Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC900 > SC900 Jee Utrecht 2 > Flashcards

SC900 Jee Utrecht 2 Flashcards

1
Q

A company is planning on hosting resources in the Azure cloud. If the company is planning on using Infrastructure as a service in Azure, would the cloud provider be responsible for managing the physical hosts?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 79). Kindle Edition.

A

A. Yes

Explanation:
When deploying resources in an Infrastructure as a Service model, the cloud provider is responsible for the physical hosts. Here aspects such as the physical servers and the physical security of the data center will be managed by the cloud provider.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 79). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company is planning on hosting resources in Azure cloud. If the company is planning on hosting their data and applications in the cloud, are they responsible for the protection of the underlying data?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 80). Kindle Edition.

A

A. Yes

Explanation:
There is a clear model when it comes to the responsibility of the customer and the cloud provider. The customer is responsible for the protection of the data and the applications on the cloud. You can refer to the link on the Shared Responsibility Model. This gives the delineation of the responsibilities of the customer and the cloud provider.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 80). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company is planning on hosting resources in Azure cloud. If the company is planning on using the Software as a service model would the company need to manage the underlying applications?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 81). Kindle Edition.

A

B. No

Explanation:
When using a Software as a service model, the cloud provide will manage the following The hardware and the software Will provide the appropriate service agreement Ensure availability and security of the application and the data

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 81). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company is planning on using Azure AD Identity Protection. Does Azure AD Identity Protection generate sign-in risks after the user is authenticated?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 82). Kindle Edition.

A

B. No

Explanation:
The entire purpose of Azure AD Identity protection is to detect risks during the sign-in process. So the risk detection is done during the authentication process and not after the authentication process.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 82). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company has requirements to manage user risk and sign-in risk for users that are authenticating with Azure AD. Based on the risk level, access will either be blocked or granted. Users may also need to provide Multi-Factor Authentication or reset their password based on the perceived risk. What feature can be used to meet these requirements?

A. Azure AD Role-Based Access Control
B. Azure Privileged Identity Management
C. Azure AD Identity Protection
D. Azure AD Security Defaults

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 83). Kindle Edition.

A

C. Azure AD Identity Protection

Explanation:
Answer A is incorrectas Role-Based Access Control is used to grant permissions to users or groups for Azure Resources, Microsoft 365 resources, SaaS applications, and custom cloud or on-premise applications. Answer B is incorrectas Privileged Identity Management is used to manage access to critical resources in your Azure subscriptions. It could not be used to assess user risk or sign-in risk. Answer C is Correctas Azure AD Identity Protection provides you the ability to detect user risk and sign-in risk and then make appropriate decisions based on that risk as to whether or not access should be granted. Answer D is incorrectas Azure AD Security Defaults provide an easy way to implement some of the most common and recommended security settings. It could not be used to assess user risk or sign-in risk.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 83-84). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company is planning on making use of conditional access policies within Azure. You need to ensure that only users with a Windows device can access a specific application. Can conditional access policies be used to accomplish this requirement?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 85). Kindle Edition.

A

A. Yes

Explanation:
Conditional Access is used to control the authentication process and it can assess various signals including the device a user is attempting to access the application.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 85). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company is planning on making use of conditional access. Can you use conditional access to enable multi-factor authentication for users that sign-in from certain locations?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 86). Kindle Edition.

A

A. Yes

Explanation:
Yes, you can use conditional access to enable multi-factor authentication for users that sign-in from certain locations A screenshot of the place where this can be done is given below. In the policy you have to go to the Locations and then configure the location accordingly.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 86). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company is planning on making use of conditional access. Can you use conditional access to enable multi-factor authentication for users that sign-in via certain cloud-based applications?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 88). Kindle Edition.

A

A. Yes

Explanation:
Yes, you can use conditional access to enable multi-factor authentication for users that sign-in via certain cloud-based applications A screenshot of the place where this can be done is given below. In the Policy you have to go to Cloud apps or actions and then select the applications accordingly.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 88). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company wants to start hosting resources on Azure. When using Azure cloud, would the company be responsible for maintaining the underlying physical hosts?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 90). Kindle Edition.

A

B. No

Explanation:
The responsibility of managing the underlying physical hosts would lie with Azure. Azure would manage all aspects when it comes the underlying physical infrastructure.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 90). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company wants to start hosting resources on Azure. When using Azure cloud, would the company be responsible for maintaining the underlying identities that would be assigned access to Azure resources?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 91). Kindle Edition.

