Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC900 > SC900 Jee Utrecht 1 > Flashcards

SC900 Jee Utrecht 1 Flashcards

1
Q

Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Control a key Microsoft privacy principal?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 2). Kindle Edition.

A

A. Yes

Explanation:
Below are the key privacy principals as addressed by Microsoft Control Transparency Security Strong legal protections No content-based targeting Benefits to you When it comes to control, this gives control to the customer when it comes to privacy

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 2). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Transparency a key Microsoft privacy principal?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 3). Kindle Edition.

A

A. Yes

Explanation:
Below are the key privacy principals as addressed by Microsoft Control Transparency Security Strong legal protections No content-based targeting Benefits to you When it comes to Transparency, Microsoft tells us that they are transparent when it comes to data collection.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 3). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is the Shared Responsibility Model a key Microsoft privacy principal?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 4). Kindle Edition.

A

B. No

Explanation:
Shared Responsibility is not a key Microsoft Privacy principal Below are the key privacy principals as addressed by Microsoft Control Transparency Security Strong legal protections No content-based targeting Benefits to you

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 4). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is Verify explicitly a Zero Trust principle?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 5). Kindle Edition.

A

A. Yes

Explanation:
Yes . Here you have to ensure that not everyone is provided access to a system. Here you should always authenticate and authorize users. The principles when it comes to Zero trust are Verify explicitly Use least privileged access Assume breach

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 5). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is assume breach a Zero Trust principle?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 6). Kindle Edition.

A

A. Yes

Explanation:
Yes . here you need to ensure that you implement the required network controls , have threat detection in place to reduce breaches into your system The principles when it comes to Zero trust are Verify explicitly Use least privileged access Assume breach

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 6). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain:Describe the concepts of security, compliance, and identity Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?

A. Encryption
B. Deduplication
C. Archiving
D. Compression

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 7). Kindle Edition.

A

A. Encryption

Explanation:
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can then be used to decrypt and read the data. Option B is incorrectsince this is normally used to eliminate duplicate copies of repeating data Option C is incorrectsince this is normally used to store data that is not used that frequently Option D is incorrectsince this is normally used to reduce the storage size of data

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 7). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Which of the following is the process of checking if a signed-in user has access to a particular resource in Azure?

A. Authentication
B. Authorization
C. Conditional Access
D. Resource locks

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 8). Kindle Edition.

A

B. Authorization

Explanation:
After a user has signed in, the user is checked to see if they have access to resources. If a user tries to access a resource, it would be checked on whether they first have the right to access the resource. This process is known as authorization. Option A is incorrectsince this is used to check if a person is really who they say they are Option Cis incorrectsince this is used to provide a conditional way to authenticate to Azure Option Dis incorrectsince this is used to lock resources in Azure

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 8). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions A company is planning on using Azure Active Directory. Which of the following is used to describe the exact term for Azure Active Directory?

A. Federation server
B. Identity Provider
C. Proxy server
D. Firewall

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 9). Kindle Edition.

A

B. Identity Provider

Explanation:
Azure Active Directory is Microsoft’s identity provider. This is used for storage of identities and for access management. Both Azure and Microsoft Office 365 can use Azure Active Directory for identity and access management All of the other options are incorrect since Azure Active Directory is used for identity and access management.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 9). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following are the authentication techniques available for Windows Hello for business? Choose 3 answers from the options given below

A. PIN
B. Facial Recognition
C. Email message
D. Password
E. Fingerprint recognition

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 10). Kindle Edition.

A

A. PIN
B. Facial Recognition
E. Fingerprint recognition

Explanation:
The entire purpose of Windows Hello for business is to ensure passwords are not used in the authentication process. Here uses can use other techniques for authentication via the usage of PIN’s and biometric recognition. Options C and D are incorrectsince Windows Hello for Business tries to ensure that secure measures are used for the authentication process.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 10). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure Active Directory for the storage of identities. They want to make use of the self-service password reset feature. Which of the following authentication methods are available for self-service password reset? Choose 3 answers from the options given below

A. Email
B. A passport identification number
C. A picture message
D. Mobile app notification
E. Mobile app code

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 11). Kindle Edition.

