SC900 Jee Utrecht 1 Flashcards
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Control a key Microsoft privacy principal?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 2). Kindle Edition.
A. Yes
Explanation:
Below are the key privacy principals as addressed by Microsoft Control Transparency Security Strong legal protections No content-based targeting Benefits to you When it comes to control, this gives control to the customer when it comes to privacy
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 2). Kindle Edition.
Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Transparency a key Microsoft privacy principal?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 3). Kindle Edition.
A. Yes
Explanation:
Below are the key privacy principals as addressed by Microsoft Control Transparency Security Strong legal protections No content-based targeting Benefits to you When it comes to Transparency, Microsoft tells us that they are transparent when it comes to data collection.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 3). Kindle Edition.
Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is the Shared Responsibility Model a key Microsoft privacy principal?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 4). Kindle Edition.
B. No
Explanation:
Shared Responsibility is not a key Microsoft Privacy principal Below are the key privacy principals as addressed by Microsoft Control Transparency Security Strong legal protections No content-based targeting Benefits to you
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 4). Kindle Edition.
Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is Verify explicitly a Zero Trust principle?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 5). Kindle Edition.
A. Yes
Explanation:
Yes . Here you have to ensure that not everyone is provided access to a system. Here you should always authenticate and authorize users. The principles when it comes to Zero trust are Verify explicitly Use least privileged access Assume breach
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 5). Kindle Edition.
Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is assume breach a Zero Trust principle?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 6). Kindle Edition.
A. Yes
Explanation:
Yes . here you need to ensure that you implement the required network controls , have threat detection in place to reduce breaches into your system The principles when it comes to Zero trust are Verify explicitly Use least privileged access Assume breach
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 6). Kindle Edition.
Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?
A. Encryption
B. Deduplication
C. Archiving
D. Compression
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 7). Kindle Edition.
A. Encryption
Explanation:
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can then be used to decrypt and read the data. Option B is incorrectsince this is normally used to eliminate duplicate copies of repeating data Option C is incorrectsince this is normally used to store data that is not used that frequently Option D is incorrectsince this is normally used to reduce the storage size of data
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 7). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Which of the following is the process of checking if a signed-in user has access to a particular resource in Azure?
A. Authentication
B. Authorization
C. Conditional Access
D. Resource locks
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 8). Kindle Edition.
B. Authorization
Explanation:
After a user has signed in, the user is checked to see if they have access to resources. If a user tries to access a resource, it would be checked on whether they first have the right to access the resource. This process is known as authorization. Option A is incorrectsince this is used to check if a person is really who they say they are Option Cis incorrectsince this is used to provide a conditional way to authenticate to Azure Option Dis incorrectsince this is used to lock resources in Azure
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 8). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions A company is planning on using Azure Active Directory. Which of the following is used to describe the exact term for Azure Active Directory?
A. Federation server
B. Identity Provider
C. Proxy server
D. Firewall
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 9). Kindle Edition.
B. Identity Provider
Explanation:
Azure Active Directory is Microsoft’s identity provider. This is used for storage of identities and for access management. Both Azure and Microsoft Office 365 can use Azure Active Directory for identity and access management All of the other options are incorrect since Azure Active Directory is used for identity and access management.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 9). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following are the authentication techniques available for Windows Hello for business? Choose 3 answers from the options given below
A. PIN
B. Facial Recognition
C. Email message
D. Password
E. Fingerprint recognition
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 10). Kindle Edition.
A. PIN
B. Facial Recognition
E. Fingerprint recognition
Explanation:
The entire purpose of Windows Hello for business is to ensure passwords are not used in the authentication process. Here uses can use other techniques for authentication via the usage of PIN’s and biometric recognition. Options C and D are incorrectsince Windows Hello for Business tries to ensure that secure measures are used for the authentication process.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 10). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure Active Directory for the storage of identities. They want to make use of the self-service password reset feature. Which of the following authentication methods are available for self-service password reset? Choose 3 answers from the options given below
A. Email
B. A passport identification number
C. A picture message
D. Mobile app notification
E. Mobile app code
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 11). Kindle Edition.
A. Email
D. Mobile app notification
E. Mobile app code
Explanation:
Below are the authentication methods available for self-service password reset Mobile app notification Mobile app code Email Mobile phone Office phone Security questions Since the authentication methods are clearly mentioned, all other options are incorrect
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 11). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure Active Directory. They already have user identities stored in their on-premises Active Directory. They want to sync the user identities from their on-premises Active Directory onto Azure Active Directory. Which of the following could be used for this purpose?
A. Azure Blueprints
B. Azure AD Connect
C. Azure Identity Protection
D. Azure Privileged Identity Management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 13). Kindle Edition.
B. Azure AD Connect
Explanation:
Azure AD Connect is used to synchronize identities from the on-premises Active Directory onto Azure Active Directory. There are different methods available for user identity synchronization. Option A is incorrectsince this is used to define a repeatable set of Azure resources Option C is incorrectsince this is used for securing identities in Azure AD Option D is incorrectsince this is used for providing just-in-time access to resources in Azure AD
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 13). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on making use of Azure Active Directory. Do all versions of Azure Active Directory provide the same set of features?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 15). Kindle Edition.
B. No
Explanation:
There are different pricing models available for Azure Active Directory. The most basic version is the Free model. Here there is a limitation in terms of features. For example, you will not get features such as A service level agreement Self-service password reset for cloud users Group access management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 15). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on making use of Azure Active Directory. Does the company need to create a virtual machine in Azure for hosting Active Directory?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 16). Kindle Edition.
B. No
Explanation:
Azure Active Directory is a completely managed service. Here the underlying infrastructure is managed by Azure. You don’t need to create any virtual machines for hosting Active Directory.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 16). Kindle Edition.
Domain:Describe the capabilities of Microsoft security solutions Your company is planning on making use of Network Security Groups. Can you make use of network security groups to deny all inbound traffic from the Internet?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 17). Kindle Edition.
A. Yes
Explanation:
By default, there is a rule in the Network security group that blocks all network traffic except for that within the Azure virtual network. This rule will block all traffic from the Internet. For more information on Azure network security groups , please refer to the below URL
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 17). Kindle Edition.
Your company is planning on making use of Network Security Groups. Can you make use of network security groups to deny all outbound traffic to the Internet?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 18). Kindle Edition.
A. Yes
Explanation:
In the network security group, you can create a rule that would deny all outbound traffic to the Internet. An example is shown below For more information on Azure network security groups , please refer to the below URL
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 18). Kindle Edition.
Domain:Describe the capabilities of Microsoft security solutions Your company is planning on making use of Network Security Groups. Can you make use of network security groups to filter traffic based on the IP address, protocol and port number?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 19). Kindle Edition.
A. Yes
Explanation:
For a network security group rule, you can create a rule that is based on the IP address, the protocol and the port number. An example screenshot is given below which shows the IP address, the protocol and the port number.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 19). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Which of the following can be used to provide just-in-time access to resources?
A. Azure AD Identity Protection
B. Azure AD Privileged Identity Management
C. Azure Multi-Factor Authentication
D. Azure Blueprints
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 22). Kindle Edition.
B. Azure AD Privileged Identity Management
Explanation:
Azure AD Privileged Identity Management can be used to provide just-in-time access to your resources. In Azure AD Privileged Identity Management, you can add assignments to resources to users in Azure. An example screenshot is given below Option A is incorrectsince this is used for securing identities in Azure AD Option C is incorrectsince this is used as an extra level of authentication during the entire authentication process Option D is incorrectsince this is used to define a repeatable set of Azure resources
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 22-23). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to provide access to resources in Azure?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 24). Kindle Edition.
B. No
Explanation:
Azure AD Identity protection is used to identify risks based on the user sign-in process. It is not used to provide access to resources in Azure.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 24). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to enforce multi-factor authentication for users based on a sign-risk policy?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 25). Kindle Edition.
A. Yes
Explanation:
In Azure AD Identity Protection, you can configure the Sign-in risk policy to allow access and enforce the use of Multi-Factor Authentication.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 25). Kindle Edition.
Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure AD Identity Protection. Does Azure AD Identity protection categorize events into Low, Medium and High?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 26). Kindle Edition.
A. Yes
Explanation:
When you configure a risk policy in Azure AD Identity Protection, you can decide on the category of risks. This is because all of the identified risks are categorized into High, Medium or Low risks.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 26). Kindle Edition.
Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?
A. Azure Security Center
B. Azure key Vaults
C. Azure Sentinel
D. Azure Information Protection
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 28). Kindle Edition.
A. Azure Security Center
Explanation:
You can accomplish this with the help of Azure Security Center If you go to Azure Security Center, in the Overview you can see the secure score. Since this is clearly shown in Azure Security Center, all other options are incorrect
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 28-29). Kindle Edition.
You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Provide Network address translation”
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 30). Kindle Edition.
B. Azure Firewall
Explanation:
The Azure Firewall service has the facility to translate traffic via its public IP address to private IP addresses to virtual networks Option A is incorrectsince this provides a service to RDP/SSH into your Azure virtual machines Option C is incorrectsince this is used to filter the traffic to your Azure virtual machines Option D is incorrectsince this is used to protect your Azure resources against large scale attacks from the Internet
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 30). Kindle Edition.
You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Provide protection against large scale internet attacks”
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 31). Kindle Edition.
D. Azure DDoS Protection
Explanation:
You can use the Azure DDoS service to protect against large scale Internet-based attacks. Option A is incorrectsince this provides a service to RDP/SSH into your Azure virtual machines Option B is incorrectsince this is a managed firewall service Option C is incorrectsince this is used to filter the traffic to your Azure virtual machines
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 31). Kindle Edition.
You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Filter traffic to Azure virtual machines”
A. Azure Bastion
B. Azure Defender
C. Network Security Groups
D. Azure DDoS Protection
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 32). Kindle Edition.
C. Network Security Groups
Explanation:
You can use Azure Network Security groups to filter traffic to and from resources that are located in an Azure virtual network. Option A is incorrectsince this provides a service to RDP/SSH into your Azure virtual machines Option B is incorrectsince this is a unified security solution for identifying vulnerabilities, and threats especially with respect to IoT devices. Option D is incorrectsince this is used to protect your Azure resources against large scale attacks from the Internet
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 32). Kindle Edition.
You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Provide a secure way to RDP/SSH into Azure virtual machines”
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 34). Kindle Edition.
A. Azure Bastion
Explanation:
The Azure Bastion service is a managed service that allows you to connect to an Azure virtual machine via the browser and the Azure portal. Option B is incorrectsince this is a managed firewall service Option C is incorrectsince this is used to filter the traffic to your Azure virtual machines Option D is incorrectsince this is used to protect your Azure resources against large scale attacks from the Internet
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 34). Kindle Edition.
Which of the following provides XDR capabilities that helps to protect multi-cloud and hybrid workloads?
A. Azure Policy
B. Azure Defender
C. Azure Blueprints
D. Azure Identity Protection
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 35). Kindle Edition.
B. Azure Defender
Explanation:
Azure Defender now has the capabilities to deliver XDR-based capabilities that helps to protect both multi-cloud and hybrid workloads. Azure Defender comes as part of the Azure Security suite of features. Option A is incorrectsince this is a governance-based service for your Azure account Option C is incorrectsince this is used to deploy various artifacts to your Azure subscriptions Option D is incorrectsince this is used to protect your identities in Azure Active Directory
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 35). Kindle Edition.
You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect Windows 2016-based Azure virtual machines?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 36). Kindle Edition.
A. Yes
Explanation:
You can on-board servers such as Windows Server 2012 and 2016 to the Microsoft Defender for Endpoint service.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 36). Kindle Edition.
You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect Windows 10 machines?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 37). Kindle Edition.
A. Yes
Explanation:
Yes, Windows 10 devices are also supported for Microsoft Defender for Endpoint service
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 37). Kindle Edition.
You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect Sharepoint online?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 38). Kindle Edition.
B. No
Explanation:
You can’t use Microsoft Defender for Endpoint to protect Sharepoint sites
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 38). Kindle Edition.
You have to enroll devices into Microsoft Intune. Can you enroll your Window 10 devices into Microsoft Intune?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 39). Kindle Edition.
A. Yes
Explanation:
When you enroll your Windows 10 devices into Microsoft Intune, you then get mobile access to your work and school applications, email and Wi-Fi.
Utrecht, Jee. SC-900 Practic`e Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 39). Kindle Edition.
You have to enroll devices into Microsoft Intune. Can you enroll your Android devices into Microsoft Intune?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 40). Kindle Edition.
A. Yes
Explanation:
When you enroll your Android devices into Microsoft Intune, you then get mobile access to your work and school applications, email and WiFi
You have to enroll devices into Microsoft Intune. Can you enroll both your organization-provided and personal devices?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 41). Kindle Edition.
A. Yes
Explanation:
You can enroll both organization provided devices and personal devices into Microsoft Intune
Your company is planning on using Microsoft 365 security center to review the security for their Microsoft Office 365 deployments. Which of the following categories are available for the cards in Microsoft office 365 security center? Choose 3 answers from the options given below
A. Identities
B. Devices
C. Groups
D. Apps
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 42). Kindle Edition.
A. Identities
B. Devices
D. Apps
Explanation:
When it comes to the categories for Microsoft office 365 security center, the following are available Identities – This helps to monitor the identities in the organization. It helps to keep track of suspicious or risky behaviours when it comes to the defined identities Data – Here user activity can be tracked that could lead to unauthorized data disclosure Devices – This helps to look at threats on the devices Apps – This helps to gain better insight into the applications used in the organization
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 42). Kindle Edition.
What is the maximum time frame for which you can retain audit logs in Microsoft 365?
A. 1 month
B. 1 year
C. 5 years
D. 10 years
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 44). Kindle Edition.
D. 10 years
Explanation:
With long-term retention in audit logs, you can retain logs for up-to 10 years. This can allow your security team to perform long running investigations if required on the data. Since Microsoft 365 Advanced auditing supports auditing of up to 10 years, all other options are incorrect
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 44). Kindle Edition.
Your company has just setup an Azure subscription. They have the following requirements “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.” “Be able to ensure no one can delete resources defined in a resource group named AWS-staging” “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed” Which of the following can be used for the following requirement? “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”
A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource locks
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 45). Kindle Edition.
B. Azure Blueprints
Explanation:
You can use Azure Blueprints to deploy a set of artifacts. The artifacts can be resources as ARM templates, resource groups and role assignments. Below is a screenshot of the artifacts that can be deployed via Azure Blueprints Option A is incorrectsince this is used as a governance for your resources defined as part of your Azure account Option C is incorrectsince this is used to protect your identities in Azure AD Option D is incorrectsince this is used to prevent the accidental deletion and modification of resources in Azure
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 45-46). Kindle Edition.
Your company has just set up an Azure subscription. They have the following requirements. “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.” “Be able to ensure no one can delete resources defined in a resource group named AWS-staging” “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed” Which of the following can be applied to meet the below requirement?
“Be able to ensure no one can delete resources defined in a resource group named AWS-rg”
A. Apply lock to an Azure Policy
B. Apply lock to an Azure Blueprints
C. Apply lock to an Azure AD Identity Protection
D. Apply lock to an Azure Resource Group
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 47). Kindle Edition.
D. Apply lock to an Azure Resource Group
Explanation:
Here you can define a lock on an Azure resource group. This would ensure that no one accidentally deletes resources in a resource group. A screenshot shown below shows that you can add a delete lock to a resource group for this requirement. Option A is incorrectbecause it is an invalid option, Azure Policy is used as governance for your resources defined as part of your Azure account. Option B is incorrectbecause it is an invalid option, Azure Blueprints is used to deploy artifacts such as ARM templates, resource groups, role assignments. Option C is incorrectbecause it is an invalid option, Azure AD Identity Protection is used to protect your identities in Azure AD.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 47-48). Kindle Edition.
Your company has just setup an Azure subscription. They have the following requirements “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.” “Be able to ensure no one can delete resources defined in a resource group named AWS-staging” “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed” Which of the following can be used for the following requirement? “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed”
A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource locks
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 49). Kindle Edition.
A. Azure Policy
Explanation:
Here you can define an Azure policy. The policy can ensure that all Windows server based Azure virtual machines have the Microsoft IaaS Antimalware extension installed The below screenshot shows the policy that you can use for this requirement Option B is incorrectsince this is used to deploy artifacts such as ARM templates, resource groups , role assignments Option C is incorrectsince this is used to protect your identities in Azure AD Option D is incorrectsince this is used to prevent the accidental deletion and modification of resources in Azure
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 49-50). Kindle Edition.
Which of the following allows you to invite guest users and provide them access to Azure resources within your organization?
A. Azure Identity Protection
B. Azure Privileged Identity Management
C. Azure Active Directory B2B
D. Azure AD Connect
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 51). Kindle Edition.
C. Azure Active Directory B2B
Explanation:
With Azure Active Directory B2B , you can actually invite users from external partners. You can then securely give them access to Azure resources within your organization. Option A is incorrectsince this is used for protection of identities Option B is incorrectsince this is used to give just-in-time access to resources in Azure Option D is incorrectsince this is used to sync your on-premises identities to Azure Active Directory
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 51). Kindle Edition.
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels can be used to encrypt the contents in documents?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 52). Kindle Edition.
A. Yes
Explanation:
When you apply a “Confidential” label to a document, the label will encrypt the content in the document.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 52). Kindle Edition.
You are considering the use of sensitivity labels in Microsoft 365. Do sensitivity labels add a header and footer to the underlying Office 365 document for which the label is applied?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 53). Kindle Edition.
A. Yes
Explanation:
When you apply a sensitivity label to a document, it will also add a header and footer to the document.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 53). Kindle Edition.
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations”
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 55). Kindle Edition.
B. Content Search Tool
Explanation:
With the Content Search tool, you can quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations. You can also search for instant messaging conversations in Microsoft teams as well. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option C is incorrectbecause this is used to give Microsoft support engineers access to user’s data if they need to debug an issue Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 55-56). Kindle Edition.
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization”
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 57). Kindle Edition.
A. Information Barriers
Explanation:
Sometimes it might be required to ensure communication is not possible between two groups of people. This could be because of a potential conflict of interest between both parties. In this case , you can make use of Information Barriers. Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option C is incorrectbecause this is used to give Microsoft support engineers access to user’s data if they need to debug an issue Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 57-58). Kindle Edition.
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Provide access to a Microsoft support engineer to a user’s Exchange Online data”
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 59). Kindle Edition.
C. Customer Lockbox
Explanation:
Sometimes Microsoft Engineers need access to user’s data to diagnose an issue. This can be done with the help of the Customer Lockbox feature. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 59-60). Kindle Edition.
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Provide access to a Microsoft support engineer to a user’s Exchange Online data”
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 59). Kindle Edition.
C. Customer Lockbox
Explanation:
Sometimes Microsoft Engineers need access to user’s data to diagnose an issue. This can be done with the help of the Customer Lockbox feature. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 59-60). Kindle Edition.
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Provide just-in-time access to users in Microsoft Office 365 Exchange Online”
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 61). Kindle Edition.
D. Privileged Access Management
Explanation:
You can make use of privileged access management to provide just-in-time access to services in Microsoft 365. So instead of giving prior access, here you can ensure that access is only provided whenever it is required. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option C is incorrectbecause this is used to give Microsoft support engineers access to user’s data if they need to debug an issue
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 61-62). Kindle Edition.
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely RDP into an Azure Windows virtual machine via the browser and the Azure portal?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 63). Kindle Edition.
A. Yes
Explanation:
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines. Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a Windows Azure virtual machine or SSH into a Linux Azure virtual machine.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 63). Kindle Edition.
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely SSH into an Azure Linux virtual machine via the browser and the Azure portal?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 64). Kindle Edition.
A. Yes
Explanation:
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines. Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a Windows Azure virtual machine or SSH into a Linux Azure virtual machine.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 64). Kindle Edition.
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure virtual machine?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 65). Kindle Edition.
B. No
Explanation:
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine. For this you will need to use Network Security groups. The Azure Bastion service is used to RDP/SSH into an Azure virtual machine via the Azure portal and the browser.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 65). Kindle Edition.
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can you ensure a lockout of the user’s account occurs after five login simultaneous attempts?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 66). Kindle Edition.
A. Yes
Explanation:
You can define the lockout threshold for the user in the password protection policy as shown below.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 66). Kindle Edition.
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can you ensure a user does not have the product’s name as part of the password defined by the user?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 68). Kindle Edition.
A. Yes
Explanation:
You can define your own custom word list when it comes to banned passwords that users can set. A screenshot of where this can be defined is shown below
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 68). Kindle Edition.
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can you enable password protection for Windows Server Active directory from Azure AD password protection?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 70). Kindle Edition.
A. Yes
Explanation:
Yes, if you go to Password protection in Azure AD , you can also enable password protection for Windows Server Active Directory as shown below
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 70). Kindle Edition.
You are the Azure Administrator for your organization and you are beginning to use Azure Active Directory. Are the below users the intended users of Azure Active Directory? Microsoft 365 Users Office 365 Users Azure, or Dynamics CRM Online subscribers
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 72). Kindle Edition.
A. Yes
Explanation:
Yes, the given users are the intended users of Azure Active Directory. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 72). Kindle Edition.
You are using Azure Active Directory and you need to grant users the ability to create application registrations. So, you decide to grant the role ‘Application Administrator’ to the users. Does this role meet the requirement?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 73). Kindle Edition.
A. Yes
Explanation:
The Application Administrator role will provide the ability to create application registrations. In Azure Active Directory (Azure AD), if another administrator or non-administrator needs to manage Azure AD resources, you assign them an Azure AD role that provides the permissions they need. For example, you can assign roles to allow adding or changing users, resetting user passwords, managing user licenses or managing domain names.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 73). Kindle Edition.
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to manage device registrations in Azure Active Directory?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 75). Kindle Edition.
A. Yes
Explanation:
Yes, you can go to All devices and manage devices in Azure Active Directory The screenshot below shows the devices page in Azure Active Directory
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 75). Kindle Edition.
You are currently using Azure Security to evaluate the security of resources defined as part of your Azure subscription. Can you download various regulatory compliance reports from Azure Security Center?
A. Yes
B. No
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 76). Kindle Edition.
A. Yes
Explanation:
In the regulatory compliance dashboard, you have the ability to download the various compliance reports as shown below.
Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 76). Kindle Edition.