A

A. Yes

Explanation:
Here the maintenance of the underlying identities in Azure would lie with the customer. Azure provides an option of Azure Active Directory for storing the identities, but the final responsibility of managing the identities lies with the customer.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 91). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure. Which of the following could be used for the following requirement? “Grant access to users for managing various aspects of the Azure AD tenant”

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 92). Kindle Edition.

A

C. Azure AD Roles

Explanation:
You can assign various roles in Azure AD for users to manage various aspects of Azure Active Directory Option A is incorrectsince this is used to protect identities in Azure Option B is incorrectsince this is used to provide Conditional access to Azure Option D is incorrectsince this is used to sync identities from the on-premises Active Directory on Azure AD

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 92). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure. Which of the following could be used for the following requirement? “Be able to sync users from the on-premises Active Directory onto Azure AD”

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 93). Kindle Edition.

A

D. Azure AD Connect

Explanation:
Azure AD Connect is used to synchronize identities from the on-premises Active Directory onto Azure Active Directory. There are different methods available for user identity synchronization. Option A is incorrectsince this is used to protect identities in Azure Option B is incorrectsince this is used to provide Conditional access to Azure Option C is incorrectsince this is used to assign permissions to users for manage various aspects in Azure Active Directory

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 93). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure. Which of the following could be used for the following requirement? “Enforce Multi-Factor authentication based on the location of the user and what application the user is trying to access ”

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 95). Kindle Edition.

A

B. Azure Conditional Access

Explanation:
Yes, you can use conditional access to enable multi-factor authentication for users that sign-in via certain cloud-based applications and also based on the location.
Option A is incorrectsince this is used to protect identities in Azure Option C is incorrectsince this is used to assign permissions to users for manage various aspects in Azure Active Directory Option D is incorrectsince this is used to sync identities from the on-premises Active Directory on Azure AD

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 96). Kindle Edition.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 95). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure. Which of the following could be used for the following requirement? “Enforce Multi-Factor authentication based on the sign-in risk”

A. Azure AD Identity Protection
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 98). Kindle Edition.

A

A. Azure AD Identity Protection

Explanation:
In Azure AD Identity Protection, you can configure the Sign-in risk policy to allow access and enforce the use of Multi-Factor Authentication. Option B is incorrectsince this is used to provide Conditional access to Azure Option C is incorrectsince this is used to assign permissions to users for manage various aspects in Azure Active Directory Option D is incorrectsince this is used to sync identities from the on-premises Active Directory on Azure AD

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 98-99). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have a set of resources in Azure. Can you add multiple delete locks for a resource in Azure?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 100). Kindle Edition.

A

A. Yes

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have a set of resources in Azure. Can you add a delete lock to a resource that already has a read-only lock?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 101). Kindle Edition.

A

A. Yes

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have a set of resources in Azure. Are resource locks inherited by resources when a lock is present at the resource group level?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 102). Kindle Edition.

A

A. Yes

Explanation:
Yes. In the below screenshot, a Delete lock is placed at the resource group level. And here is has been inherited by the resources in the resource group.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 102). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is a scalable, cloud-native, security information event management and security orchestration automated response solution?

A. Azure Sentinel
B. Azure Security Center
C. Azure Active Directory
D. Azure AD Identity Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 103). Kindle Edition.

A

A. Azure Sentinel

Explanation:
You can use Azure Sentinel as a scalable, cloud-native, security information event management and security orchestration automated response solution. Azure Sentinel has the capability to ingest data from a variety of sources and performance threat monitoring on that data. Option B is incorrectbecause Azure Security Center can give various security metrics and recommendations for your environment, but it can’t provide a complete orchestration and response-based solution Option C is incorrectbecause this is your identity-based solution in Azure Option D is incorrectbecause this is used to protect your identities in Azure

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 103). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your company is currently looking at using the Azure Policy service. Can the Azure Policy service be used to check the compliance of existing resources?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 105). Kindle Edition.

A

A. Yes

Explanation:
The entire idea of the Azure Policy service is to check whether the existing resource conform to the various policy definitions. In the Azure Policy dashboard, you can check for the compliance and non-compliance of your resources.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 105). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your company is currently looking at using the Azure Policy service. Can the Azure Policy service be used to remediate issues that get detected via its compliance checks?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 107). Kindle Edition.

A

A. Yes

Explanation:
Some of the policies in Azure Policy has a Remediation section. This can be used to remediate issues if the resources are found to be not complaint with the policy.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 107). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Your company is planning on making use of Azure Blueprints. Can Azure Blueprints be used to deploy resources groups to subscriptions?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 109). Kindle Edition.

A

A. Yes

Explanation:
When you create an Azure Blueprint , you can create multiple artifacts as part of the Blueprint. One of them is the creation of resource groups. A screenshot of this is given below

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 109). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Your company is planning on making use of Azure Blueprints. Can Azure Blueprints be used to create role assignments for an Azure subscription?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 110). Kindle Edition.

A

A. Yes

Explanation:
When you create an Azure Blueprint , you can create multiple artifacts as part of the Blueprint. One of them is role assignments. A screenshot of this is given below

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 110). Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Your company is planning on making use of Azure Blueprints. Can Azure Blueprints be used to create Management groups?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 111). Kindle Edition.

A

B. No

Explanation:
When you create an Azure Blueprint , you can create multiple artifacts as part of the Blueprint. A screenshot of the artifacts is given below. But here you cannot create management groups as part of the Azure Blueprint definition.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 111). Kindle Edition.

24
Q

Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?

A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure Active Directory

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 112). Kindle Edition.

A

A. Azure Defender

Explanation:
With Azure Defender , you can enable intelligent protection of your resources that are defined in Azure and also in your on-premises infrastructure. This is an additional security feature that comes as part of Azure Security Center as shown below Option B is incorrectsince this is used for governance of resources in your Azure account Option C is incorrectsince this is used for the deployment of various artifacts to your Azure account Option D is incorrectsince this is used as an Identity store

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 112-113). Kindle Edition.

25
Q

Your company is planning on securing access to Azure virtual machines. Could they use the Azure Bastion service to securely RDP/SSH into Azure virtual machines?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 114). Kindle Edition.

A

A. Yes

Explanation:
The Azure Bastion service allows you to securely establish SSH/RDP connectivity into your Azure virtual machines via the browser and the Azure portal.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 114). Kindle Edition.

26
Q

Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
D. Azure Identity Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 115). Kindle Edition.

A

B. Azure Web Application Firewall

Explanation:
The Azure Web Application Firewall can be used along with the Azure Application Gateway resource to protect web applications from common exploits and vulnerabilities. It can help to protect against attacks such as SQL injection attacks or cross-site scripting attacks. Option A is incorrectsince this is managed firewall service for the resources that are part of your Azure virtual network Option C is incorrectsince this is used for governance of your Azure resources Option D is incorrectsince this is used to protect your Azure AD identities

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 115). Kindle Edition.

27
Q

Your company is planning on making use of Azure Active Directory Privileged Identity Management. Can Privileged Identity Management be used to provide time-bound assignments for Azure AD roles?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 116). Kindle Edition.

A

A. Yes

Explanation:
You can manage the access of users to Azure AD roles. You can also give time-bound access to Azure AD roles. Below is a screenshot of the quick start page of Privileged Identity Management for Azure AD roles

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 116). Kindle Edition.

28
Q

Your company is planning on making use of Azure Active Directory Privileged Identity Management. Can Privileged Identity Management be used to provide time-bound assignments for Azure resources?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 118). Kindle Edition.

A

A. Yes

Explanation:
You can manage the access of users to Azure resources. You can also give time-bound access to Azure resources. Below is a screenshot of the quick start page of Privileged Identity Management for Azure resources

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 118). Kindle Edition.

29
Q

Your company is planning on making use of Azure Active Directory Privileged Identity Management. Can Privileged Identity Management be used to provide time-bound access for resources?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 120). Kindle Edition.

A

A. Yes

Explanation:

30
Q

Which of the following maps to the below encryption technique? “Encrypting information that resides in persistent storage on physical media”

A. Encryption in transit
B. Encryption at rest
C. In-memory Encryption
D. SSL Encryption

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 121). Kindle Edition.

A

B. Encryption at rest

Explanation:
Here this concept is mapped to the concept of ensuring that data is encrypted at rest. Here the data on the underlying physical media is encrypted. The other options are all incorrect since the keyword of “rest” maps to data that resides on the physical device

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 121). Kindle Edition.

31
Q

You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the right tool that can be used for desired requirement below.
“Be able to quickly find the email in your own Exchange mailboxes” Which of the following would you use for this requirement?

A. Core eDiscovery
B. Advanced eDiscovery
C. Sensitivity labels
D. Content search

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 122). Kindle Edition.

A

D. Content search

Explanation:
The Content search tool can be used to quickly find the email in Exchange mailboxes, documents in SharePoint sites, and OneDrive locations. Option A is incorrectsince this is normally used to search and export content in Microsoft 365 and Office 365. Option B is incorrectsince it provides an end-to-end workflow to preserve, collect, analyze, review, and export content in Microsoft 365. Option C is incorrectsince this is used for information protection.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 122). Kindle Edition.

32
Q

You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the right tool that can be used for desired requirement below “Provide an end-to-end workflow to preserve, collect, analyze, review, and export content in Microsoft 365” Which of the following would you use for this requirement?

A. Core eDiscovery
B. Advanced eDiscovery
C. Sensitivity labels
D. Content search

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 124). Kindle Edition.

A

B. Advanced eDiscovery

Explanation:
The Advanced eDiscovery tool provides an end-to-end workflow feature. This can be used to preserve, collect , analyze , review and export content that is pertinent to an organization’s investigations. Option A is incorrectsince this does not provide the full workflow feature Option C is incorrectsince this is used for information protection Option D is incorrectsince this is normally used for searching of content in Microsoft 365

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 124). Kindle Edition.

33
Q

You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the right tool that can be used for desired requirement below “Provide basic capabilities on searching and exporting of content in Microsoft 365 ” Which of the following would you use for this requirement?

A. Core eDiscovery
B. Privileged Access Management
C. Sensitivity labels
D. Content search

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 126). Kindle Edition.

A

A. Core eDiscovery

Explanation:
The Core eDiscovery tool helps you to find and export content in Microsoft 365 and Office 365. You can also use the tool to place an eDiscovery hold on certain content locations. Option B is incorrectsince this is used for providing just-in-time access for services in Microsoft 365 Option C is incorrectsince this is used for information protection Option D is incorrectsince this is normally used for searching of content only in Microsoft 365

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 126). Kindle Edition.

34
Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to encrypt incoming network traffic to Azure virtual machines?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 128). Kindle Edition.

A

B. No

Explanation:
The Azure Firewall service is a managed service that can be used to protect your Azure virtual network resources. But it can’t be used to encrypt the incoming traffic onto Azure virtual machines.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 128). Kindle Edition.

35
Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to filter incoming traffic to Azure virtual machines?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 129). Kindle Edition.

A

A. Yes

Explanation:
The Azure Firewall service has network traffic filtering rules that can be defined to allow or deny traffic. You can filter traffic based on the source, destination IP address, the port number and protocol.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 129). Kindle Edition.

36
Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to authenticate users onto Azure virtual machines?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 130). Kindle Edition.

A

B. No

Explanation:
The Auzre Firwall service is a managed service that can be sued to protect your Azure virtual network resources, but it cant be sued to authenticate users onto Azure virtual machines

37
Q

You have to work with Retention labels and policies in Microsoft 365. You have to understand what the outcome would be when it comes to applying labels and policies. An email message is subject to a retention policy via Exchange that is configured to delete items after three years. The message also has a retention label that is configured to retain items for five years. Would the email message be retained for five years?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 131). Kindle Edition.

A

A. Yes

Explanation:
Here the retention action would take precedence over the deletion action when you have different settings applied for policies and labels

38
Q

You have to work with Retention labels and policies in Microsoft 365. You have to understand what the outcome would be when it comes to applying labels and policies. A Sharepoint site has two retention policies. One is configured to retain items for five years and the other for ten years. Would the documents in the Sharepoint Site be retained for ten years?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 132). Kindle Edition.

A

A. Yes

Explanation:
Here the longest retention policy would win. Hence the documents in the SharePoint site would be retained for 10 years

39
Q

You have to work with Retention labels and policies in Microsoft 365. You have to understand what the outcome would be when it comes to applying labels and policies. A Sharepoint site has two retention policies. One policy has an action of deletion after five years and another a deletion after ten years. A document in the Sharepoint site has a retention label witha delete action of seven years. Would the document in the Sharepoint Site be retained for ten years?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 133). Kindle Edition.

A

B. No

Explanation:
Here the retention label would take precedence over the policy, so the document would be deleted after seven years

40
Q

You are looking at using Azure Active Directory Access Reviews. Can you use Azure AD Access reviews to review group memberships for users defined in Azure AD?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 134). Kindle Edition.

A

A. Yes

Explanation:
When you create an Access Review in Azure Active Directory, you can review the access of users to teams and groups as shown below

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 134). Kindle Edition.

41
Q

You are looking at using Azure Active Directory Access Reviews. Can you use Azure AD Access reviews to review users assigned to enterprise applications?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 135). Kindle Edition.

A

A. Yes

Explanation:
When you create an Access Review in Azure Active Directory, you can review the access of users to applications as shown below

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 135). Kindle Edition.

42
Q

As the Azure Administrator, you have a requirement to implement a process that would require users to review their current access to highly sensitive applications on a quarterly basis. If the users do not complete the review, their access permissions would be automatically removed. Can you use Azure AD Access Reviews to meet this requirement?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 136). Kindle Edition.

A

A. Yes

Explanation:
Yes, Access Reviews can be created to allow users to review their access on a quarterly basis and if any user does not review their access, permissions would be automatically revoked.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 136). Kindle Edition.

43
Q

You want to use the security policies from the Endpoint security of Intune to configure device security. Which of the following would you use for below requirement? “Configure the settings for BitLocker on a Windows machine”

A. Antivirus
B. Disk Encryption
C. Account protection
D. Firewall

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 137). Kindle Edition.

A

B. Disk Encryption

Explanation:
With the Disk Encryption policy , you can configure the settings for the devices built-in encryption methods like BitLocker. Option A is incorrectsince this is used to manage the antivirus settings on managed devices Option C is incorrectsince this is used to protect the identity and accounts of users Option D is incorrectsince this is used to configure the Firewall settings on the underlying device

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 137). Kindle Edition.

44
Q

You want to use the security policies from the Endpoint security of Intune to configure device security. Which of the following would you use for below requirement? “Configure the built-in Firewall settings on the macOS device”

A. Antivirus
B. Disk Encryption
C. Account protection
D. Firewall

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 138). Kindle Edition.

A

D. Firewall

Explanation:
With the Firewall policy , you can configure the settings the in-built Firewalls on both your Windows and macOS devices. Option A is incorrectsince this is used to manage the antivirus settings on managed devices Option B is incorrectsince this is used to manage the built-in encryption settings on the devices Option C is incorrectsince this is used to protect the identity and accounts of users

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 138). Kindle Edition.

45
Q

You want to use the security policies from the Endpoint security of Intune to configure device security. Which of the following would you use for below requirement? “Configure the built-in antivirus settings on the managed devices”

A. Antivirus
B. Disk Encryption
C. Account protection
D. Firewall

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 139). Kindle Edition.

A

A. Antivirus

Explanation:
With the Antivirus policy , you can configure the antivirus settings on the managed devices. Option B is incorrectsince this is used to manage the built-in encryption settings on the devices Option C is incorrectsince this is used to protect the identity and accounts of users Option D is incorrectsince this is used to configure the Firewall settings on the underlying device For more information on Intune endpoint security policies, please refer to the below URL

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 139). Kindle Edition.

46
Q

You want to use the security policies from the Endpoint security of Intune to configure device security. Which of the following would you use for below requirement? “Protect the identity and accounts of users on the device”

A. Antivirus
B. Disk Encryption
C. Account protection
D. Firewall

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 140). Kindle Edition.

A

C. Account protection

Explanation:
With the Account protection policy , you can configure settings for Windows Hello and Credential Guard when it comes to Windows Security Option A is incorrectsince this is used to manage the antivirus settings on managed devices Option B is incorrectsince this is used to manage the built-in encryption settings on the devices Option D is incorrectsince this is used to configure the Firewall settings on the underlying device

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 140). Kindle Edition.

47
Q

You are exploring the capabilities of Azure Security Center. Can you use Azure Security Center to get recommendations on how to improve the security posture of your Azure environment?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 141). Kindle Edition.

A

A. Yes

Explanation:
There is a recommendations section in Azure Security Center that gives you various recommendations on how to improve the security posture of your Azure environment

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 141). Kindle Edition.

48
Q

You are exploring the capabilities of Azure Security Center. Can you use Azure Security Center to monitor the various security aspects related to servers defined in your Azure subscription?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 143). Kindle Edition.

A

A. Yes

Explanation:
You can actually use the in-built Azure Defender service to monitor the security aspects of servers defined as part of your Azure subscription.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 143). Kindle Edition.

49
Q

You are exploring the capabilities of Azure Security Center. Can you use Azure Security Center to get notifications if there are any threats detected?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 145). Kindle Edition.

A

A. Yes

Explanation:
You can actually set up email notifications in Azure Security Center

50
Q

You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Privileged Identity Managed service?

A. Filter traffic to Azure virtual machines
B. Enable Multi-Factor Authentication for users based on detected sign-in risks
C. Provide just-in-time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 146). Kindle Edition.

A

C. Provide just-in-time access to resource roles in Azure

Explanation:
With Azure Privileged Identity Managed , you can provide just-in-time access to Azure AD roles and resource roles. Here users can request for access whenever required. And the access can be granted or denied accordingly. Option A is incorrectsince this can be managed with the use of Network Security groups Option B is incorrectsince this can be accomplished with the use of Azure AD Identity Protection Option D is incorrectsince this can be accomplished with the use of Azure Security Center

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 146). Kindle Edition.

51
Q

You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure AD Identity Protection service?

A. Filter traffic to Azure virtual machines
B. Enable Multi-Factor Authentication for users based on detected sign-in risks
C. Provide just-in-time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 148). Kindle Edition.

A

B. Enable Multi-Factor Authentication for users based on detected sign-in risks

Explanation:
With Azure Identity Protection, you can actually enable the use of Multi-Factor Authentication if there is a detected sign-in risk. This can be done via a Sign-in risk policy as shown below Option A is incorrectsince this can be managed with the use of Network Security groups Option C is incorrectsince this can be accomplished with the use of Azure Privileged Identity Management service. Option D is incorrectsince this can be accomplished with the use of Azure Security Center

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (pp. 148-149). Kindle Edition.

52
Q

You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Network Security Groups?

A. Filter traffic to Azure virtual machines
B. Enable Multi-Factor Authentication for users based on detected sign-in risks
C. Provide just-in-time access to resource roles in Azure D. Measure the security posture of resources defined in an Azure environment

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 150). Kindle Edition.

A

A. Filter traffic to Azure virtual machines

Explanation:
With the use of Azure Network Security Groups, you can filter the traffic that flows in and out of Azure virtual machines. Here you can filter the traffic based on various aspects such as the IP address, the port number and protocol. Option B is incorrectsince this can be accomplished with the use of Azure AD Identity Protection Option C is incorrectsince this can be accomplished with the use of Azure Privileged Identity Management service. Option D is incorrectsince this can be accomplished with the use of Azure Security Center

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 150). Kindle Edition.

53
Q

You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Security Center?

A. Filter traffic to Azure virtual machines
B. Enable Multi-Factor Authentication for users based on detected sign-in risks
C. Provide just-in-time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 152). Kindle Edition.

A

D. Measure the security posture of resources defined in an Azure environment

Explanation:
With the use of Azure Security Center, you can see various security aspects for resources defined as part of your Azure environment. You also get recommendations on how to improve the various aspects of security in your Azure environment. Option A is incorrectsince this can be managed with the use of Network Security groups Option B is incorrectsince this can be accomplished with the use of Azure AD Identity Protection Option C is incorrectsince this can be accomplished with the use of Azure Privileged Identity Management service.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 152). Kindle Edition.

54
Q

You are reviewing Microsoft’s Privacy policy. Does Microsoft collect data related to your web browsing and online searches?

A. Yes
B. No

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 154). Kindle Edition.

A

A. Yes

Explanation:
Microsoft uses the search results of users to give better search results for future searches. This is based on the data that gets collected via browsing and online searches.

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 154). Kindle Edition.

55
Q

You want to enable safe attachments for SharePoint and OneDrive. Which of the following can be used for this requirement?

A. Microsoft Defender for Endpoint
B. Microsoft Defender for Identity
C. Microsoft Defender for Office 365
D. Azure AD Identity Protection

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 155). Kindle Edition.

A

C. Microsoft Defender for Office 365

Explanation:
There is a plan in Microsoft Defender for Office 365 that you can use to enable safe attachments. This service will ensure that if it detects an unsafe attachment, it will lock the attachment so that it can’t be opened. Option A is incorrectsince this is used for managing the security of your endpoint devices Option B is incorrectsince this is used for managing the security of your identities in Microsoft 365 Option D is incorrectsince this is used for managing the security of your identities in Azure

Utrecht, Jee. SC-900 Practice Questions: Microsoft Security, Compliance, and Identity Fundamentals: 110 Practice Questions with Answers and Explanations (p. 155). Kindle Edition.

SC900 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions