SC-900 Flashcards by Berkan K

all azure ad license editions include the same festures.
you can manage an azure ad tenant by using the azure portal
your must deploy azure virtual machines to list an azure ad tenant.

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.
1. azure blueprints 2. azure policy 3. the microsoft cloud adoption framework for azure. 4 a resource lock.

Provides best practices from microsoft elployees, partners and customers including tools ane guidance to assist in an azure deployment.

Microsoft cloud adoption framework for azure

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.
1. customer lockbox
2. data loss prevention
3. ediscovery
4. a resource lock

Is to identify, hold and export electronic information that might be used in an investigation.

Ediscovery

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

You can manage microsoft intune by using the
1 azure ad admin center
2 m365 compliance center
3 m365 defender portal
4 microsoft endpoint manager admin center

Microsoft endpoint manager admin center

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Federation is used to establish …… between organizations.

1 mfa
2 a trust relationship
3 user account synchronization
4 a vpn connection

A trust relationship

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

applying system updates increases an organizations secure score in m defender for cloud.
the secure score in m defender for cloud can evaluate resources across multiple azure subscriptions.
3 enabling mfa increases an organizations secure score in m defender for cloud

1 yes
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?

1 microsoft secure score
2 productivity score
3 secure score in azure security center
4 compliance score

4 compliance score

How well did you know this?

Not at all

Perfectly

What do you use to provide real-time integration between Azure Sentinel and another security source?

1 azure ad connect
2 a log analytics workspace
3 azure information protection
4 a connector

4 a connector

How well did you know this?

Not at all

Perfectly

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for
Standardization (ISO)?

A. the Microsoft Endpoint Manager admin center
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. the Azure Active Directory admin center

C microsoft service trust portal

How well did you know this?

Not at all

Perfectly

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?

A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware

D the management of the physical hardware

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
1 verify explicitly is one of the guiding principles of zero trust
2 assume breach is one of the guiding principles of zero trust
3 the zero trust security model assumes that a firewall secures the internal network from external threats.

1 yes
2 yes
3 no

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 control is a key privacy principle of microsoft
2 transparency is a key privacy principle of microsoft
3 shared responsibility is a key privacy principle of microsoft

1 yes
2 yes
3 no

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.
1 archiving
2 compressing
3 deduplicating
4 encrypting

A file makes the data in the file readable and usable to viewers that have the appropriate key.

Encrypting

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 digitally signing a document requires a private key.
2 verifying the authenticity of a digitally signed document requires the public key of the signer
3 verifying the authenticity of a digitally signed document requires the private key of the signer.

1 yes
2 yes
3 no

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

When users sign in to the azure portal, they are first …….
1assigned permissions
2 authenticated
3 authorized
4 resolved

2 authenticated

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

1 authentication
2 authorization
3 federation
4 single sign-on (sso)

Is the process of identifying wherher a signed-in user can access a specific resource.

2 authorization

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

1 ad ds
2 active directory forest trusts
3 azure ad b2b
4 azure ad b2c

Enables collaboration with business partner from external organizations such as suppliers, partners and vendors. External users appear as guest users in the directory.

3 azure ad b2b

How well did you know this?

Not at all

Perfectly

In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy

A plan
B define strategy

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 in SaaS applying service packs to applications is the responsibility of the organization.
2 In IaaS managing the physical network is the responsibility of the cloud provider.
3 In all azure cloud deployment types managing the security of information and data is the responsibility of the organization.

1 no
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 azure ad connect can be used to implement hybrid identity
2 hybrid identity requires the implementation of two m365 tenants
3 authentication of hybrid identifies requires the synchronization of ad ds and azure ad .

1 yes
2 no
3 yes

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

1 azure application insights
2 azure network watcher
3 log analytics workspaces
4 security baselines for azure

provides benchmark recommendations and guidance for protecting azure services.

4 security baselines for azure

How well did you know this?

Not at all

Perfectly

What is an example of encryption at rest?

A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email

Encrypting a virtual machine disk

How well did you know this?

Not at all

Perfectly

Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Define the perimeter by physical locations.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
E. Use the network as the primary security boundary.

B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.

How well did you know this?

Not at all

Perfectly

Which service should you use to view your Azure secure score?

1 alerts
2 application insights
3 subscriptions
4 policy
5 azure ad connect health
6 security center ( today microsoft defender for cloud)
7 advisor
8 monitor

6 security center ( microsoft defender for cloud)

How well did you know this?

Not at all

Perfectly

You are evaluating the compliance score in Compliance Manager.
Match the compliance score action subcategories to the appropriate actions.
To answer, drag the appropriate action subcategory from the column on the left to its action on the right. Each action subcategory may be used once, more than once, or not at all.

Action subcategories:
Corrective, detective, preventative

…… encrypt data at rest
…… perform a system access audit
…… make configuration changes in response to security incident.

Preventative encrypt data at rest
Detective perform a system access audit
Corrective make configuration changes in response to a security incident

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Compliance manager can be directly accessed from the …..

1 m365 admin center
2 m365 defender portal
3 m365 compliance center (today microsoft purview)
4 microsoft support portal

3 m365 compliance center ( today microsoft purview)

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 enabling mfa increases the microsoft secure score
2 a higher microsoft secure score means a lower identified risk level in the m365 tenant
3 microsoft secure score measures progress in conpleting action based on controls that include key regulations snd standards for data protection and governance

1 yes
2 yes
3 no

How well did you know this?

Not at all

Perfectly

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. Azure Multi-Factor Authentication (MFA)
C. Azure Active Directory (Azure AD) Identity Protection
D. conditional access policies

A azure ad pim

How well did you know this?

Not at all

Perfectly

In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?

A. Active Directory Federation Services (AD FS)
B. Microsoft Sentinel
C. Azure AD Connect
D. Azure AD Privileged Identity Management (PIM)

Azure Ad connect

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 you can create custome roles in azure ad
2 global administrator is a role in azure ad
3 an azure ad user can be assigned only one role

1 yes
2 yes
3 no

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 azure ad is deployed to an on-premises environment
2 azure ad is provided as part of a m365 subscription
3 azure ad is an identity and access management service

1 no
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

With windows hello for business, a user biometric data used for authentication

1 is stored on an external device
2 is stored on a local device only
3 is stored in azure ad
4 is replicated to all the devices designated by the user

2 is stored on a local device only

How well did you know this?

Not at all

Perfectly

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

A. to control how often users must change their passwords
B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
C. to encrypt a password by using globally recognized encryption standards
D. to prevent users from using specific words in their passwords

D to prevent users from using specific words in their passwords.

How well did you know this?

Not at all

Perfectly

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

A. access reviews
B. managed identities
C. conditional access policies
D. Azure AD Identity Protection

A access reviews

How well did you know this?

Not at all

Perfectly

1 mfa
2 pass-through authentication
3 password writeback
4 single sign-on

Requires additional verufication such as s verification code sent to a mobile phone.

1 mfa

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 conditional access policies can use the device state as a signal
2 conditional access policies apply befor first-factor authentication is complete
3 conditional access policies can trigger mfa if a user attempts to access a specific application.

1 yes
2 no
3 yes

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

1 microsoft defender for cloud apps
2 microsoft defender for endpoint
3 microsoft defender for identity
4 microsoft defender for office 365

….. is a cloud-based solution that leverages on-premises active directory signals to identify, detect and investigate advanced threats.

3 microsoft defender for identity

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Microsoft defender for identity can identify advanced threats from……… signals.

1 azure ad
2 azure ad connect
3 on-premises ad ds

3 on premises ad ds

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Azure ad is ……. Used for authentication and authorization.

1 an extended detection and response (xdr) system
2 an identity provider
3 a management group
4 a security information and event management (SIEM) system

2 an identity provider

How well did you know this?

Not at all

Perfectly

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?

A. conditional access policies
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. authentication method policies

Azure ad privileged identity management (pim)

How well did you know this?

Not at all

Perfectly

Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. text message (SMS)
B. Microsoft Authenticator app
C. email verification
D. phone call
E. security question

A Text message
B Microsoft authenticator app
D Phone call

How well did you know this?

Not at all

Perfectly

Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?

A. sensitivity label policies
B. Customer Lockbox
C. information barriers
D. Privileged Access Management (PAM)

C information barriers

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 conditional access policies can be applied to global administrators
2 conditional access policies are evaluated befor a user is authenticated
3 conditional access policies can use a device platform such as android or ios as a signal

1 yes
2 no
3 yes

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 conditional access policies always enforce the use of mfa
2 conditional access policies can be used to block access to an application based on the location of the user
3 conditional access policies only affect users who have azure ad- joined devices m

1 no
2 yes
3 no

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Application registered in azure ad are associated automatically to a ……..

1 guest account
2 managed identity
3 service principal
4 user account

3 service principal

How well did you know this?

Not at all

Perfectly

Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question

A fingerprint
B facial recognition
C pin

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

When you enable security defaults in azure ad, ………….. will be enabled for all azure ad users.

1 azure ad identity protection
2 azure ad pim
3 mfa

3 mfa

How well did you know this?

Not at all

Perfectly

You have an Azure subscription.
You need to implement approval-based, time-bound role activation.
What should you use?

A. Windows Hello for Business
B. Azure Active Directory (Azure AD) Identity Protection
C. access reviews in Azure Active Directory (Azure AD)
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

D azure ad pim

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 global administrators are exempt from conditional access policies
2 a conditional access policy can add users to azure ad role.
3 conditional access policies can force the use of mfa to access cloud apps

1 nein
2 nein
3 yes

How well did you know this?

Not at all

Perfectly

When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. All users must authenticate from a registered device.
B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.
D. All users must authenticate by using passwordless sign-in.
E. All users must authenticate by using Windows Hello.

B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.

How well did you know this?

Not at all

Perfectly

Which type of identity is created when you register an application with Active Directory (Azure AD)?

A. a user account
B. a user-assigned managed identity
C. a system-assigned managed identity
D. a service principal

D service principal

How well did you know this?

Not at all

Perfectly

Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Configure external access for partner organizations.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.

B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

When using mfa, a password is considered something you …….

1 are
2 have
3 know
4 share

3 know

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 windows hello for business can use the microsoft authenticator app as an authentication method
2 windows hello for business can use a pin code as ab authentication method
3 windows hello for business authentication information syncs across all the devices registered by a user.

1 no
2 yes
3 no

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

An azure resource can use a system-assigned ………. To access azure services.

1 azure ad joined devices
2 managed identity
3 service principal
4 user identity

2 managed identity

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Your can use ……. In the m365 defender portal to identify devices that are affected by an alert.

1 classifications
2 incidents
3 policies
4 secure score

2 incidents

How well did you know this?

Not at all

Perfectly

What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
NOTE: Each correct selection is worth one point.

A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction

A automated investigation and remediation
D attack surface reduction

How well did you know this?

Not at all

Perfectly

Match the Azure networking service to the appropriate description.
To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all.

Services:
Azure bastion, azure firewall, nsg

Answer area:
…… provides network address translation (nat) services
…… provides secure and seamless remote desktop connectivity to azure virtual machines
……. Provides traffic filtering that can be applied to specific network interfaces on a virtual network

1 Azure firewall provides network address translation (nat) services
2 azure bastion provides secure and seamless remote desktop connectivity to azure virtual machines.
3 nsg provides traffic filtering that can be applied to specific network interfaces on a virtual network.

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

1 azure advisor
2 azure bastion
3 azure monitor
4 azure sentinel

Is a cloud-native security information and event management (siem) and security orchestration automated response (soar) solution used to provide a single solution for a alert detection threat visibility proactive hunting and threat response.

4 azure sentinel

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 azure defender can detect vulnerabilities and threats for azure storage
2 cloud security posture management (cspm) is available for all azure subscriptions
3 azure security center (defender for cloud) can evaluate the security of workloads deployed to azure or on-premises

1 yes
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

You can use …….. in the microsoft 365 security center to view an aggregation of alerts that relate to the same attack.

1 reports
2 hunting
3 attack simulator
4 incidents

4 incidents

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 nsg can deny inbound traffic from the internet
2 nsg can deny outbound traffic to the internet
3 nsg can filter traffic based on IP address, protocol and port

1 yes
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 microsoft intune can be used to manage android devices
2 microsoft intune can be used to provision azure subscriptions
3 microsoft intune can be used to manage organization-owned devices and personal devices

1 yes
2 no
3 yes

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 you can create one azure bastion per virtual network
2 azure bastion provides secure user connections by using rdp
3 azure bastion provides a secure connection to an azure virtual machine by using the azure portal

1 yes
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection

D network protection

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

In microsoft sentinel, you can automate common tasks by using……

1 deep investigation tools
2 hunting search and query tools
3 playbooks
4 workbooks

3 playbooks

How well did you know this?

Not at all

Perfectly

Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Azure virtual machines
B. Azure Active Directory (Azure AD) users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E. Microsoft SharePoint Online sites

A. Azure virtual machines

D. Azure virtual networks

How well did you know this?

Not at all

Perfectly

You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?

A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model

C defense in depth

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 microsoft defender for endpoint can protect android devices
2 microsoft defender for endpoint can protect azure virtual machines that run windows 10
3 microsoft defender for endpoint can protect microsoft sharepoint online sites and content from viruses.

1 yes
2 yes
3 no

How well did you know this?

Not at all

Perfectly

What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?

A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint

A microsoft defender for office 365

How well did you know this?

Not at all

Perfectly

Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?

A. integration with the Microsoft 365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks

C integration with microsoft 365 defender

How well did you know this?

Not at all

Perfectly

What can you use to provide threat detection for Azure SQL Managed Instance?

A. Microsoft Secure Score
B. application security groups
C. Microsoft Defender for Cloud
D. Azure Bastion

C microsoft defender for cloud

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1 Microsoft secure score in the m365 security center can provide recommendations for microsoft cloud app security
2 from the m365 defender portal, you can view how your microsoft secure score compares to the organizations like yours.
3 microsoft secure score in the microsoft 365 defender portal gives you points if you address the improvement action by using a third-party application or software.

1 yes
2 yes
3 yes

How well did you know this?

Not at all

Perfectly

Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?

A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
C. conditional access policies
D. resource locks

C conditional access policies

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

1 azure ad pim
2 azure defender
3 azure sentinel
4 microsoft cloud app security (microsoft defender for cloud apps)

….. can use conditional access policies to control sessions in real time.

4 microsoft cloud app security (microsoft defender for cloud apps)

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Azure DDoS protection standard can be used to protect ….

1 azure ad applications
2 Azure ad users
3 resource groups
4 virtual networks

4 virtual networks

How well did you know this?

Not at all

Perfectly

Your company is planning on setting up an Azure AD tenant and an Azure subscription. They are deciding on the right license to use for their Azure AD tenant. Do all of the license offerings have the same set of features?

No+

How well did you know this?

Not at all

Perfectly

Your company is planning on setting up an Azure AD tenant and an Azure subscription. Do you need to have Azure virtual machines for hosting Azure AD?

How well did you know this?

Not at all

Perfectly

Which of the following provides guidance that is designed to help create and implement business and technology strategies for the cloud?

Azure Policy
Microsoft Cloud Adoption Framework
Azure Privileged Identity Management
Microsoft Defender for Endpoint

Microsoft Cloud Adoption Framework

How well did you know this?

Not at all

Perfectly

Which of the following ensures that Microsoft can’t access your content to do services operations without explicit approval?

Customer Lockbox
Data Loss Prevention
eDiscovery
Inforamtion barriers

Customer Lockbox

How well did you know this?

Not at all

Perfectly

Which of the following can be used to identify , hold and export content found in mailboxes and sites?

Customer Lockbox
Data Loss Prevention
eDiscovery
Information barriers

eDiscovery

How well did you know this?

Not at all

Perfectly

Which of the following can be used to manage devices via Microsoft Intune?

Azure Portal
Microsoft 365 Security Center
Microsoft Endpoint Manager admin center

Microsoft Endpoint Manager admin center

How well did you know this?

Not at all

Perfectly

Your company is planning on deploying a number of resources to Azure via the use of their Azure subscription. They want to use Azure Security Center to improve the security posture of their entire environment. Can you use Azure Security Center to evaluate the security of resources across multiple subscriptions?

How well did you know this?

Not at all

Perfectly

Your company is planning on deploying a number of resources to Azure via the use of their Azure subscription. They want to use Azure Security Center to improve the security posture of their entire environment. Would implementing secure management ports for Azure virtual machines in their subscription improve their overall secure score?

How well did you know this?

Not at all

Perfectly

Your company is planning on using the Azure Sentinel service. Which of the following in Azure Sentinel allows to ingest data from external sources?

Workbooks
Analytics
Connectors
Playbooks

Connectors

How well did you know this?

Not at all

Perfectly

Your company is planning on using the Azure Sentinel service. Which of the following in Azure Sentinel allows to correlate alerts into incidents?

Workbooks
Analytics
Connectors
Playbooks

Analytics

How well did you know this?

Not at all

Perfectly

Your company is planning on using the Azure Sentinel service. Which of the following in Azure Sentinel allows to automate common tasks?

Workbooks
Analytics
Connectors
Playbooks

Playbooks

How well did you know this?

Not at all

Perfectly

Your company is planning on using Microsoft Cloud-based services. They want to first check whether Microsoft Cloud services complies with standards such as Service Organization Controls. Which of the following can help provide this information?

Microsoft Endpoint Manager Admin Center
Azure Security Center Secure Score
Microsoft Service Trust Portal

Microsoft Service Trust Portal

How well did you know this?

Not at all

Perfectly

Which of the following is the responsibility of the Azure cloud platform when it comes to the Shared Responsibility model?

Management of information and data
Management of Accounts and Identities
Maintenance of the physical hosts

Maintenance of the physical hosts

How well did you know this?

Not at all

Perfectly

You are reviewing the Zero Trust principles. Is Verify Explicitly a Zero trust principle?

How well did you know this?

Not at all

Perfectly

You are reviewing the Zero Trust principles. Is Assume breach a Zero trust principle?

How well did you know this?

Not at all

Perfectly

You are reviewing Microsoft Privacy principles. Is Control a privacy principal?

1, Yes
2, No

1, Yes

How well did you know this?

Not at all

Perfectly

You are reviewing Microsoft Privacy principles. Is Transparency a privacy principal?

How well did you know this?

Not at all

Perfectly

Your company has just setup an Azure AD tenant and an Azure subscription. They want to make use of features that are available with Azure AD with the appropriate licenses. Which of the following can they use for the following requirement?

“Continually create assessments to review the access of Azure AD users to Azure AD groups”

Azure AD Identity management
Azure AD Access Reviews
Azure AD Privilegedd Identity Management

Azure AD Access Reviews

How well did you know this?

Not at all

Perfectly

“Provide users access to resources only whenever required. Also ensure time-bound access when assigning roles to users”

Azure AD Identity management
Azure AD Access Reviews
Azure AD Privileged Identity Management

Azure AD Privileged Identity Management

How well did you know this?

Not at all

Perfectly

Which of the following is Microsoft Defender for Identity used for?

Protecting identities in Azure Active Directory
Protecting identities in on-premises Active Directory
Protecting identities in M365

Protecting identities in on-premises Active Directory

How well did you know this?

Not at all

Perfectly

Your company is planning on using Azure DDoS Protection. Which of the following does this tool provide protection for?

1, Azure virtual machines
2. Azure virtual networks
3. Azure AD users

Azure virtual networks

How well did you know this?

Not at all

Perfectly

Which of the following is an action that can be carried out by Data Loss Prevention?

Protecting an Azure virtual machine
Show a policy tip when a user is trying to share sensitive information
Encrypt the data that is being stored on an Azure virtual machine

Show a policy tip when a user is trying to share sensitive information

How well did you know this?

Not at all

Perfectly

Which of the following is the process of proving that you say who you say you are?

Authentication
Authorization

Authentication

How well did you know this?

Not at all

Perfectly

Which of the following is the process of granting access to a resource?

Authentication
Authorization

Authorization

How well did you know this?

Not at all

Perfectly

Which of the following are phases of the Microsoft Cloud Adoption Framework? Choose 3 answers from the options given below

Define Epics
Define Strategy
Plan
Deploy
Ready

Define Strategy
Plan
Ready

How well did you know this?

Not at all

Perfectly

When it comes to Infrastructure as a service , does Azure take care of the underlying physical network?

How well did you know this?

Not at all

Perfectly

Your company is planning on implementing hybrid identities. Should they use Azure AD Connect for this purpose?

How well did you know this?

Not at all

Perfectly

Your company is planning on implementing hybrid identities. Do they need to setup a Microsoft 365 subscription for this requirement?

How well did you know this?

Not at all

Perfectly

Your company is planning on implementing Windows Hello for Business. Is Facial recognition one of the authentication methods for Windows Hello for Business?

How well did you know this?

Not at all

Perfectly

Your company is planning on implementing Windows Hello for Business. Does Windows Hello for Business store the biometric data in the local device?

How well did you know this?

Not at all

Perfectly

Your company is planning on using Microsoft Defender for Endpoint. Can you use Microsoft Defender for Endpoint to protect Windows 10-based Azure virtual machines?

How well did you know this?

Not at all

Perfectly

Which of the following provides one central location where you can manage aspects such as Information protection, information governance and data loss prevention?

Azure Security Center
Azure Sentinel
Microsoft 365 compliance center
Microsoft 365 security center

Microsoft 365 compliance center

How well did you know this?

Not at all

Perfectly

Your company is planning on setting up an Azure AD tenant and an Azure subscription. They want to make use of Azure Active Directory. Which of the following best describes the role of Azure Active Directory?

Security manager
An Identity and access management service
A workflow-based application

An Identity and access management service

How well did you know this?

Not at all

Perfectly

Your company is planning on using Microsoft 365. They have setup a subscription on Microsoft 365. Are you able to use Azure Active Directory in Microsoft 365?

How well did you know this?

Not at all

Perfectly

Which of the following helps to detect and block known weak passwords defined in Azure Active Directory?

Azure Sentinel
Azure AD Password Protection
Azure AD Conditional Access

Azure AD Password Protection

How well did you know this?

Not at all

Perfectly

Which of the following is used to add another layer of protection to the sign-in process?

Passthrough authentication
Multifactor authentication
Password authentication

Multifactor authentication

Your company has an Azure subscription and an Azure AD tenant. They have a number of users defined in the Azure AD tenant. They want to make use of Conditional Access policies in Azure AD. Can you use Conditional Access to ensure users undergo the process of Multifactor authentication if they sign in from a particular location?

Your company has an Azure subscription and an Azure AD tenant. They have a number of users defined in the Azure AD tenant. They want to make use of Conditional Access policies in Azure AD. Is Conditional Access enforced before the first-factor authentication is complete?

Your company is planning on using the various Microsoft Defender services. Which of the following would they use for the below requirement?

“Provide a security platform to help enterprise networks prevent, detect, investigate and respond to advanced threats”

Microsoft Defender for office 365
Microsoft Defender for Endpoint
Microsoft Defender for Identity

Microsoft Defender for Endpoint

Your company is planning on using the various Microsoft Defender services. Which of the following would they use for the below requirement?

“Helps to protect against malicious threats posed by email messages, links and collaboration tools”

Microsoft Defender for office 365
Microsoft Defender for Endpoint
Microsoft Defender for identity

Microsoft Defender for office 365

Your company is planning on using the various Microsoft Defender services. Which of the following would they use for the below requirement?

“Helps to identify, detect and investigate advanced threats and compromised identities”

Microsoft Defender for Office 365
Microsoft Defender for Endpoint
Microsoft Defender for Identity

Microsoft Defender for Identity

Which of the following in Microsoft 365 security center helps to identify those devices which have been affected because of an alert?

Playbooks
Analytics
Incidents

Incidents

Your company has setup an Azure subscription and an Azure AD tenant. They want to make use of various services based on certain requirements. Which of the following can be used to fulfil the below requirement?

“Provides a secure way to Remote Desktop onto Azure Windows-based virtual machines”

Azure Firewall
Azure Bastion
Azure Sentinel
Azure Network Security Groups

Azure Bastion

“Provides a way to filter the incoming and outgoing traffic from an Azure virtual machine”

Azure Firewall
Azure Bastion
Azure Sentinel
Azure NSG

Azure NSG

“Provides protection for an Azure virtual network and also provides Network Address Translation services”

Azure Firewall
Azure Bastion
Azure Sentinel
Azure NSG

Azure Firewall

“Provides a cloud-native security information and event management and security orchestration automated response solution”

Azure Firewall
Azure Bastion
Azure Sentinel
Azure NSG

Azure Sentinel

Your company has setup an Azure subscription and an Azure AD tenant. They are planning on using the Azure Security Center service along with Azure Defender. Can they use Azure Defender to detect for vulnerabilities and threats for Azure Storage accounts?

Your company has setup an Azure subscription and an Azure AD tenant. They are planning on using the Azure Security Center service along with Azure Defender. Can they use Azure Security Center to assess the security of workloads that are deployed to their on-premises servers?

Your company is planning on using Microsoft 365 Advanced Audit. Does Microsoft 365 Advanced Audit provide a longer retention for your audit logs over basic auditing?

Your company is planning on using Microsoft 365 Advanced Audit. Does Microsoft 365 Advanced Audit provide information on when email items were accessed?

Your company is planning on using Microsoft 365 Advanced Audit. Does Microsoft 365 Advanced Audit provide High-bandwidth access to the Office 365 Management Activity API?

Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity Protection to enforce Multifactor authentication based on the detected user’s risk?

Your team is planning on using Microsoft 365 sensitivity labels. Can you use sensitivity labels to encrypt emails and documents?

Your team is planning on using Microsoft 365 sensitivity labels. Can you use sensitivity labels to add watermarks to documents?

Your team is planning on using Microsoft 365 sensitivity labels. Can you use sensitivity labels to add watermarks to emails?

Your team is planning on using Microsoft 365 sensitivity labels. Can you use sensitivity labels to add headers and footers to documents?

Your company has just setup an Azure subscription and an Azure AD tenant. They are going to setup resources as part of their Azure subscription. They are planning on making use of the Azure policy service. Can they use the service to automatically remediate non-compliances that are detected by Azure policy?

Which of the following can be used to restrict communication between a set of groups in Microsoft Teams?

Data Loss Prevention
Customer Lockbox
Information barriers
Retention policies

Information barriers

Your company has just setup an Azure account. They want to use services based on various requirements. Which of the following can be used for the below requirement?

“Help to deploy Azure resources across multiple subscriptions in an easy manner”

Azure Resource locks
Azure Policy
Azure Blueprints

Azure Blueprints

Your company has just setup an Azure account. They want to use services based on various requirements. Which of the following can be used for the below requirement?

“Ensure that resources deployed to a subscription adheres to the company’s standards”

Azure Resource locks
Azure Policy
Azure Blueprints

Azure Policy

Your company has just setup an Azure account. They want to use services based on various requirements. Which of the following can be used for the below requirement?

“Prevent the accidental deletion and modification of resources”

Azure Resource locks
Azure Policy
Azure Blueprints

Azure Resource locks

Your company has just setup a couple of Azure virtual machines. They want to make use of Network Security groups. Can you use Network Security Groups to deny traffic outbound to the Internet?

Your company has just setup a couple of Azure virtual machines. They want to make use of Network Security groups. Can you use Network Security Groups to filter traffic based on the source and destination of traffic?

Your company is planning on using Microsoft Intune for managing devices. Can you use Microsoft Intune to manage macOS devices?

Your company is planning on using Microsoft Intune for managing devices. Does Microsoft Intune support personal devices?

Your team has an Azure virtual machine that is part of their Azure subscription. The virtual machine has a disk attached to it. The team has gone ahead and encrypted the disk. What is the concept that has been implemented over here?

Hybrid identities
Encryption at rest
Encryption in transit

Encryption at rest

Which of the following statements describes the difference between Compliance Manager and compliance score?

Compliance Manager is the auditor role who will manage your compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.
Compliance Manager is an end-to-end solution in M365 Compliance Center to enable admins to manage and track compliance activities. Compliance score is a score the organization receives from the auditor role for successful compliance.
Compliance Manager is an end-to-end solution in M365 Compliance Center to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

Compliance Manager is an end-to-end solution in M365 Compliance Center to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

……. use maschine learning to intelligently classify your data.

Sensitive information types
Sensitive labels
Trainable classifier
Regular expressions

Trainable classifier

Which of the following contains a snapshot of items (emails,files) that have a sensitivity or retention label applied or have been classified as a sensitive information type?

Activity Explorer
Content Explorer
Case Notes
Case Overview

Content Explorer

Your use ………. to implement data………

Label policies, classification
Sensitivity labels, protection
Sensitivity labels, retention
Sensitivity labels, classification

Sensitivity labels, classification

Retention policies are used to assign the same retention settings to content at a ……… level or ………… level.

document, site
document, mailbox
Exchange (all mailboxes only) Sharepoint, OneDrive
site, mailbox

site, mailbox

Retention labels are used to assign retention settings at an item level, such as folder, document or email.

True
False

True

What is the difference between a document and a record?

Records include evidence
Records must be retained for an extended period.
Records must be deleted at the end of a retention period.
all of the above

all of the above

Data loss prevention is a way to ensure sensitive information:

is appropriately backed up
is not unintentionally deleted
is not inappropiately shared
is blocked from being shared between departments.

is not inappropiately shared

Which of the following M365 ,compliance solutions is focused on detecting and acting on unethical, illegal and malicious behaviors?

Information barriers
Communication compliance
Information protection
Insider risk management

Insider risk management

Which Microsoft 365 feature is designed to monitor internal user communication for both inadvertent and malicious content that conflicts with corporate policies and standards, such as in appropriate and objectionable language, such as obscenities or harassment?

Insider risk management
Communication compliance
Information barriers
eDiscovery

Communication compliance

Which M365 feature enables administrators to define policies to explicitly prevent communication between group or users within the organization to avoid regulatory breaches and conflict of interest issues?

Insider risk management
Communication compliance
Information barriers
eDiscovery

Information barriers

Which Microsoft 365 feature can you use to restrict users from sending email messages that lists of customers and their associated credit card numbers?

retention policies
conditional access policies
data loss prevention (DLP) policies
information barriers

data loss prevention (DLP) policies

Which M365 compliance feature can you use to encrypt content automatically based on specific conditions ?

eDiscovery
retention policies
Content search
sensitivity labels

sensitivity labels

Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?

Encryption
Deduplication
Archiving
Compression

Encryption

You are considering the use of sensitivity labels in M365. Do sensitivity labels add a header and footer to underlying Office 365 document for which the label is applied?

What is the core function of eDiscovery feature in M365?

To enable discovery of sensitive data across M365 features like Sharepoint, Onedrive, and Teams
To enable identifying and delivering electronic information that can be used as evidence in legal cases.
To enable Microsoft support engineers to identify unprotected data sources that contain sensitive account data in your tenant.

To enable identifying and delivering electronic information that can be used as evidence in legal cases.

The content search tool enables in-place content search across all of the following EXCEPT

Documents in Sharepoint and Onedrive
User acitivties in Azure AD audit logs
Instant messaging conversations in Microsoft Teams
Email content in Exchange online

User acitivties in Azure AD audit logs

Which of the following is not a feature available only in Advanced eDiscovery workflow.

Management of long-running jobs
Creating a legal hold
Analysis of data in a reviews set
Adding non-custodial data sources

Creating a legal hold

What is the name of the unified data governance service that enables end-to-end data lineage

M365 eDiscovery
Data Loss Prevention
Entitlement Management
Azure Purview

Azure Purview

The core audit capabilities of Microsoft 365 enable search across M365 services through

Azure Purview
eDiscovery workflow
a unified audit log
Log Analytics

a unified audit log

Which of the following is a feature of advanced auditing in M365

Faster access to the Office 365 Management Activity API
Longer audit log retention to accommodate forensic and compliance investigations
Both of these
None of these

Both of these

You are looking at the capabilities of Azure AD. Can AAD be used to manage device registrations?

Do all versions of Azure AD have the same set of features?

True
False

False

Which of the following can be used to provide a secure score for the resources defined as a part of your Azure Account?

Security Centre
Key Vault
Azure Information Protection
Azure AD
Application Security Groups

Security Centre

You are looking at the capabilities of Azure AD. Can ADD be used to manage device registrations.

Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?

Azure Defender
Azure Policies
Azure Blueprints
Azure AD

Azure Defender

Custom roles requpire an Azure AD P1 or P2 license.

True
False

True

How many editions of the Azure AD are available?

An organization is launching a new app for its customers. Customers will use a sign-in screen that is customized with the organizations brand identity. Which type of Azure External identity solution should the organization use?

Azure AD B2B
Azure AD B2C
Azure AD Hybrid identities

Azure AD B2C

Your company is planning on using Azure AD. They already have user identities stored in their on-premise AD. They want to sync the user identities from the on-premise AD onto Azure AD. Which of the following could be used?

Azure Blueprints
Azure AD Connect
Azure Identity Protection
Azure Pim

Azure AD Connect

Which of the following Azure AD license types provides the ability to perform “selv-service password reset” for both cloud and on-premise users?

Azure AD free
Office 365 Apps
Azure AD Premium P1
Azure AD Premium P2

Azure AD Premium P1

Select True/False: You can manage an Azure AD tenant by using the Azure portal.

True
False

True

Select True/False: Conditional access policies can be applied only to users who have Azure AD joined devices.

True
False

False

Select True/False: Conditional access policies can be used to block access to an application based on the location of the user.

True
False

True

Select True/False: MFA is required for conditional access policies.

True
False

False

Select True/False. A user risk in Azure AD Identity Protection represents the probability that a given identity or account is compromised

True
2.False

True

Select True/False: Azure AD Identity Protection generates risk detections once a user is authenticated?

True
False

True

Azure AD Identity Protection assigns a risk level of Low, Medium, or High to each risk event

True
False

True

Conditional access policies can use ……………. as a signal that provides the ability to control sessions in real time.

Azure AD
Azure Defender
Azure Sentinel
Azure Cloud App Security
PIM

Azure Cloud App Security

Select True/False: Conditional access policies can trigger MFA if a user attempts to access a specific application.

True
False

True

Which three authentication methods can Azure AD users use to reset their passwords?

picture password
certificate
text message to a phone
security question
mobile app notification

text message to a phone
security question
mobile app notification

True or False: Your company is planning on using Azure Cloud Services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Control a key Microsoft privacy principle?

True
False

True

The compliance team wants to control the use of privileged admin accounts with standing access to sensitive data so that admin receive only the level of access they need when they need it. How can this requirement by implemented?

Use Communication Compliance
Use privileged access management
Use the Audit log
None of the above

Use privileged access management

In the Microsoft Adoption Framework for Azure, which two phases are implemented after the Adopt phase? Each correct answer presents a complete solution.

Plan
Govern
Ready
Manage
Define Strategy

Govern
Manage

In the shared responsibility model for an Azure deployment, what is Customer solely responsible for managing?

A management of mobile devices
The permission for the user data stored in Azure
The creation and management of user accounts
The management of the physical hardware

The creation and management of user accounts

For each of the following statements select Yes if the answer is true. Otherwise select No.

Azure Policy supports automatic remedation.
Azure Policy can be used to ensure that new resources adhere to corporate standards.
Compliance evaluation in Azure Policy occurs only when a target is created or modified

For each of the following statements select Yes if the answer is true. Otherwise select No.

You can add a resource lock to an Azure subscription
You can add only one resource lock to an Azure resource
You can delete a resource group containing resources that have resource locks.

Match the type of attack on the left to the correct description on the right.

a. Brute Force attacks
b. Phishing
c. Spear Phishing
d. Spray attacks

An attack that tries many passwords against one or more accounts, sometimes using dictionaries of commonly used passwords
An attack which attempts to match a username against a list of weak passwords.
An attack which is received in the form of an email that appears to come from a reputable source
A highly targeted from of email attack which can be used to create highly credible mails.

D=2
A=1
B=3
C=4

Match the Azure AD device identity.

A. Azure AD registered devices
B. Azure AD joined devices
C. Hybrid Azure AD joined devices

These devices are owned by an organization and are signed in with an AD DS account belonging to that organization. They exist in the cloud and on-premises.
These devices are typically personally owned, rather than by the organization. They are signed in with a personal Microsoft account or another local account.
These devices exist only in the cloud and are owned by an organization. They are signed in with an organization Azure AD account.

A=2
B=3
C=1

You need to look for a hybrid identity solution between Azure Active Directory (Azure AD) and your onpremises active directory. It needs to provide a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers.

Which authentication method should you use?
A. Password Hash synchronization
B. Pass-through authentication
C. Federated authentication
D. Directory synchronization

B. Pass-through authentication

To improve identity security within the organization, the security team wants to implement Windows Hello for Business. You need to explain the benefits of Windows Hello for Business.
Which statement is true?
A. Windows Hello is an authentication feature built into Windows Server 2012 R26.
B. Windows Hello is an alternative to multi-factor authentication.
C. Windows Hello is a secure feature that uses PINs and bio-metric data to authenticate users.
D. Windows Hello is a feature only for Azure Active Directory premium customers.

Sign-in risk is a signal used by Conditional Access policies to decide whether to grant or deny access.
What is a sign-in risk?
A. The probability that the device is owned by the identity owner.
B. The probability that the authentication request is not authorized by the identity owner.
C. The probability that the user is authorized to view data from a particular application.
D. The probability that a given identity or account is compromised.

Which two Azure Active Directory features can be implemented for end users to see the relevant legal disclaimers or the compliance requirement statement being displayed?
A. Terms of use
B. Conditional Access Policy
C. Privileged Identity Management
D. Identity Protection

A
B

You want to restrict and audit an administrator’s access in Azure Active Directory (Azure AD). Which two Azure AD features can you use to provide just-in-time and audit administrator access to Azure resources?
A. Azure AD conditional access policies
B. Azure AD privileged Identity Management (PIM)
C. Azure AD privileged Access Management (PAM)
D. Azure AD Identity Protection

B
C

Which basic native cost-effective Azure service can be used to filter the traffic to Azure Virtual Machines?
A. Bastion
B. Firewall
C. Network Security Groups
D. DDoS Protection

Select the answer that correctly completes the sentence.
Your Chief Information Security Officer does not want to allow port 3389/22 for connecting to virtual machines in Azure. You need to implement ______________service to securely connect (SSH/RDP) into an Azure Linux/Windows machine through the browser and the Azure portal.

A. Azure Bastion Service
B. Azure Firewall
C. Azure Load Balancer
D. Network Security Group

You need to strengthen your cloud security posture and have a secure score in comparison to industry standards. You also need to view reports of various security configurations done in the environment. Which tool helps you complete these tasks?

A. Azure Sentinel
B. Microsoft Defender for Cloud
C. Azure Firewall
D. Microsoft 365 Defender

Select the answer that correctly completes the sentence.
Azure ______________________ is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution. It provides a single solution for alert detection, threat visibility, proactive hunting, and threat protection.

A. Advisor
B. Bastion
C. Monitor
D. Sentinel

Which three features are additional in Microsoft Defender for Office 365 Plan 2 when compared with the Microsoft Defender for Office 365 Plan 1?
A. Threat Trackers
B. Automated Investigation and response
C. Safe Attachments
D. Anti-phishing Protection
E. Attack Simulator

A
B
E

Select the answer that correctly completes the sentence.
_______________ is one of the tools in the Microsoft 365 Defender portal and is a representation of a company’s security posture.

A. Security Center
B. Secure Score
C. Monitor
D. Sentinel

An organization uses different types of devices, including Windows, iOS, and Android devices. The administrator for that organization wants to create a security baseline profile in Intune that they will apply across the devices.
Which device can the security baseline profile be applied to?

A. Android devices
B. iOS devices
C. Windows devices
D. Android & iOS devices

What is the preferred way to add Microsoft compliance documents and resources that are relevant to your organization in the Service Trust Portal?

A. Save the documents to your My Library.
B. Print each document so you can easily refer to them.
C. Download each document.
D. Go to the resources section

Your organization uses Microsoft Teams to collaborate on all projects. The compliance administrator wants to prevent users from accidentally sharing sensitive information in a Microsoft Teams chat session.
Which capability can address this requirement?

A. Use data loss prevention policies
B. Use Records Management capabilities
C. Use retention policies
D. Use Azure Information Protection

Select the answer that correctly completes the sentence. You need to control the use of administrator accounts with standing access to sensitive data. This will ensure that administrators only receive the level of access they need and at the correct time. You will use a(n) _____________.

A. communication compliance
B. audit log
C. role-based access management
D. privileged access management

You need to use the advanced e-Discovery capability to help your legal team with a case. Which workflow should you use?
A. Search custodial data, add data to a review set, review and analyze data, add custodians to a case, then finally export and download case data.
B. Add custodians to a case, search custodial sources for relevant data, add data to a review set, review and analyze data, then finally export, and download the case data.
C. Add data to a review set, review and analyze data, add custodians to a case, search custodial sources for relevant data, then finally export and download the case data.
D. Review and analyze data in a review set, add custodians to case, add data to review set, export and download case data

Match the Azure service on the left to the correct description on the right.

A. Azure Resource Locks
B. Azure Blueprints
C. Azure Policy
D. Azure Role-based access control

manages who has access to Azure resources, what they can do with those resources, and what areas they can access
enforces standards and assess compliance across your organization
rapidly provisions and runs new environments with the knowledge that they are in line with the organization’s compliance requirements
prevents resources from being accidentally deleted or changed

A4
B3
C2
D1

You have a hybrid infrastructure in place for your organization. What tyoe of identity solution is your organization using if your organization has hashes of the password is stored in the cloud?
1. Pass-through authentication
2. Password hash synchronization
3. Federation authentication
4. None of the above

You want to get alerts for data exfiltration, honeytokens, and other attacks such as account enumeration, remote code execution, etc.
Which of the following tools will you use to get alerts of these attacks on your on-prem AD?

Defender for Endpoint
Defender for Office365
Defender for Identity
4 Defender for AD

Defender for Identity

You have a hybrid infrastructure in place for your organization. What tyoe of identity solution is your organization using if your organization has hashes of the password is stored in the cloud?

Pass-through authentication
Password hash synchronization
Federation authentication
None of the above

Password hash synchronization

Recently your IT team has been under great pressure beacuse of the numerous numbers of requests they have been receiving from the team for password resets. You fínd that this can lead to a bigger security risk for your organization.
What should you recommend being implemented here?

Self-Service password reset (SSPR)
FIDO2
Bitlocker encryption
None of the above

Self-Service password reset (SSPR)

Which feature is more secure than a password?

Hybrid Security
Windows Hello
OAUTH
Security questions

Windows Hello

Azure Sentinel
Microsoft Defender for Cloud
Azure Firewall
Microsoft 365 Defender

Microsoft Defender for Cloud

Select the answer that correctly complete the sentence.

Azure_________ is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution. It provides a single solution for alert detection, threat visibility, proactive hunting and threat protection.

Advisor
Bastion
Monitor
Sentinal

Sentinal

Which three features are additional im Microsoft Defender for Office 365 Plan 2 when compared with the Microsoft Defender for Office Plan 1?

Threat trackers
Automated Investigation and response
Safe Attachments
Anti-phishing protection
Attack Simulator

Threat trackers
Automated Investigation and response
Attack Simulator

Select the answer that correctly complete the sentence.
_______is one of the tools in the Microsoft 365 Defender portal and is a representation of a company‘s security posture.

Security Center
Secure Score
Monitor
Sentinal

Secure Score

Match the Azure service an the left to the correct description on the right.
Azure Service:
1. Azure Resource Locks
2. Azure Blueprints
3. Azure policy
4. Azure RBAC

A. Manages who has access to Azure resources, what they can do with those resources, and what areasy they can access.
B. Enforces standards and assess compliance across your organization
C. Rapidly provisions and runs new environments with the knowledge that they are in line with the organizations compliance requirements.
D. Prevents resources from beeing accidentally deleted or changed.

1=D
2=C
3=B
4=A

Due to certain compliance regulations, your organization needs to keep the data of the clients for 7 years stored to a specific site. You have been asked to find a solution to this issue. What should you recommend?

Sensitivity label
Retention policies
Content explorer
Alert policies

Retention policies

Your organization has a certain business requirement where it needs to continuosly monitor the security status of ist network. What Security Center tool would you recommend?

Continous assessment
Network map
Network assessment
Microsoft Defender

Network map

Your organization named Contorso has most of ist data stored in the Azure Cloud. The security admin wants to have encryption for the data. Which on of the below services would help you in storing your application secrets?

Azure BitLocker
Azure Key Vault
Data encryption
Key management system

Azure Key Vault

Your organization wants you to implement conditional access for the organization. You must grant and deny access for selected users. What must do you do to implement conditional access?

Check that all users have multi-factor authentication enabled.
Remove all Global Admin roles assigned to users
Replace Global Admin roles with specific Azure AD roles.
Create policies that enforce organizational rules.

Create policies that enforce organizational rules.

An employee of your organization informs that he has received a mail which tells that your organization wnats you to change your password for security purposes. But the mail is redirecting to some random website to change username password. Which type of attack it is?

Password-based attacks
Spear phishing
Phishing
Spam

Phishing

In a Core eDiscorvery workflow, what should you do before you can search for content?

Create an eDiscovery hold.
Run Express Analysis
Configure attorney-client privilege detection
Export and download results

Create an eDiscovery hold.

Select the answer that correctly complete the sentence.

________is used to identify, hold and export electronic information that might be used in an investigation.

Customer Lockbox
Data Loss Prevention (DLP)
eDiscorvery
A resource lock

eDiscorvery

Select the answer that correctly complete the sentence.
________can be used to provide Microsoft Support Engineers with access to an organization‘s data stored in Microsoft Exchange Online, Sharepoint Online, and OneDrive for Business.

Customer Lockbox
Information Barriers
Privileged Access Management (PAM)
Sensitivity Labels

Customer Lockbox

Select the answer that correctly complete the sentence.
Compliance Manager assesses compliance data _____ for an organization.

Continually
monthly
On-demand
quarterly

Continually

For each of the following statement, select Yes if the statement is true. Otherwise, select No.

Compliance Manager tracks only custom-managed controls.
Compliance Manager provides predefined templates for
creating assessments.
Compliance Manager can help you assess whether data
adheres to specific data protection standards .

What Azure feature provides application-level filtering and SSL termination?

distributed denial-of-service (DDoS) protection
Azure Firewall
Azure Web Application Firewall (WAF)
4 . Azure Bastion hosts

Azure Web Application Firewall (WAF)

What can you use in Azure to implement network segmentation based on departments?

virtual networks
virtual private networks
Azure Bastion
Azure Private Link

virtual networks

What can you use to connect to Azure virtual machines remotely over RDP and SSH from the Azure portal?

Azure Web Application Firewall (WAF)
Azure AD Identity Protection
Microsoft Defender for Cloud
Azure Bastion

Azure Bastion

You have the following inbound network security group (NSG) security rules in Azure:

AllowVNetInBound with a priority of 65000
AllowAzureLoadBalancerInBound with a priority of 65001
DenyAllInBound with a priority of 65500

No other inbound rules were defined for the NSG.
In which order will the rules be processed?

The AllowVNetInBound rule is processed first. The AllowAzureLoadBalancerInBound rule is processed second. The last rule that will be processed in the NSG, is the DenyAllInBound rule.
The DenyAllInBound rule is processed first. The AllowAzureLoadBalancerInBound rule is processed second. The last rule that will be processed in the NSG is the AllowVNetInBound rule.
The AllowAzureLoadBalancerInBound rule is processed first. The AllowVNetInBound rule is processed second. The last rule that will be processed in the NSG is the DenyAllInBound rule.
4 The DenyAllInBound rule is processed first. The AllowVNetInBound rule is processed second. The last rule that will be processed in the NSG is the AllowVNetInBound rule.

The AllowVNetInBound rule is processed first. The AllowAzureLoadBalancerInBound rule is processed second. The last rule that will be processed in the NSG, is the DenyAllInBound rule.

For which two services can you extend Microsoft Defender for Cloud by obtaining Defender plans? Each correct answer presents a complete solution.

Azure App Service
Azure Storage
ExpressRoute
Azure AD

Azure App Service
Azure Storage

Which two industry frameworks are used in the Azure Security Benchmark? Each correct answer presents a complete solution.

Center for Internet Security (CIS)
Federal Information Processing Standard (FIPS) 140
Open Web Application Security Project (OWASP)
National Institute of Standards and Technology (NIST)

Center for Internet Security (CIS)
National Institute of Standards and Technology (NIST)

What can you use to manage security for a multi-cloud environment that includes Amazon Web Services (AWS) and Google Cloud Platform (GCP)?

Microsoft Defender for Cloud
Microsoft Purview Insider Risk Management
Microsoft Secure Score
Azure AD Privileged Identity Management (PIM)

Microsoft Defender for Cloud

Select the answer that correctly completes the sentence.
[Answer choice] can be used to apply guidance from the Azure Security Benchmark to services such as Azure AD.

Security baselines
Microsoft Sentinel
Microsoft Purview
Compliance policies

Security baselines

What are two characteristics of a security information and event management (SIEM) solution? Each correct answer presents a complete solution.

collection of data from IT estate
correlation of data
action-driven workflows
issue mitigation

collection of data from IT estate
correlation of data

Which two characteristics are part of a security orchestration automated response (SOAR) solution? Each correct answer presents a complete solution.

collection of data from IT estate
correlation of data
action-driven workflows
issue mitigation

action-driven workflows
issue mitigation

What can you use to aggregate security alerts into incidents and to create automated responses to security alerts?

Microsoft Sentinel
Microsoft Defender for Cloud
Microsoft Intune
Microsoft 365 Defender

Microsoft Sentinel

What can you use in Microsoft Sentinel to create visual reports?

workbooks
analytics
playbooks
hunting

workbooks

Which feature is only available in Microsoft Defender for Office 365 Plan 2?

Attack Simulator
Safe Links
Anti-phishing protection
Real-time detections

Attack Simulator

Which feature in Microsoft Defender for Cloud Apps is used to retrieve data from activity logs?

Cloud Discovery
App connectors
policies
the Cloud apps catalog

App connectors

Which three components are protected by using Microsoft Defender? Each correct answer provides a complete solution.

identity
endpoints
applications
analytics
mobile devices

identity
endpoints
applications

Which Microsoft privacy principle defines the use and management of encryption keys?

transparency
security
control
strong legal protection

security

Where can you find independent audit reports and assessments of Microsoft cloud services?

Microsoft Service Trust Portal
Microsoft Cloud Account Manager
https://privacy.microsoft.com/
https://portal.azure.com/

Microsoft Service Trust Portal

What are the three types of controls used in Microsoft Purview Compliance Manager? Each correct answer presents part of the solution.

Microsoft-managed controls, third-party managed controls, and customer-managed controls
Microsoft-managed controls, shared controls, and customer-managed controls
third-party controls, shared controls, and government controls
government controls, customer-managed controls, and shared controls

Microsoft-managed controls, shared controls, and customer-managed controls

What does the compliance score in Compliance Manager measure?

an organization’s capability to deploy security measures
an organization’s progress toward implementing controls
an organization’s capability to assess controls
an organization’s progress in creating controls

an organization’s progress toward implementing controls

Which three roles have permission to sign in to the Microsoft Purview compliance portal? Each correct answer presents a complete solution.

Global Administrator
Compliance Administrator
Compliance Data Administrator
User Administrator
Security Reader

Global Administrator
Compliance Administrator
Compliance Data Administrator

In Microsoft Purview, what can you use to identify invoice numbers in data from your organization?

Content explorer
exact data match (EDM)
trainable classifiers
sensitive info types

sensitive info types

In Microsoft Purview, what should you create to automatically encrypt documents marked by users as sensitive?

a sensitivity label and a sensitivity label policy
a sensitivity label and a retention policy
a retention label and a sensitivity label policy
a retention label and a retention policy

a sensitivity label and a sensitivity label policy

In Microsoft Purview, which type of policy allows you to prevent documents that contain personal identification from being shared outside your organization?

sensitivity label policy
retention policy
data loss prevention (DLP) policy
Azure policy

data loss prevention (DLP) policy

What can be used to set up a unified data governance service that enables end-to-end data lineage?

Active Directory
Microsoft Defender for SQL
Microsoft Purview
Microsoft Intune

Microsoft Purview

In Microsoft Purview, what can you use to detect potential leaks of sensitive data and theft of intellectual property?

Data lifecycle management
eDiscovery
Information protection
Insider risk management

Insider risk management

Which type of policy can you use to prevent user from sharing files with users in other departments?

data loss prevention (DLP) policy
retention policy
Azure policy
information barrier policy

information barrier policy

Which two types communications can Microsoft Purview communication compliance monitor? Each correct answer present part of the solution.

voice calls from Microsoft Teams
Emails in Microsoft Exchange Online
Files in Microsoft SharePoint online
Messages in Microsoft Teams

Emails in Microsoft Exchange Online
Messages in Microsoft Teams

Which statement accurately describes Azure Policy?

Azure Policy is designed to help enforce standards and assess compliance across an organization.
Azure Policy manages who has access to Azure resources, what they can do with the resources, and which areas they can access.
Azure Policy is designed to address the challenges associated with the rapid growth of data and help enterprises get the most value from their information assets.
Azure Policy provides a way to define a repeatable set of Azure resources.

Azure Policy is designed to help enforce standards and assess compliance across an organization.

What is the minimum edition of Azure AD needed to use Azure AD Privilege Identity Management (PIM)?

Free
Office 365 Apps
Azure AD Premium P1
Azure AD Premium P2

Azure AD Premium P2

Which type of identity should you use to allow Azure virtual machines to access Azure Storage without having to handle password changes manually?

user
device
service principal
managed identity

managed identity

You need to allow external users to use either Microsoft accounts or Google accounts to access an application hosted in Azure.
What is the minimum edition of Azure AD that you can use?

Free
Office 365 Apps
Azure AD Premium P1
Azure AD Premium P2

Azure AD Premium P1

Which Azure AD feature allows you to authenticate users by using an on-premises Active Directory domain without needing to connect to on-premises domain controllers?

password hash synchronization
pass-through authentication
federated authentication
Azure AD Privilege Identity Management (PIM)

password hash synchronization

Which two authentication methods are available for self-service password reset (SSPR) in Azure AD? Each correct answer presents a complete solution.

Windows Hello
email
security questions
FIDO2 hardware token

email
security questions

Which Azure AD feature helps reduce help desk calls and the loss of productivity when a user cannot sign in to their device or an application?

Self-service password reset (SSPR)
Identity protection
Conditional Access
Azure AD Password Protection

Self-service password reset (SSPR)

A malicious user is attempting to access many user accounts by using commonly used passwords. The user repeats the action every 20 minutes to avoid triggering an account lockout.
Which Azure AD feature can protect organizations from such attacks?

Windows Hello for Business
Self-service password reset (SSPR)
Conditional Access
Azure AD Password Protection

Azure AD Password Protection

What should you use in Azure AD to provide users with the ability to perform administrative tasks?

app registrations
external identities
groups
roles

roles

Which two signals can be used as part of Conditional Access? Each correct answer presents part of the solution.

group membership
device platform
password length
phone number

device platform
group membership

What is the least privileged Azure AD role that can be used to create and manage users and groups?

Global Administrator
Security Administrator
User Administrator
Teams Administrator

User Administrator

What is the difference between Azure AD role-based access control (RBAC) and Azure RBAC?

Azure AD roles control access to resources such as users, groups, and applications. Azure roles control access to resources, such as virtual machines.
Azure AD roles control access to resources, such as virtual machines. Azure roles control access to resources, such as users, groups, and applications.
Users with Azure AD roles can make purchases and manage subscriptions. Users with Azure roles have access to all the administrative features in Azure AD.
Users with Azure AD roles have access to all the administrative features in Azure AD. Users with Azure roles can make purchases and manage subscriptions.

Azure AD roles control access to resources such as users, groups, and applications. Azure roles control access to resources, such as virtual machines.

What is a user risk in Azure AD Identity Protection?

leaked credentials
atypical travel
password spray
anonymous IP address

leaked credentials

Which service can help mitigate the impact of compromised user accounts?

Microsoft Defender for Cloud
Conditional Access
Azure AD Privileged Identity Management (PIM)
Azure AD Identity Protection

Azure AD Identity Protection

Which three features reduce the chance of a malicious user accessing a sensitive resource or an authorized user inadvertently affecting a sensitive resource? Each correct answers presents a complete solution.

Microsoft Defender for Cloud
Azure AD Identity Protection
Azure AD Privileged Identity Management (PIM)
Microsoft Sentinel
role-based access control (RBAC)

Azure AD Identity Protection
Azure AD Privileged Identity Management (PIM)
role-based access control (RBAC)

Which two authentication methods are available in Azure AD during sign in? Each correct answer presents a complete solution.

password
SMS-based authentication
security questions
driver’s license
calling the Microsoft Helpdesk

password
SMS-based authentication

In the shared security model, which responsibilities are retained by customers when hosting infrastructure as a service (IaaS) virtual machines?

operating system
physical hosts
physical network
physical datacenter

operating system

Which security model uses a layered approach to security, providing mechanisms to stop a breach at the perimeter of each layer?

shared responsibility
defense in depth
Zero Trust
Payment Card Industry Data Security Standards (PCI DSS) compliance

defense in depth

Which encryption method uses the same key to encrypt and decrypt data?

symmetric encryption
asymmetric encryption
hashing

symmetric encryption

What is a guiding principle of the Zero Trust model?

verify explicitly
advance user access
test for breach
trust the local network

verify explicitly

Which encryption method uses a public key and private key pair?

symmetric encryption
shared key
hashing
asymmetric encryption

asymmetric encryption

Which pillar of an identity infrastructure is responsible for defining the level of access a user has over the resources on a network?

administration
authentication
authorization
auditing

authorization

Which identity provider allows you to use software as a service (SaaS) and platform as a service (PaaS) in Azure with the least administrative effort?

Active Directory
Azure AD
Google identity
Facebook identity

Azure AD

Brainscape's Knowledge GenomeTM

SC-900 Flashcards

Brainscape's Knowledge Genome^TM