A

A. Email
D. Mobile app notification
E. Mobile app code

Explanation:
Below are the authentication methods available for self-service password reset Mobile app notification Mobile app code Email Mobile phone Office phone Security questions Since the authentication methods are clearly mentioned, all other options are incorrect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 11). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure Active Directory. They already have user identities stored in their on-premises Active Directory. They want to sync the user identities from their on-premises Active Directory onto Azure Active Directory. Which of the following could be used for this purpose?

A. Azure Blueprints
B. Azure AD Connect
C. Azure Identity Protection
D. Azure Privileged Identity Management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 13). Kindle Edition.

A

B. Azure AD Connect

Explanation:
Azure AD Connect is used to synchronize identities from the on-premises Active Directory onto Azure Active Directory. There are different methods available for user identity synchronization. Option A is incorrectsince this is used to define a repeatable set of Azure resources Option C is incorrectsince this is used for securing identities in Azure AD Option D is incorrectsince this is used for providing just-in-time access to resources in Azure AD

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 13). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on making use of Azure Active Directory. Do all versions of Azure Active Directory provide the same set of features?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 15). Kindle Edition.

A

B. No

Explanation:
There are different pricing models available for Azure Active Directory. The most basic version is the Free model. Here there is a limitation in terms of features. For example, you will not get features such as A service level agreement Self-service password reset for cloud users Group access management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 15). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on making use of Azure Active Directory. Does the company need to create a virtual machine in Azure for hosting Active Directory?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 16). Kindle Edition.

A

B. No

Explanation:
Azure Active Directory is a completely managed service. Here the underlying infrastructure is managed by Azure. You don’t need to create any virtual machines for hosting Active Directory.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 16). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Domain:Describe the capabilities of Microsoft security solutions Your company is planning on making use of Network Security Groups. Can you make use of network security groups to deny all inbound traffic from the Internet?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 17). Kindle Edition.

A

A. Yes

Explanation:
By default, there is a rule in the Network security group that blocks all network traffic except for that within the Azure virtual network. This rule will block all traffic from the Internet. For more information on Azure network security groups , please refer to the below URL

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 17). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company is planning on making use of Network Security Groups. Can you make use of network security groups to deny all outbound traffic to the Internet?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 18). Kindle Edition.

A

A. Yes

Explanation:
In the network security group, you can create a rule that would deny all outbound traffic to the Internet. An example is shown below For more information on Azure network security groups , please refer to the below URL

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 18). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Domain:Describe the capabilities of Microsoft security solutions Your company is planning on making use of Network Security Groups. Can you make use of network security groups to filter traffic based on the IP address, protocol and port number?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 19). Kindle Edition.

A

A. Yes

Explanation:
For a network security group rule, you can create a rule that is based on the IP address, the protocol and the port number. An example screenshot is given below which shows the IP address, the protocol and the port number.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 19). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Which of the following can be used to provide just-in-time access to resources?

A. Azure AD Identity Protection
B. Azure AD Privileged Identity Management
C. Azure Multi-Factor Authentication
D. Azure Blueprints

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 22). Kindle Edition.

A

B. Azure AD Privileged Identity Management

Explanation:
Azure AD Privileged Identity Management can be used to provide just-in-time access to your resources. In Azure AD Privileged Identity Management, you can add assignments to resources to users in Azure. An example screenshot is given below Option A is incorrectsince this is used for securing identities in Azure AD Option C is incorrectsince this is used as an extra level of authentication during the entire authentication process Option D is incorrectsince this is used to define a repeatable set of Azure resources

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 22-23). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to provide access to resources in Azure?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 24). Kindle Edition.

A

B. No

Explanation:
Azure AD Identity protection is used to identify risks based on the user sign-in process. It is not used to provide access to resources in Azure.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 24). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to enforce multi-factor authentication for users based on a sign-risk policy?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 25). Kindle Edition.

A

A. Yes

Explanation:
In Azure AD Identity Protection, you can configure the Sign-in risk policy to allow access and enforce the use of Multi-Factor Authentication.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 25). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Domain:Describe the capabilities of Microsoft identity and access management solutions Your company is planning on using Azure AD Identity Protection. Does Azure AD Identity protection categorize events into Low, Medium and High?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 26). Kindle Edition.

A

A. Yes

Explanation:
When you configure a risk policy in Azure AD Identity Protection, you can decide on the category of risks. This is because all of the identified risks are categorized into High, Medium or Low risks.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 26). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?

A. Azure Security Center
B. Azure key Vaults
C. Azure Sentinel
D. Azure Information Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 28). Kindle Edition.

A

A. Azure Security Center

Explanation:
You can accomplish this with the help of Azure Security Center If you go to Azure Security Center, in the Overview you can see the secure score. Since this is clearly shown in Azure Security Center, all other options are incorrect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 28-29). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Provide Network address translation”

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 30). Kindle Edition.

A

B. Azure Firewall

Explanation:
The Azure Firewall service has the facility to translate traffic via its public IP address to private IP addresses to virtual networks Option A is incorrectsince this provides a service to RDP/SSH into your Azure virtual machines Option C is incorrectsince this is used to filter the traffic to your Azure virtual machines Option D is incorrectsince this is used to protect your Azure resources against large scale attacks from the Internet

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 30). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Provide protection against large scale internet attacks”

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 31). Kindle Edition.

A

D. Azure DDoS Protection

Explanation:
You can use the Azure DDoS service to protect against large scale Internet-based attacks. Option A is incorrectsince this provides a service to RDP/SSH into your Azure virtual machines Option B is incorrectsince this is a managed firewall service Option C is incorrectsince this is used to filter the traffic to your Azure virtual machines

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 31). Kindle Edition.

24
Q

You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Filter traffic to Azure virtual machines”

A. Azure Bastion
B. Azure Defender
C. Network Security Groups
D. Azure DDoS Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 32). Kindle Edition.

A

C. Network Security Groups

Explanation:
You can use Azure Network Security groups to filter traffic to and from resources that are located in an Azure virtual network. Option A is incorrectsince this provides a service to RDP/SSH into your Azure virtual machines Option B is incorrectsince this is a unified security solution for identifying vulnerabilities, and threats especially with respect to IoT devices. Option D is incorrectsince this is used to protect your Azure resources against large scale attacks from the Internet

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 32). Kindle Edition.

25
Q

You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement? “Provide a secure way to RDP/SSH into Azure virtual machines”

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 34). Kindle Edition.

A

A. Azure Bastion

Explanation:
The Azure Bastion service is a managed service that allows you to connect to an Azure virtual machine via the browser and the Azure portal. Option B is incorrectsince this is a managed firewall service Option C is incorrectsince this is used to filter the traffic to your Azure virtual machines Option D is incorrectsince this is used to protect your Azure resources against large scale attacks from the Internet

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 34). Kindle Edition.

26
Q

Which of the following provides XDR capabilities that helps to protect multi-cloud and hybrid workloads?

A. Azure Policy
B. Azure Defender
C. Azure Blueprints
D. Azure Identity Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 35). Kindle Edition.

A

B. Azure Defender

Explanation:
Azure Defender now has the capabilities to deliver XDR-based capabilities that helps to protect both multi-cloud and hybrid workloads. Azure Defender comes as part of the Azure Security suite of features. Option A is incorrectsince this is a governance-based service for your Azure account Option C is incorrectsince this is used to deploy various artifacts to your Azure subscriptions Option D is incorrectsince this is used to protect your identities in Azure Active Directory

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 35). Kindle Edition.

27
Q

You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect Windows 2016-based Azure virtual machines?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 36). Kindle Edition.

A

A. Yes

Explanation:
You can on-board servers such as Windows Server 2012 and 2016 to the Microsoft Defender for Endpoint service.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 36). Kindle Edition.

28
Q

You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect Windows 10 machines?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 37). Kindle Edition.

A

A. Yes

Explanation:
Yes, Windows 10 devices are also supported for Microsoft Defender for Endpoint service

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 37). Kindle Edition.

29
Q

You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect Sharepoint online?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 38). Kindle Edition.

A

B. No

Explanation:
You can’t use Microsoft Defender for Endpoint to protect Sharepoint sites

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 38). Kindle Edition.

30
Q

You have to enroll devices into Microsoft Intune. Can you enroll your Window 10 devices into Microsoft Intune?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 39). Kindle Edition.

A

A. Yes

Explanation:
When you enroll your Windows 10 devices into Microsoft Intune, you then get mobile access to your work and school applications, email and Wi-Fi.

Utrecht, Jee. SC-900 Practic`e Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 39). Kindle Edition.

31
Q

You have to enroll devices into Microsoft Intune. Can you enroll your Android devices into Microsoft Intune?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 40). Kindle Edition.

A

A. Yes

Explanation:
When you enroll your Android devices into Microsoft Intune, you then get mobile access to your work and school applications, email and WiFi

32
Q

You have to enroll devices into Microsoft Intune. Can you enroll both your organization-provided and personal devices?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 41). Kindle Edition.

A

A. Yes

Explanation:
You can enroll both organization provided devices and personal devices into Microsoft Intune

33
Q

Your company is planning on using Microsoft 365 security center to review the security for their Microsoft Office 365 deployments. Which of the following categories are available for the cards in Microsoft office 365 security center? Choose 3 answers from the options given below

A. Identities
B. Devices
C. Groups
D. Apps

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 42). Kindle Edition.

A

A. Identities
B. Devices
D. Apps

Explanation:
When it comes to the categories for Microsoft office 365 security center, the following are available Identities – This helps to monitor the identities in the organization. It helps to keep track of suspicious or risky behaviours when it comes to the defined identities Data – Here user activity can be tracked that could lead to unauthorized data disclosure Devices – This helps to look at threats on the devices Apps – This helps to gain better insight into the applications used in the organization

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 42). Kindle Edition.

34
Q

What is the maximum time frame for which you can retain audit logs in Microsoft 365?

A. 1 month
B. 1 year
C. 5 years
D. 10 years

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 44). Kindle Edition.

A

D. 10 years

Explanation:
With long-term retention in audit logs, you can retain logs for up-to 10 years. This can allow your security team to perform long running investigations if required on the data. Since Microsoft 365 Advanced auditing supports auditing of up to 10 years, all other options are incorrect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 44). Kindle Edition.

35
Q

Your company has just setup an Azure subscription. They have the following requirements “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.” “Be able to ensure no one can delete resources defined in a resource group named AWS-staging” “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed” Which of the following can be used for the following requirement? “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”

A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource locks

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 45). Kindle Edition.

A

B. Azure Blueprints

Explanation:
You can use Azure Blueprints to deploy a set of artifacts. The artifacts can be resources as ARM templates, resource groups and role assignments. Below is a screenshot of the artifacts that can be deployed via Azure Blueprints Option A is incorrectsince this is used as a governance for your resources defined as part of your Azure account Option C is incorrectsince this is used to protect your identities in Azure AD Option D is incorrectsince this is used to prevent the accidental deletion and modification of resources in Azure

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 45-46). Kindle Edition.

36
Q

Your company has just set up an Azure subscription. They have the following requirements. “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.” “Be able to ensure no one can delete resources defined in a resource group named AWS-staging” “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed” Which of the following can be applied to meet the below requirement?
“Be able to ensure no one can delete resources defined in a resource group named AWS-rg”

A. Apply lock to an Azure Policy
B. Apply lock to an Azure Blueprints
C. Apply lock to an Azure AD Identity Protection
D. Apply lock to an Azure Resource Group

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 47). Kindle Edition.

A

D. Apply lock to an Azure Resource Group

Explanation:
Here you can define a lock on an Azure resource group. This would ensure that no one accidentally deletes resources in a resource group. A screenshot shown below shows that you can add a delete lock to a resource group for this requirement. Option A is incorrectbecause it is an invalid option, Azure Policy is used as governance for your resources defined as part of your Azure account. Option B is incorrectbecause it is an invalid option, Azure Blueprints is used to deploy artifacts such as ARM templates, resource groups, role assignments. Option C is incorrectbecause it is an invalid option, Azure AD Identity Protection is used to protect your identities in Azure AD.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 47-48). Kindle Edition.

37
Q

Your company has just setup an Azure subscription. They have the following requirements “Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.” “Be able to ensure no one can delete resources defined in a resource group named AWS-staging” “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed” Which of the following can be used for the following requirement? “Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed”

A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource locks

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 49). Kindle Edition.

A

A. Azure Policy

Explanation:
Here you can define an Azure policy. The policy can ensure that all Windows server based Azure virtual machines have the Microsoft IaaS Antimalware extension installed The below screenshot shows the policy that you can use for this requirement Option B is incorrectsince this is used to deploy artifacts such as ARM templates, resource groups , role assignments Option C is incorrectsince this is used to protect your identities in Azure AD Option D is incorrectsince this is used to prevent the accidental deletion and modification of resources in Azure

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 49-50). Kindle Edition.

38
Q

Which of the following allows you to invite guest users and provide them access to Azure resources within your organization?

A. Azure Identity Protection
B. Azure Privileged Identity Management
C. Azure Active Directory B2B
D. Azure AD Connect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 51). Kindle Edition.

A

C. Azure Active Directory B2B

Explanation:
With Azure Active Directory B2B , you can actually invite users from external partners. You can then securely give them access to Azure resources within your organization. Option A is incorrectsince this is used for protection of identities Option B is incorrectsince this is used to give just-in-time access to resources in Azure Option D is incorrectsince this is used to sync your on-premises identities to Azure Active Directory

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 51). Kindle Edition.

39
Q

You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels can be used to encrypt the contents in documents?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 52). Kindle Edition.

A

A. Yes

Explanation:
When you apply a “Confidential” label to a document, the label will encrypt the content in the document.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 52). Kindle Edition.

40
Q

You are considering the use of sensitivity labels in Microsoft 365. Do sensitivity labels add a header and footer to the underlying Office 365 document for which the label is applied?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 53). Kindle Edition.

A

A. Yes

Explanation:
When you apply a sensitivity label to a document, it will also add a header and footer to the document.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 53). Kindle Edition.

41
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations”

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 55). Kindle Edition.

A

B. Content Search Tool

Explanation:
With the Content Search tool, you can quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations. You can also search for instant messaging conversations in Microsoft teams as well. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option C is incorrectbecause this is used to give Microsoft support engineers access to user’s data if they need to debug an issue Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 55-56). Kindle Edition.

42
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization”

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 57). Kindle Edition.

A

A. Information Barriers

Explanation:
Sometimes it might be required to ensure communication is not possible between two groups of people. This could be because of a potential conflict of interest between both parties. In this case , you can make use of Information Barriers. Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option C is incorrectbecause this is used to give Microsoft support engineers access to user’s data if they need to debug an issue Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 57-58). Kindle Edition.

43
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Provide access to a Microsoft support engineer to a user’s Exchange Online data”

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 59). Kindle Edition.

A

C. Customer Lockbox

Explanation:
Sometimes Microsoft Engineers need access to user’s data to diagnose an issue. This can be done with the help of the Customer Lockbox feature. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 59-60). Kindle Edition.

44
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Provide access to a Microsoft support engineer to a user’s Exchange Online data”

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 59). Kindle Edition.

A

C. Customer Lockbox

Explanation:
Sometimes Microsoft Engineers need access to user’s data to diagnose an issue. This can be done with the help of the Customer Lockbox feature. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option D is incorrectbecause this is used to give just-in-time access to services in Microsoft 365

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 59-60). Kindle Edition.

45
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Below are the key requirements Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Provide access to a Microsoft support engineer to a user’s Exchange Online data Provide just-in-time access to users in Microsoft Office 365 Exchange Online Which of the following can be used for the following requirement? “Provide just-in-time access to users in Microsoft Office 365 Exchange Online”

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 61). Kindle Edition.

A

D. Privileged Access Management

Explanation:
You can make use of privileged access management to provide just-in-time access to services in Microsoft 365. So instead of giving prior access, here you can ensure that access is only provided whenever it is required. Option A is incorrectbecause this is used to restrict communication and collaboration between two groups to avoid a conflict of interest in the organization Option B is incorrectbecause this is used to search for content in Exchange mailboxes, documents in SharePoint sites and OneDrive locations Option C is incorrectbecause this is used to give Microsoft support engineers access to user’s data if they need to debug an issue

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 61-62). Kindle Edition.

46
Q

You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely RDP into an Azure Windows virtual machine via the browser and the Azure portal?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 63). Kindle Edition.

A

A. Yes

Explanation:
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines. Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a Windows Azure virtual machine or SSH into a Linux Azure virtual machine.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 63). Kindle Edition.

47
Q

You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely SSH into an Azure Linux virtual machine via the browser and the Azure portal?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 64). Kindle Edition.

A

A. Yes

Explanation:
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines. Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a Windows Azure virtual machine or SSH into a Linux Azure virtual machine.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 64). Kindle Edition.

48
Q

You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure virtual machine?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 65). Kindle Edition.

A

B. No

Explanation:
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine. For this you will need to use Network Security groups. The Azure Bastion service is used to RDP/SSH into an Azure virtual machine via the Azure portal and the browser.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 65). Kindle Edition.

49
Q

You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can you ensure a lockout of the user’s account occurs after five login simultaneous attempts?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 66). Kindle Edition.

A

A. Yes

Explanation:
You can define the lockout threshold for the user in the password protection policy as shown below.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 66). Kindle Edition.

50
Q

You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can you ensure a user does not have the product’s name as part of the password defined by the user?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 68). Kindle Edition.

A

A. Yes

Explanation:
You can define your own custom word list when it comes to banned passwords that users can set. A screenshot of where this can be defined is shown below

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 68). Kindle Edition.

51
Q

You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can you enable password protection for Windows Server Active directory from Azure AD password protection?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 70). Kindle Edition.

A

A. Yes

Explanation:
Yes, if you go to Password protection in Azure AD , you can also enable password protection for Windows Server Active Directory as shown below

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 70). Kindle Edition.

52
Q

You are the Azure Administrator for your organization and you are beginning to use Azure Active Directory. Are the below users the intended users of Azure Active Directory? Microsoft 365 Users Office 365 Users Azure, or Dynamics CRM Online subscribers

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 72). Kindle Edition.

A

A. Yes

Explanation:
Yes, the given users are the intended users of Azure Active Directory. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 72). Kindle Edition.

53
Q

You are using Azure Active Directory and you need to grant users the ability to create application registrations. So, you decide to grant the role ‘Application Administrator’ to the users. Does this role meet the requirement?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 73). Kindle Edition.

A

A. Yes

Explanation:
The Application Administrator role will provide the ability to create application registrations. In Azure Active Directory (Azure AD), if another administrator or non-administrator needs to manage Azure AD resources, you assign them an Azure AD role that provides the permissions they need. For example, you can assign roles to allow adding or changing users, resetting user passwords, managing user licenses or managing domain names.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 73). Kindle Edition.

54
Q

You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to manage device registrations in Azure Active Directory?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 75). Kindle Edition.

A

A. Yes

Explanation:
Yes, you can go to All devices and manage devices in Azure Active Directory The screenshot below shows the devices page in Azure Active Directory

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 75). Kindle Edition.

55
Q

You are currently using Azure Security to evaluate the security of resources defined as part of your Azure subscription. Can you download various regulatory compliance reports from Azure Security Center?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 76). Kindle Edition.

A

A. Yes

Explanation:
In the regulatory compliance dashboard, you have the ability to download the various compliance reports as shown below.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 76). Kindle Edition.

SC900 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions