Microsoft SCI fundamentals Assessment 2 Flashcards
Azure Firewall
Provides Network Address Translation (NAT) services
Azure Bastion
Provides secure and seamless Remote Desktop connectivity to Azure virtual machines
Network security group (NSG)
Provides traffic filtering that can be applied to specific network interfaces on a virtual network
__________ is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel
Yes or No
Azure Defender can detect vulnerabilities and threats for Azure Storage
Yes
Yes or No
Cloud Security Posture Management (CSPM) is available for all Azure subscriptions
Yes
You can use _____ in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack
Incidents
Yes or No
With Advanced Audit in Microsoft 365, you can identify when email items were accessed
Yes
Yes or No
Advanced Audit in Microsoft 365 supports the same retention period of audit logs as core auditing
No
Yes or No
Advanced Audit in Microsoft 365 allocates customer- dedicated bandwidth for accessing audit data
Yes
Yes or No
Azure Active Directory ( Azure AD) Identify Protection can add users to groups based on the users’ risk level
No
Yes or No
Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public
YEs
Yes or No
Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level
Yes
Compliance Manager assesses compliance data ____ for an organization
continually
Yes or No
Sensitivity labels can be used to encrypt documents
yes
Yes or No
Sensitivity labels can add headers and footers to documents
yes
Yes or No
Sensitivity labels can apply watermarks to emails
yes
Yes or No
Compliance Manager tracks only customer-managed controls
no
Yes or No
Compliance Manager provides predefined templates for creating assessments
yes
Yes or No
Compliance Manager can help you assess whether data adheres to specific data protection standards
yes
Yes or No
Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises
Yes
You can use ____ in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack
Incidents
Yes or No
Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users’ risk level
No
Yes or No
Azure Policy supports automatic remediation.
yes
Yes or No
Azure policy can be used to ensure that new resources adhere to corporate standards.
Yes
Yes or No
Compliance evaluation in Azure Policy occur only when a target resource is created or modified.
No
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)?
-A text message (SMS)
-Microsoft Authenticator app
-Phone call
Yes or No
All Azure Active Directory (Azure AD) license include the same features.
No
yes or no
You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal.
yes
yes or no
You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant.
No
yes or no
Network security groups (NSGs) can deny inbound traffic from the internet.
yes
yes or no
Network security groups (NSGs) can deny outbound traffic to the internet.
yes
yes or no
Network security groups (NSGs) can deny outbound traffic to the internet.
yes
yes or no
Network security groups (NSGs) can filter traffic based on IP address, protocol, and port.
yes
yes or no
Microsoft Intune can be used to manage Android devices.
yes
Microsoft Intune can be used to provision Azure subscriptions.
no
yes or no
Microsoft Intune can be used to manage organization-owned devices and personal devices.
yes
You can create one Azure Bastion per virtual network.
yes
yes or no
Azure Bastion provides a secure connection to an Azure virtual machine by using the Azure portal.
yes
A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following are the authentication techniques available for Windows Hello for business?
-A pin
-Facial recognition
-Fingerprint recognition
Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?
Azure Security Center
Your company has just setup an Azure subscription. They have the following requirements
– Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.
– Be able to ensure no one can delete resources defined in a resource group named lead2pass-staging
– Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed
Which of the following can be used for the following requirement?
– Be able to ensure no one can delete resources defined in a resource group named lead2pass-rg
Azure Resource locks
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels can be used to encrypt the contents in documents?
yes
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure virtual machine?
no
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to manage device registrations in Azure Active Directory?
yes
Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?
Encryption
Your company is planning on using Azure Active Directory for the storage of identities. They want to make use of the self-service password reset feature.
Which of the following authentication methods are available for self-service password reset? Choose 3 answers from the options given below.
-Email
-Mobile app notification
-Mobile app code
Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure.
Which of the following could be used for the following requirement?
– Enforce Multi-Factor authentication based on the sign-in risk
Azure AD Identity Management
Which of the following is a scalable, cloud-native, security information event management and security orchestration automated response solution?
Azure Sentinel
Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?
Azure Defender
Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?
Azure Web Application Firewall
You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Privileged Identity Managed service?
Provide just-in-time access to resource roles in Azure
You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the tool that can be used for desired requirement below:
– Be able to quickly find email in Exchange mailboxes
Which of the following would you use for this requirement?
Content search
You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the tool that can be used for desired requirement below:
– Provide basic capabilities on searching and exporting of content in Microsoft 365
Which of the following would you use for this requirement?
Core eDiscovery
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a complete solution.
-Plan
-Define Strategy
