Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC-900 > Practice Test > Flashcards

Practice Test Flashcards

1
Q

When you log in to the Microsoft Purview compliance portal as a compliance data administrator, which of the following compliance solutions would you see in the Solutions catalog? Select three options.

a. Communication compliance
b. Microsoft 365 compliance center
c. Insider risk management
d. Data loss prevention
e. Microsoft 365 Defender

A

a. Communication compliance
c. Insider risk management
d. Data loss prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following statements about sign-in risk and user risk is TRUE?

a. User risk denotes a probability that the account owner did not authorize
b. Sign-in risk denotes a probability that the identity owner did not perform the authentication request
c. Sign-in risk represents the probability that an account is compromised
d. Azure AD Identity Protection calculates the user risks in real life

A

b. Sign-in risk denotes a probability that the identity owner did not perform the authentication request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Microsoft Sentinel ingests data to provide intelligent security analytics across your enterprise. Where is the ingested data stored?

a. Azure Data Explorer
b. Azure Log Analytics workspace
c. Azure Data Lake storage
d. Azure Monitor

A

b. Azure Log Analytics workspace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

To learn Azure, you sign up for a free Azure subscription. Which Azure AD role is assigned to you?

a. Account Administrator
b. Owner
c. Global Admin
d. Global Administrator

A

d. Global Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CIA is a way to think about security trade-offs. What does the initialism CIA stand for?

a. Credentials, Integrity, Accessibility
b. Confidentiality, Integrity, Availability
c. Confidentiality, Integrity, Accessibility
d. Credentials, Integrity, Availability

A

b. Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A customer moves his on-premises workloads to the cloud. After the migration, Microsoft takes care of Compute and Storage, while the customer still takes care of his organization’s identities.

Where do you think he has hosted his workload?

a. IaaS
b. SaaS
c. PaaS
d. He could have hosted anywhere on IaaS or SaaS or PaaS

A

d. He could have hosted anywhere on IaaS or SaaS or PaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You authenticate organizational users who access SharePoint farm (in the company’s data centers) and SaaS apps like Dynamics 365.

Which of the following is NOT an authentication method used to achieve hybrid identity?

a. Pass-through synchronization
b. Pass-through authentication
c. Federation
d. Password hash synchronization

A

a. Pass-through synchronization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

Your organization has purchased the Microsoft Defender for Office 365 (Plan 2) subscription for the entire tenant. You need to view information about the current cybersecurity issues and prepare a plan to protect your organization from such threats.

Solution: You look for the information under Threat Explorer in the Microsoft 365 Defender portal.

Does the solution meet the stated goal?

a. Yes
b. No

A

b. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

Your organization has purchased the Microsoft Defender for Office 365 (Plan 2) subscription for the entire tenant. You need to view information about the current cybersecurity issues and prepare a plan to protect your organization from such threats.

Solution: You look for the information under Attack Simulator in the Microsoft 365 Defender portal.

Does the solution meet the stated goal?

A. Yes
B. No

A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

Your organization has purchased the Microsoft Defender for Office 365 (Plan 2) subscription for the entire tenant. You need to view information about the current cybersecurity issues and prepare a plan to protect your organization from such threats.

Solution: You look for the information under Threat Trackers in the Microsoft 365 Defender portal.

Does the solution meet the stated goal?

a. Yes
b. No

A

a. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To establish a minimum level of protection for your company’s assets, you enable security defaults in Azure AD.

Which of the following security features do they NOT enforce?

a. Requiring users to perform multi-factor authentication registration within 14 days
b. Blocking legacy authentication protocols like IMAP, SMTP
c. Protecting access to Azure Powershell with MFA
d. Requiring users to perform multi-factor authentication for every sign-in

A

d. Requiring users to perform multi-factor authentication for every sign-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which software/service is the identity & access management solution in the Microsoft Cloud?

a. Azure Active Directory
b. Azure AD Identity Protection
c. Azure AD Connect
d. Active Directory Federation Services

A

a. Azure Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Azure AD Identity Protection calculates the user risk/sign-risk. Which of the following risk detections is an example of a user risk?

a. Anonymous IP address
b. Atypical travel
c. Password spray
d. Leaked credentials

A

d. Leaked credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The users in your organization receive email messages from external networks in their company’s inbox. Some of emails are received with file attachments.

You need to ensure that users can access the attached files only after they are verified for malicious content. Which minimum plan of Microsoft Defender for Office 365 would you need to purchase?

a. Microsoft Defender for Office 365 Plan 2
b. Microsoft Defender for Office 365 Plan 1
c. Microsoft Defender for Office 365 Premium
d. None of the plans offer this feature

A

b. Microsoft Defender for Office 365 Plan 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You use Teams in your organization for internal communication. Microsoft scans your messages to show relevant ads to give you a good user experience.

Does it violate Microsoft’s privacy principle?

a. Yes
b. No

A

a. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have workloads hosted in Windows & Linux VMs on Azure, AWS, and on-premises environments.

Which of the following services helps you to scan for vulnerabilities against external threats?

a. Microsoft Defender for Endpoint
b. Microsoft Defender for Cloud
c. Microsoft Defender for Cloud Apps
d. Microsoft 365 Defender

A

b. Microsoft Defender for Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cloud security posture refers to a company’s security status of its assets (hardware and software) against cyber threats.

Which of the following tools helps you to strengthen the company’s security posture?

a. Azure Defender
b. Microsoft Defender for Cloud
c. Microsoft Defender for Cloud Apps
d. Microsoft 365 Defender

A

b. Microsoft Defender for Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You manage users who access resources in both the cloud and the on-premises environments (hybrid scenario). As an admin, you enable them to reset their passwords.

What is the minimum Azure Active Directory edition required to ensure that those updated passwords are written back to the on-premises Active Directory Domain Services?

a. Azure Active Directory Free
b. Azure Active Directory Premium P1
c. Azure Active Directory Premium P2
d. Office 365 Apps

A

b. Azure Active Directory Premium P1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A user wants to listen to music. So, he logs into the Spotify app with his Google account.

Based on the above scenario, which of the following is NOT True?

a. Azure AD used by Spotify trusts Google
b. There is a trust relationship between Spotify’s Azure AD and Google
c. Google trusts Spotify’s Azure AD
d. The user does not need a separate username and password to log into Spotify

A

c. Google trusts Spotify’s Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following concepts presumes that you shouldn’t trust anyone, even in your internal organizational networks?

a. Zero-trust model
b. The Principle of Least Privilege
c. Principle of need to know
d. Trust but verify

A

a. Zero-trust model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following components enables you to score a group of controls from a specific regulation in the Microsoft Purview Compliance Manager?

a. Templates
b. Assessments
c. Improvement Actions
d. Control family

A

b. Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Microsoft Sentinel is a scalable, cloud-native SIEM/SOAR solution. What do the acronyms stand for?

a. Security Incident Event Management (SIEM), Security Orchestration Automated Response
b. Security Information Event Management (SIEM), Security Orchestration Automated Response (SOAR)
c. Security Incident Event Management (SIEM), Security Orchestration Automated Response (SOAR)
d. Security Information Event Management (SIEM), Security Orchestration Autonomous Response (SOAR)

A

b. Security Information Event Management (SIEM), Security Orchestration Automated Response (SOAR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A few years back, Taylor joined your organization as an IT analyst. Over the course of several years, she takes additional roles and responsibilities as she moves through the organizational ladder.

How do you automate her changing access needs in Azure AD?

a. With dynamic groups
b. With security groups
c. With assigned groups
d. With privileged access groups

A

a. With dynamic groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Your employees access cloud apps with their personal devices from home. So, your team is contemplating using a CASB solution to assess whether those apps meet the data residency and regulatory requirements. Which CASB pillar is responsible?

a. Regulatory
b. Legal
c. Governance
d. Compliance

A

d. Compliance

25
Q

With Cloud Discovery, an admin can discover all the cloud apps your employees use in your organization.

What information is required by Cloud Discovery to do so?

a. Trace events
b. Web traffic logs
c. Metrics logs
d. Audit logs

A

b. Web traffic logs

26
Q

As an IT admin, you need to enlist all the risky cloud apps used by your employees. These apps pose a significant threat to your organization, so you would like to prohibit their access. You decide to use Microsoft Cloud Discovery.

Will this solve the purpose?

a. Yes
b. No

A

a. Yes

27
Q

Your organization has acquired Azure Active Directory Premium P1 license for its users. You would like the users to perform additional authentication with MFA for all the sign-ins identified as risky.

Is it possible?

a. Yes
b. No

A

b. No

28
Q

Which of the following is NOT one of the features of Privileged Identity Management?

a. Just-in-time
b. Time-bound
c. Approval-based
d. Access packages

A

d. Access packages

29
Q

Your company Airbus has developed an app that shares airline parts’ inventory information with its suppliers. Since the app contains sensitive data, you need to ensure the external users read & accept compliance requirements before accessing the app.

Which of the following would help?

a. App protection policies
b. Conditional Access policies
c. Azure AD Terms of use
d. Privileged Identity Management

A

b. Conditional Access policies

30
Q

Which of the following features in Azure Active Directory does NOT help implement identity governance?

a. Entitled Management
b. Access Reviews
c. Privileged Identity Management
d. Conditional Access

A

d. Conditional Access

31
Q

Some of your organization’s employees receive targeted phishing emails that contain links/attachments.

Which of the following solutions can safeguard your organization against such threats?

a. Microsoft Defender for Office 365
b. Microsoft Defender for Outlook
c. Office 365 Advanced Threat Protection
d. Exchange Online Advanced Threat Protection

A

a. Microsoft Defender for Office 365

32
Q

In which of the following scenarios do you think access reviews are NOT beneficial?

a. Your Azure directory has many users with privileged roles
b. When you can automate the HR data import into Azure AD
c. If your application contains sensitive financial data
d. Your organization’s policies require you to review access permissions every quarter

A

b. When you can automate the HR data import into Azure AD

33
Q

What are the four key elements of Microsoft Compliance Manager?

a. Workflows, Assessments, Templates, Improvement actions
b. Controls, Assessments, Templates,
Improvement Actions
c. Requirements, Evaluations, Compliance score, Improvement actions
d. Workflows, Evaluations, Compliance score, Improvement actions

A

b. Controls, Assessments, Templates,
Improvement Actions

34
Q

Which of the following is NOT one of the benefits of Microsoft Compliance Manager?

a. Translating complicated regulations into a simple language
b. Providing access to a variety of out-of-the-box assessments
c. Step-by-step guidance on implementing regulatory requirements
d. Compliance information about Microsoft cloud services by region

A

d. Compliance information about Microsoft cloud services by region

35
Q

When you log in to the Microsoft Purview compliance portal, Microsoft greets you with this welcome page. Under which section would you create and publish sensitivity labels and policies?

a. Information protection
b. Data lifecycle management
c. Records management
d. Data loss prevention

A

a. Information protection

36
Q

How Azure AD Password Protection adds business value to your organization in maintaining password hygiene?

a. By preventing users from setting weak passwords
b. By setting password expiration policies
c. By defining how Azure AD encrypts the passwords
d. By locking user accounts after unsuccessful attempts

A

a. By preventing users from setting weak passwords

37
Q

Your organization uses Skype to communicate with suppliers. Who is responsible for DNS configuration?

a. Your IT team
b. Microsoft
c. Supplier organization
d. Individual users

A

b. Microsoft

38
Q

A Microsoft Defender for Endpoint capability that helps reduce the surface attack of your device is:

a. Network protection
b. Advanced Hunting
c. Next-gen protection
d. Automated investigation

A

a. Network protection

39
Q

What’s the difference between a system-assigned managed identity & a user-assigned managed identity?

a. System-assigned managed identity can by shared with many Azure resources. The user-assigned managed identity is associated with a single Azure resource
b. When the Azure resource is deleted, the system-assigned managed identity is not deleted.
c. The lifecycle of system-assigned managed identity is independent of the Azure resource; the lifecycle of user assigned managed identity is shared with the Azure resource
d. System-assigned managed identity is created along with an Azure resource; user-assigned managed identity is created as a separate resource

A

d. System-assigned managed identity is created along with an Azure resource; user-assigned managed identity is created as a separate resource

40
Q

Match the Cloud service to its corresponding use case:

Services:
- Microsoft Sentinel
- Microsoft Defender for Office 365
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Cloud

Use Cases:
- Protects against malicious attachments
- Discover shadow IT
- Protects cloud and hybrid infrastructure
- Collects data and responds to incidents

A
  • Microsoft Sentinel: Collects data and responds to incidents
  • Microsoft Defender for Office 365: Protects against malicious attachments
  • Microsoft Defender for Cloud Apps: Discover shadow IT
  • Microsoft Defender for Cloud: Protects cloud and hybrid infrastructure
41
Q

Read the following two statements on Conditional Access policies and select whether they are True/False

i. Azure AD enforces Conditional Access policies before a user completes his first-factor authentication
ii. You can integrate Conditional Access policies with Defender for Cloud Apps to control user sessions

A

i. False
ii. True

42
Q

Last week, a couple of employees left your project. You need to ensure that the IT analyst removes their access to Azure resources.

By using which Azure AD service, can you delegate this task to him for only 4 hours?

a. Azure AD Identity Protection
b. Azure AD Privileged Identity Management
c. Azure AD Conditional Access
d. Azure AD Connect

A

b. Azure AD Privileged Identity Management

43
Q

Per the shared responsibility model, who is responsible for protecting your organization’s endpoints?

a. Customer
b. Microsoft
c. Both

A

a. Customer

44
Q

You configure your web apps to use secure TLS/SSL encrypted sessions for secure communication with other services connected to Azure AD.

Which layer of your organization’s defense in-depth strategy does it provide protection?

a. Identity and Access
b. Application
c. Network
d. Perimeter

A

b. Application

45
Q

Given below are two statements based on Azure AD. Select Yes if the statement is correct else, select No.

i. Organizations deploy Azure AD in their physical datacenters
ii. Azure AD cannot enable access to third-party SaaS apps

A

i. No
ii. No

46
Q

The security rules in an Azure Network security group decide which traffic enters/exits the VNet. Which of the following Azure resources can be directly associated with a Network Security Group? (Select two options)

a. Azure Virtual Machine
b. Application Gateway
c. Virtual Network
d. Subnets
e. Load balancer
f. Network interface

A

d. Subnets
f. Network interface

47
Q

Which of the following is NOT an artifact in Azure Blueprints?

a. ARM templates
b. Role assignments
c. Resource groups
d. Management groups

A

d. Management groups

48
Q

Which of the following choices are TRUE about ARM templates & Azure Blueprints?

a. With ARM templates, there is an active connection between what should be deployed and what was deployed.

b. The ARM templates can deploy everything that an Azure Blueprint deploys.

c. Azure Blueprints help in tracking & examining deployments.

A

b and c

49
Q

You created an Azure VM testVM in a resource group testRG. You assign the Azure Policy definition Disk encryption should be applied on virtual machines to the resource group testRG.

Which of the following is TRUE about the events/time that triggers a policy evaluation (Select three options)?

a. When a user creates a new VM disk in any resource group in the subscription
b. When the policy assigned to the resource group testRG is updated
c. During the standard compliance evaluation cycle (every 12 hours)
d. When a user deletes the Azure VM testVM
e. When a user attaches a new disk to the Azure VM testVM

A

b. When the policy assigned to the resource group testRG is updated
d. When a user deletes the Azure VM testVM
e. When a user attaches a new disk to the Azure VM testVM

50
Q

You plan to deploy the Azure Bastion service to allow your developers, who work from home, securely access Azure VMs.

Where would you deploy them?

a. Azure VMs
b. Azure VNets
c. Azure Subscriptions
d. Azure Resource Groups

A

b. Azure VNets

51
Q

Your team has deployed several Azure VMs in your Azure Virtual Network. Your testers need to privately access those VMs remotely from any source machine without worrying about any management overhead.

Which of the following is the best option you would use?

a. Using traditional RDP/SSH connectivity
b. Usig Azure Point-to-Site VPN
c. Deply jump box in a separate subnet
d. Using Azure Bastion

A

d. Using Azure Bastion

52
Q

Which of the following is NOT a type of DDoS attack (Select two options)?

a. Surface attacks
b. Volumetric attacks
c. Resource layer attacks
d. Application layer attacks
e. Network layer attacks
f. Protocol attacks

A

a. Surface attacks
e. Network layer attacks

53
Q

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

To maximize user productivity, you need to onboard and manage domain-joined, down-level devices like Windows 7 and 8.1 to Azure AD.

Solution: You use Azure AD registered devices

Does the solution meet the goal?

a. Yes
b. No

A

b. No

54
Q

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

To maximize user productivity, you need to onboard and manage domain-joined, down-level devices like Windows 7 and 8.1 to Azure AD.

Solution: You use Azure AD joined devices

Does the solution meet the goal?

a. Yes
b. No

A

b. No

55
Q

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

To maximize user productivity, you need to onboard and manage domain-joined, down-level devices like Windows 7 and 8.1 to Azure AD.

Solution: You use hybrid Azure AD joined devices

Does the solution meet the goal?

A. Yes
B. No

A

A. Yes

56
Q

Who is responsible for protecting the security of your employee’s Personally Identifiable Information (PII data) as per the shared responsibility model?

a. Customer
b. Microsoft
c. Both

A

a. Customer

57
Q

Which of the following encrypts data at rest in Azure Data Warehouse?

a. Azure Key vault
b. Azure Disk encryption
c. Azure Storage Service Encryption
d. Transparent Data Encryption (TDE)

A

d. Transparent Data Encryption (TDE)

58
Q

You need to protect the VNet resources from DDoS attacks.

Which of the following Azure DDoS Protection tiers would you choose?

a. DDoS Network Protection
b. DDoS infrastructure protection
c. Basic
d. Standard

A

a. DDoS Network Protection

59
Q

You realize that your account is locked out. You check with your IT department to unlock your account. Unfortunately, they aren’t available for the next 2 hours.

Which of the following Azure AD features could help you return to work faster?

a. MFA
b. Azure AD Conditional Access
c. SSO
d. SSPR

A

d. SSPR

SC-900 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions