SC900 Kindle IP Specialist Flashcards

Question 1

Q

A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following are the authentication methods available for Windows Hello for business?

A. PIN
B. Facial Recognition
C. Email message
D. Password
E. Fingerprint recognition

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 15). Kindle Edition.

Answer

A

A. PIN
B. Facial Recognition
E. Fingerprint recognition

Explanation:
The entire purpose of Windows Hello for Business is to ensure passwords are not used in the authentication process. Here, users can use other techniques for authentication via the use of PINs and bio metric recognitions

Question 2

Q

Your company has just set up an Azure subscription. They have the following requirements. “Be capable of executing a set of resources, resource groups, and role assignments to a set of subscriptions.” Which of the following can be applied to meet the requirement?

A. Apply lock to an Azure Policy
B. Apply lock to an Azure Blueprints
C. Apply lock to an Azure AD Identity Protection
D. Apply lock to an Azure Resource Group

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 15-16). Kindle Edition.

Answer

A

D. Apply lock to an Azure Resource Group

Explanation:
Here, you can define a lock on an Azure resource group. This would ensure that no one accidentally deletes resources in a resource group

Question 3

Q

You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels be used to encode the lists in documents?
A. Yes
B. B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 16). Kindle Edition.

Answer

A

A. Yes

Explanation:
When you use a Confidential label on a document, the label will encode the content in the document

Question 4

Q

You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to limit traffic from the Internet onto an Azure virtual machine?

A. Yes
B. No

You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to achieve device registrations in Azure Active Directory? A. Yes B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 16). Kindle Edition.

Answer

A

B. No

Explanation:
You cannot use the Azure Bastion service to limit traffic into a Virtual machine. For this, you will want to use network security groups

Question 5

Q

Your company is planning on using Azure Cloud Services. Which of the following can be used to ensure that data can be read only by authorized users?

A. Encryption
B. Deduplication
C. Archiving
D. Compression

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 16). Kindle Edition.

Answer

A

A. Encryption

Explanation:
You can ensure data is encrypted. The encryption key can then be sued to decode and read out the data

Question 6

Q

Your company is planning on using Azure Active Directory to store identities. They need to make use of the self-service password reset feature. Which of the following authentication methods are accessible for self-service password reset?

A. Email
B. A passport Identification Number
C. A picture Message
D. Mobile App Notification

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 17). Kindle Edition.

Question 7

Q

Which of the following is a management and security orchestration automated response solution?

A. Azure Sentinel
B. Microsoft Defender for Cloud
C. Azure Active Directory
D. Azure AD Identity Protection

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 17). Kindle Edition.

Answer

A

A. Azure Sentinel

Explanation:
Azure Sentinel has the potential to consume data from a variety of sources and perform threat monitoring on that data

Question 8

Q

Which of the following offers advanced and intelligent protection of Azure and hybrid resources and workloads?

A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure Active Directory

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 17). Kindle Edition.

Answer

A

A. Azure Defender

Explanation:
With Azure Defender, you can allow intelligent protection of your resources specified in Azure and your on premises infrastructure

Question 9

Q

Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
D. Azure Identity Protection

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 17-18). Kindle Edition.

Answer

A

B. Azure Web Application Firewall

Explanation:
The Azure WAF can be used along with the Azure Application Gateway resource to defend web applications from common activities and vulnerabilities

Question 10

Q

You are evaluating the different services available in Azure when regarding security. Which of the following can be achieved using the Azure Privileged Identity Managed service?

A. Filter traffic to Azure virtual machines
B. Allow Multi-Factor Authentication for users
C. Offer just-in-time access to resource roles
D. Determine the security posture of resources

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 18). Kindle Edition.

Answer

A

C. Offer just-in-time access to resource roles

Explanation:
With Azure Privileged Identity Management, you can offer just in time access to Azure AD roles and resource roles
And the right to use can be allowed or rejected accordingly

Question 11

Q

You are evaluating the different discovery tools available in Microsoft 365. You want to be capable of quickly getting the email in your own Exchange mailboxes. Which of the following would you use for this need?

A. Core eDiscovery
B. Advanced eDiscovery
C. Sensitivity Labels
D. Content Search

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 18). Kindle Edition.

Answer

A

D. Content Search

Explanation:
The Content Search tool can be used to quickly find the email in Exchange mailboxes, documents in SharePoint sites, and OneDrive locations

Question 12

Q

You are evaluating the different discovery tools available in Microsoft 365. You want basic capabilities for exploring and exporting content in Microsoft 365. Which of the following would you use for this need?

