A. Search custodial data, add data to a review set, review and analyze data, add custodians to a case, then finally export and download case data. B. Add custodians to a case, search custodial sources for relevant data, add data to a review set, review and analyze data, then finally export, and download the case data. C. Add data to a review set, review and analyze data, add custodians to a case, search custodial sources for relevant data, then finally export and download the case data. D. Review and analyze data in a review set, add custodians to a case, add data to review set, export and download case data.

B. Add custodians to a case, search custodial sources for relevant data, add data to a review set, review and analyze data, then finally export, and download the case data.

Match the Azure service on the left to the correct description on the right. Azure service (left): A. Azure Resource Locks B. Azure Blueprints C. Azure Policy D. Azure Role-based access control Descriptions (right): 1. manages who has access to Azure resources, what they can do with those resources, and what areas they can access 2. enforces standards and assess compliance across your organization 3. rapidly provisions and runs new environments with the knowledge that they are in line with the organization's compliance requirements 4. prevents resources from being accidentally deleted or changed

D. Azure Role-based access control - 1. manages who has access to Azure resources, what they can do with those resources, and what areas they can access C. Azure Policy - 2. enforces standards and assess compliance across your organization B. Azure Blueprints - 3. rapidly provisions and runs new environments with the knowledge that they are in line with the organization's compliance requirements A. Azure Resource Locks - 4. prevents resources from being accidentally deleted or changed

Due to certain compliance regulations, your organization needs to keep the data of the clients for 7 years stored on a specific site. You have been asked to find a solution to this issue. What should you recommend? A. Sensitivity labels B. Retention policies C. Content Explorer D. Alert policies

B. Retention policies

Your organization has a certain business requirement where it needs to continuously monitor the security status of its network. What Security Center tool would you recommend? A. Continuous assessment B. Network map C. Network assessment D. Microsoft Defender

B. Network map

Your organization named Contoso has most of its data stored in Azure Cloud. The security admin wants to have encryption for the data. Which one of the below services would help you in storing your application secrets? A. Azure BitLocker B. Azure Key Vault C. Data encryption D. Key management system

B. Azure Key Vault

Your organization wants you to implement conditional access for the organization. You must grant and deny access for selected users. What must you do to implement conditional access? A. Check that all users have multi-factor authentication enabled. B. Remove all Global Domain Admin roles assigned to users. C. Replace Global Admin roles with specific Azure AD roles. D. Create policies that enforce organizational rules.

D. Create policies that enforce organizational rules.

An employee of your organization informs you that he has received an email which tells that your organization wants you to change your password for security purposes. But the email is redirecting to some random website to change username and password. Which type of attack is it? A. Password-based attack B. Spear phishing C. Phishing D. Spam

C. Phishing

Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards? A. Microsoft Secure Score B. Productivity Score C. Secure score in Azure Security Center D. Compliance score

D. Compliance score

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standards, such as the International Organization for Standardization (ISO)? A. the Microsoft Endpoint Manager admin center B. Azure Cost Management + Billing C. Microsoft Service Trust Portal D. the Azure Active Directory admin center

C. Microsoft Service Trust Portal

You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent? A. threat modeling B. identity as the security perimeter C. defense in depth D. the shared responsibility model

C. defense in depth

In a Core eDiscovery workflow, what should you do before you can search for content? A. Create an eDiscovery hold. B. Run Express Analysis. C. Configure attorney-client privilege detection. D. Export and download results.

A. Create an eDiscovery hold.

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? is used to identify, hold, and export electronic information that might be used in an investigation. * Customer Lockbox * Data loss prevention (DLP) * eDiscovery * A resource lock

* eDiscovery

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? can be used to provide Microsoft Support Engineers with access to an organization's data stored in Microsoft Exchange Online, SharePoint Online, and OneDrive for Business. * Customer Lockbox * Information barriers * Privileged Access Management (PAM) * Sensitivity labels

* Customer Lockbox

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area Compliance Manager assesses compliance data ?????????? for an organization. * continually * monthly * on-demand * quarterly

* continually

HOTSPOT - Select the answer that correctly completes the sentence. Hot Area: Answer Area ?????????? provides benchmark recommendations and guidance for protecting Azure services. * Azure Application Insights * Azure Network Watcher * Log Analytics workspaces * Security baselines for Azure

* Security baselines for Azure

DRAG DROP - Match the Azure networking service to the appropriate description. To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point. Select and Place: Services (left): * Azure Bastion * Azure Firewall * Network security group (NSG) Answer Area (right): ?????????? Provides Network Address Translation (NAT) services ?????????? Provides secure and seamless Remote Desktop connectivity to azure virtual machines ?????????? Provides traffic filtering that can be applied to specific network interfaces on a virtual network

Azure Firewall - Provides Network Address Translation (NAT) services Azure Bastion - Provides secure and seamless Remote Desktop connectivity to azure virtual machines Network security group (NSG) - Provides traffic filtering that can be applied to specific network interfaces on a virtual network

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Sensitivity labels can be used to encrypt documents. - Yes/No * Sensitivity labels can add headers and footers to documents. - Yes/No * Sensitivity labels can apply watermarks to emails. - Yes/No

* Sensitivity labels can be used to encrypt documents. - Yes * Sensitivity labels can add headers and footers to documents. - Yes * Sensitivity labels can apply watermarks to emails. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Compliance Manager tracks only customer-managed controls. - Yes/No * Compliance Manager provides predefined templates for creating assessments. - Yes/No * Compliance Manager can help you assess whether data adheres to specific data protection standards. - Yes/No

* Compliance Manager tracks only customer-managed controls. - No * Compliance Manager provides predefined templates for creating assessments. - Yes * Compliance Manager can help you assess whether data adheres to specific data protection standards. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Users can apply sensitivity labels manually. - Yes/No * Multiple sensitivity labels can be applied to the same file. - Yes/No * A sensitivity label can apply a watermark to a Microsoft Word document. - Yes/No

* Users can apply sensitivity labels manually. - Yes * Multiple sensitivity labels can be applied to the same file. - No * A sensitivity label can apply a watermark to a Microsoft Word document. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Network security groups (NSGs) can deny inbound traffic from the internet. - Yes/No * Network security groups (NSGs) can deny outbound traffic to the internet. - Yes/No * Network security groups (NSGs) can filter traffic based on IP address, protocol, and port. - Yes/No

* Network security groups (NSGs) can deny inbound traffic from the internet. - Yes * Network security groups (NSGs) can deny outbound traffic to the internet. - Yes * Network security groups (NSGs) can filter traffic based on IP address, protocol, and port. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Applying system updates increases an organization's secure score in Azure Security Center. - Yes/No * The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions. - Yes/No * Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center. - Yes/No

* Applying system updates increases an organization's secure score in Azure Security Center. - Yes * The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions. - Yes * Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center. - Yes

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements: * Verify explicitly is one of the guiding principles of Zero Trust. - Yes/No * Assume breach is one of the guiding principles of Zero Trust. - Yes/No * the Zero Trust security model assumes that a firewall secures the internal network from external threats. - Yes/No

* Verify explicitly is one of the guiding principles of Zero Trust. - Yes * Assume breach is one of the guiding principles of Zero Trust. - Yes * the Zero Trust security model assumes that a firewall secures the internal network from external threats. - No