A. Core eDiscovery
B. Privileged Access Management
C. Sensitivity Labels
D. Content Search

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 18). Kindle Edition.

Answer

A

D. Content Search

Explanation:
The Content search tool can be used to quickly find the email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations

Question 13

Q

Which two types of resources can be protected by using Azure Firewall?

A. Azure Virtual Machines
B. Azure Active Directory (Azure AD) Users
C. Microsoft Exchange Online Inboxes
D. Azure Virtual Networks
E. Microsoft SharePoint Online Sites

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 18-19). Kindle Edition.

Answer

A

A. Azure Virtual Machines
D. Azure Virtual Networks

Explanation:
When it is formed, the services and Virtual Machines within the Azure network connect securely with each other

Question 14

Q

You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?

A. Threat Modeling
B. Identity as the Security Perimeter
C. Defense in Depth
D. The Shared Responsibility Model

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 19). Kindle Edition.

Answer

A

C. Defense in Depth

Explanation:
The Objective of defense in depth is to protect information and prevent it from being stolen by those who are not authorized to access it

Question 15

Q

What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?

A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 19). Kindle Edition.

Question 16

Q

Which feature provides the Extended Detection and Response (XDR) capability of Azure Sentinel?

A. Combination with the Dynamic 365
B. Support for Threat Hunting
C. Integration with Microsoft 365 Defender
D. Support for Azure Monitor Workbooks

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 19). Kindle Edition.

Question 17

Q

What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities? A. Attack simulator B. Reports C. Hunting D. Incidents

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 19). Kindle Edition.

Question 18

Q

You have a Microsoft 365 E3 subscription. You plan to audit user activity by using the integrated audit log and Basic Audit. For how long will the audit records be maintained?

A. 15 days
B. 30 days
C. 90 days
D. 180 days

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 19-20). Kindle Edition.

Answer

A

C. 90 days

Explanation:
In the Basic Audit, audit records are maintained and searchable for the last 90 days. To recover an audit log for a longer period, you should adopt Advanced Auditing

Question 19

Q

To which type of resource can Azure Bastion provide secure access?

A. Azure Files
B. Azure SQL Managed Instances
C. Azure Virtual Machines
D. Azure App Service

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 20). Kindle Edition.

Answer

A

C. Azure Virtual Machines

Explanation:
Azure Bastion offers secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS

Question 20

Q

What is an example of encryption at rest?

A. Encoding communications by using a site-to-site VPN
B. Encrypting a virtual machine disk
C. Logging into a website by using an encrypted HTTPS connection
D. Sending an encrypted email

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 20). Kindle Edition.

Answer

A

B. Encrypting a virtual machine disk

Explanation:
Encryption at Rest is a common security requirement. Organizations have the choice of allowing Azure to completely manage Encryption at Rest

Question 21

Q

Which three statements accurately describe the guiding principles of Zero Trust?

A. Define the perimeter by physical locations
B. Use identity as the main security boundary
C. Validate the permissions of a user explicitly
D. Assume that the user system can be violated E. Use the network as the primary security boundary

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 20). Kindle Edition.

Answer

A

B. Use identity as the main security boundary
C. Validate the permissions of a user explicitly
D. Assume that the user system can be violated E. Use the network as the primary security boundary

Explanation:
A Zero Trust approach must extend throughout the complete digital estate and serve as an integrated security philosophy and end to end strategy
This is done by applying Zero Trust controls and technologies

Question 22

Q

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

A. Azure AD PIM
B. Azure MFA
C. Azure AD Identity Protection
D. Conditional Access Policies

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 20-21). Kindle Edition.

Answer

A

D. Conditional Access Policies

Explanation:
Conditional Access templates are created to offer a convenient method to deploy new policies associated with Microsoft recommendations

Question 23

Q

Which score measures an organization’s progress in completing actions that help reduce risks associated with data protection and regulatory standards?

A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Defender
D. Compliance Score

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 21). Kindle Edition.

Answer

A

D. Compliance Score

Explanation:
The Compliance Manage dashboard shows your overall compliance score. This score determines your progress in completing recommended recovery actions within controls

Question 24

Q

What do you use to provide real-time integration between Azure Sentinel and another security source? A. Azure AD Connect B. A Log Analytics Workspace C. Azure Information Protection D. A Connector

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 21). Kindle Edition.

Question 25

Q

Which Microsoft portal provides information about how Microsoft cloud services comply with the regulatory standard, such as International Organization for Standardization (ISO)?

A. The Microsoft Endpoint Manager Admin Center
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. The Azure Active Directory Admin Center

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 21). Kindle Edition.

Answer

A

C. Microsoft Service Trust Portal

Explanation:
The Microsoft Service Trust Portal includes details about Microsoft implementation of controls and processes that defend our cloud services and the customer data therein

Question 26

Q

In the shared responsibility model for Azure deployment, what is Microsoft solely responsible for managing?

A. The management of mobile devices
B. The permissions for the user data stored in Azure
C. The formation and management of user accounts
D. The management of the physical hardware

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 21). Kindle Edition.

Answer

A

D. The management of the physical hardware

Explanation:
For all cloud deployment types, you have your data and identities. You are accountable for keeping the security of your data and identities, on premise resources and the cloud components you control.

Question 27

Q

In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?

A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 22). Kindle Edition.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 21-22). Kindle Edition.

Answer

A

A. Plan
E. Define Strategy

Explanation:
The Microsoft Cloud Adoption Framework for Azure is a comprehensive lifecycle framework that helps business decision markers, IT experts and cloud architects realize their cloud adoption objectives. You may develop and implement business and technology strategies for the cloud with the support of the best practices, documentation and tools provided by this resource

Question 28

Q

Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?

A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure Active Directory

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 22). Kindle Edition.

Answer

A

A. Azure Defender

Explanation:
With Azure Defender, you can allow intelligent protection of your resources specified in Azure and your on premises infrastructure

Question 29

Q

Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
D. Azure Identity Protection

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 22). Kindle Edition.

Answer

A

B. Azure Web Application Firewall

Explanation:
The Azure Firewall service is a managed service that can be used to defend your Azure virtual network resources. But it cannot be used to encrypt the inbound traffic onto Azure virtual machines

Question 30

Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to encrypt inbound network traffic to Azure virtual machines? A. Yes B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 22). Kindle Edition.

Question 31

Q

You are considering using Azure Active Directory Access Reviews. Can you use Azure AD Access evaluations to review group memberships for users specified in Azure AD?

A. Yes
B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 22). Kindle Edition.

Answer

A

A. Yes

Explanation:
When you make an Access Review in Azure Active Directory, you can check the access of users to teams and groups

Question 32

Q

Which of the following maps to the below encryption technique? “Encrypting information that dwells in constant storage on physical media.”

A. Encryption in transit
B. Encryption at rest
C. In-memory Encryption
D. SSL Encryption

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 22-23). Kindle Edition.

Answer

A

B. Encryption at rest

Explanation:
Encryption at rest ensures that the data is encrypted when it is stored on disk, preventing the attacker from accessing the unencrypted data

If an attacker gets their hands on a hard disc containing encrypted data but not the encryption keys, they will need to circumvent the encryption in order to access the data

Question 33

Q

Your company is planning on using Azure Active Directory Privileged Identity Management. Can Privileged Identity Management be used to offer time-bound assignments for Azure resources?

A. Yes
B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 23). Kindle Edition.

Answer

A

A. Yes

Explanation:
You can give time-bound entry to Azure resources. Below is a screenshot of the page of Privileged Identity Management for Azure resources.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 100). Kindle Edition.

Question 34

Q

Your company is planning on making use of Azure Blueprints. Can Azure Blueprints be used to make role assignments for an Azure subscription?

A. Yes
B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 23). Kindle Edition.

Answer

A

A. Yes

Explanation:
When you make an Azure Blueprint, you can generate multiple artifacts as part of the Blueprint. One of them is role assignments.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 101). Kindle Edition.

Question 35

Q

Your company is currently looking at using the Azure Policy service. Can the Azure Policy service be used to remediate issues identified via its compliance checks?

A. Yes
B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 23). Kindle Edition.

Answer

A

A. Yes

Explanation:
Some of the policies in Azure Policy have a Remediation portion, which can be used to remediate issues if the resources do not align with the policy.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 102). Kindle Edition.

Question 36

Q

You have a set of resources in Azure. Can you add a delete lock that has a read-only lock?

A. Yes
B. No

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 23). Kindle Edition.

Answer

A

A. Yes

Explanation:
Yes this is possible

Question 37

Q

Your company wants to start using Azure and is looking at its different security features. Which of the following could be used for the following need? “Be capable of syncing users from the on-premises Active Directory onto Azure AD.”

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 23-24). Kindle Edition.

Answer

A

D. Azure AD Connect

Explanation:
Azure AD Connect coordinates identities from the on-premises Active Directory onto Azure Active Directory. There are different techniques available for user identity synchronization.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 103). Kindle Edition.

Question 38

Q

What features do Azure Sentinel Advanced Detection and Response (XDR) provide?

A. Integration with Microsoft 365 Compliance Center
B. Threat Hunting Support
C. Integration with Microsoft 365 Defender
D. Azure Monitor Workbook Support

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 24). Kindle Edition.

Answer

A

C. Integration with Microsoft 365 Defender

Explanation:
An extended detection and response (XDR) tool called Microsoft 365 Defender automatically gathers, correlates, and assesses signal, threat, and alert data from all areas of your Microsoft 365 system, including endpoints, email, applications, and identities. To automatically thwart attacks and restore damaged assets to a secure state, it makes use of automation and artificial intelligence (AI). More than 70% of the time, remediation is totally automated by built-in self-healing technology, freeing up defenders to concentrate on other duties that make greater use of their knowledge and experience.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 103-104). Kindle Edition.

Question 39

Q

What can you use for the provision of the two-hour window for a user to complete an administrative task in Azure?

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. Azure Multi-Factor Authentication (MFA)
C. Azure Active Directory (Azure AD) Identity Protection D. Conditional Access Policies

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 24). Kindle Edition.

Answer

A

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

Explanation:
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources you care about. Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit Prevents removal of the last active Global Administrator role assignment

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 104). Kindle Edition.

Question 40

Q

Which kind of asset can be safeguarded by utilizing Azure Firewall?

A. Azure Virtual Machines
B. Azure Active Directory (Azure AD) Users
C. Microsoft Exchange Online Inboxes
D. Azure Virtual Networks

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 24). Kindle Edition.

Answer

A

D. Azure Virtual Networks

Explanation:
Network Watcher is a provincial help that empowers you to screen and analyze conditions at an organization’s situation level in, to, and from Azure. Situation-level observation empowers you to analyze issues at a start-to-finish network-level view. It is expected to have an organization watcher asset gathering to be made in each area where a virtual organization is available. An alarm is empowered in the event that an organization watcher asset bunch is not accessible in a specific locale.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 105). Kindle Edition.

Question 41

Q

You intend to carry out a security procedure and spot various layers of defense all through an organization’s framework. Which security system does this address?

A. Threat Modeling
B. Identity as the Security Perimeter
C. Defense in Depth
D. The Shared Responsibility Model

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 24-25). Kindle Edition.

Answer

A

C. Defense in Depth

Explanation:
Defense in depth is a layered approach to security, which does not allow you to relying on a single perimeter. A defense in depth strategy has a series of ongoing mechanisms to lessen the pace of the furtherance of an attack. Each layer provides a shield so that a succession layer will prevent an attacker from getting unauthorized access to data if one layer is violated. Example layers of security include: Physical Physical security means limiting access to a data center that only undergoes ingress by authorized personnel. Identity and Access It includes the security controls, such as multi-factor authentication or condition-based access, to control the admittance to infrastructure and change control. Perimeter This security includes Distributed Denial of Service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users. Network Network security means network segmentation and access controls so that communication between resources can be limited. Compute Compute layer security means securing access to virtual machines either on-premises or in the cloud by closing certain ports. Application Application layer security ensures that applications are secure and free of security weaknesses and vulnerabilities. Data Data layer security includes the controls to manage business and customer data access. The data is protected through encryption. For further details, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 105-107). Kindle Edition.

Question 42

Q

What can you use to scan email attachments and only forward them to recipients if they are malware-free?

A.Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C.Microsoft Defender for Identity
D.Microsoft Defender for Endpoint

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 25). Kindle Edition.

Answer

A

A.Microsoft Defender for Office 365

Explanation:
Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization from advanced threats such as phishing, business email compromise, and malware attacks that target email and collaboration tools. Defender for Office 365 also includes investigation, hunting, and remediation tools to assist security teams in identifying, prioritizing, investigating, and responding to threats. Safe Attachments is an element in Microsoft Defender for Office 365 that involves a virtual environment to browse connections in inbound email messages after they have been examined by anti-malware protection in Exchange Online Protection (EOP), however before conveyance to beneficiaries

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 107). Kindle Edition.

Question 43

Q

What tools can you use to detect threats in Azure SQL Managed Instance?

A. Microsoft Secure Score
B. application Security Groups
C. Azure Defender
D. Azure Bastion

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 25). Kindle Edition.

Answer

A

C. Azure Defender

Explanation:
Advanced Threat Protection for an Azure SQL Managed Instance detects unexpected and potentially hazardous attempts to access or exploit databases by detecting abnormal behaviors. Potential SQL injection, access from an odd location or datacenter access from an unfamiliar principal or potentially hazardous application, and brute force SQL credentials are all things that Advanced Threat Protection can detect. Click the View ongoing SQL, which will connect the email to send the Azure entrance and show the Microsoft Defender for Cloud alarms page, which outlines dynamic dangers recognized on the information base.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 108). Kindle Edition.

Question 44

Q

Which Azure Active Directory (Azure AD) element might you at any point use to limit Microsoft Intune devices from getting to corporate assets?

A.Network Security Groups (NSGs)
B.Azure AD Privileged Identity Management (PIM)
C. Conditional Access Policies
D. Resource Locks

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 25). Kindle Edition.

Answer

A

C. Conditional Access Policies

Explanation:
Conditional Access brings signals together to make decisions and enforce organizational policies. Azure AD Conditional Access is the core of the new identity-driven control plane. Common decisions of Azure AD Conditional Access: Block access Most restrictive decisions of Azure AD Conditional Access: Grant access For the least restrictive decision, one or more of the following options would be needed: Require multi-factor authentication Require device to be marked as compliant Require Hybrid Azure AD joined device Require approved client app Require app protection policy

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 108-109). Kindle Edition.

Question 45

Q

Azure Bastion can enable secure access to which types of resources?

A. Azure Files
B.Azure SQL Managed Instances
C. Azure Virtual Machines
D. Azure App Service

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 25). Kindle Edition.

Answer

A

C. Azure Virtual Machines

Explanation:
Azure Bastion allows you to access your virtual machines through RDP/SSH over TLS directly from the Azure site

Question 46

Q

What is a good reason to adopt Microsoft 365’s information barrier policies?

A.To restrict unauthenticated access to Microsoft 365 B.To restrict Microsoft Teams chats between certain groups within an organization
C.To restrict Microsoft Exchange Online email between certain groups within an organization
D.To restrict data sharing to external email recipients

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 26). Kindle Edition.

Answer

A

C.To restrict Microsoft Exchange Online email between certain groups within an organization

Explanation:
You can set policies using Microsoft Purview Information Barriers to restrict certain users from communicating with each other or let specified segments speak only with specific other segments.
You will use user account attributes, segments, ‘block’ and/or ‘allow’ policies, and policy application to construct policies for information barriers. In Azure Active Directory, user account attributes are defined (or Exchange Online). Department, job title, location, team name, and other job profile characteristics are examples of these features. Segments are groups of users in the Microsoft Purview compliance portal defined by a user account attribute. You have defined your barrier policies and are ready to implement them in your company.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 109-110). Kindle Edition.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 109). Kindle Edition.

Question 47

Q

Which score indicates how far a company has progressed in completing initiatives that help lower the risks associated with data security and regulatory compliance?

A. Microsoft Secure Score
B. Productivity Score
C.Secure score in Azure Defender
D. Compliance Score

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 26). Kindle Edition.

Answer

A

D. Compliance Score

Explanation:
Microsoft Purview Compliance Manager is a function of the Microsoft Purview compliance portal that makes handling your organization’s compliance obligations easier and more convenient. Compliance Manager can assist you with every step of the way, from assessing your data security threats to managing the intricacies of installing controls, remaining current with requirements and certifications, and reporting to auditors.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 110). Kindle Edition.

Question 48

Q

Which Microsoft portal provides details on how Microsoft cloud services adhere to regulatory standards such as those set forth by the International Organization for Standardization (ISO)?

A.The Microsoft Endpoint Manager Admin Center B.Azure Cost Management + Billing
C.Microsoft Service Trust Portal
D.The Azure Active Directory Admin Center

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 26). Kindle Edition.

Answer

A

C.Microsoft Service Trust Portal

Explanation:
The Microsoft Services Trust Portal provides details on Microsoft’s implementation of cloud services and the controls and processes that protect the customer data they contain. For further details, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 110). Kindle Edition.

Question 49

Q

What is Microsoft’s sole duty in the shared responsibility paradigm for an Azure deployment?

A.The management of mobile devices
B.The permissions for the user data stored in Azure C.The creation and management of user accounts D.The management of the physical hardware

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 26). Kindle Edition.

Answer

A

D.The management of the physical hardware

Explanation:
It is vital to understand the shared responsibility model, which security activities are handled by the cloud provider, and which tasks you handle when you investigate and evaluate public cloud services. Depending on whether the workload is hosted in a Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or on-premises datacenter, the workload duties differ. Responsibility is shared. You own the entire stack in an on-premises data center. Some duties are transferred to Microsoft as you move to the cloud. According to the type of stack deployment, the following graphic depicts the regions of responsibility between you and Microsoft. You own your data and identities regardless of the cloud deployment method. You are responsible for the security of your data and identities and your on-premises resources and cloud components (which vary by service type). You are always responsible for the following obligations, regardless of the method of deployment: Account Access Management Data Endpoints

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 111). Kindle Edition.

Question 50

Q

Give an example of encryption at rest.

A.Encrypting communications by using a site-to-site VPN
B.Encrypting a virtual machine disk
C.Accessing a website by using an encrypted HTTPS connection
D.Sending an encrypted email

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 27). Kindle Edition.

Answer

A

B.Encrypting a virtual machine disk

Explanation:
Encryption at Rest is a typical security necessity. In Azure, associations can encrypt information at rest without the gamble or cost of a custom key administration solution. Associations have the choice of allowing Azure totally to manage Encryption at Rest. Also, associations have different choices to intently manage encryption or encryption keys.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 112). Kindle Edition.

Question 51

Q

What is the purpose of Password Protection in Azure Active Directory (Azure AD)?

A.To control how often users must change their passwords
B.To identify devices to which users can sign in without using Multi-Factor Authentication (MFA)
C.To encrypt a password by using globally recognized encryption standards
D.To prevent users from using specific words in their passwords

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 27). Kindle Edition.

Answer

A

D.To prevent users from using specific words in their passwords

Explanation:
Azure Active Directory Password Protection detects and blocks recognized weak passwords and their variants and new weak keywords unique to your business. Default global banned password lists are automatically applied to all users in an Azure AD tenant using Azure AD Password Protection. You can create a bespoke banned password list to meet your specific business and security needs.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 112). Kindle Edition.

Question 52

Q

Which Azure Active Directory (Azure AD) component could you at any point use to assess group membership and naturally eliminate clients that never again require membership in a group?

A. Access Reviews
B. Managed Identities
C. Conditional Access Policies D.Azure Ad Identity Protection

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 27). Kindle Edition.

Answer

A

A. Access Reviews

Explanation:
Azure Active Directory (Azure AD) access reviews empower associations to effectively manage group enrollments, admittance to big business applications, and job tasks.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 112). Kindle Edition.

Question 53

Q

Which Microsoft 365 feature could you use at any point to limit correspondence and information sharing among individuals from two divisions at your association?

A. Sensitivity Label Policies
B. Customer Lockbox
C. Information Barriers
D.Privileged Access Management (PAM)

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 27). Kindle Edition.

Answer

A

C. Information Barriers

Explanation:
Microsoft Teams, SharePoint Online, and OneDrive for Business support data boundaries. Accepting your membership incorporates information barriers, a consistence executive, or data boundaries chairman can characterize approaches to permit or forestall interchanges between gatherings of clients in Microsoft Teams. Data information barriers can be utilized for circumstances like these: Client in the informal investor gathering should not impart or impart documents to the showcasing group Finance faculty chipping away at secret organization data should not convey or impart records to specific gatherings inside their association An inside group with proprietary advantage material should not call or talk online with individuals in specific gatherings inside their association An exploration group ought to just call or talk online with an item improvement group A site for informal investor gathering ought not to be shared to anybody outside the informal investor bunch

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 113). Kindle Edition.

Question 54

Q

You have an Azure membership. You really want to execute endorsement-based, time-bound job actuation. Which of the following would be recommended for you to utilize?

A.Windows Hello for Business
B.Azure Active Directory (Azure AD) Identity Protection C.access reviews in Azure Active Directory (Azure AD) D.Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 28). Kindle Edition.

Answer

A

D.Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

Explanation:
Privileged Identity Management (PIM) is an Azure Active Directory (Azure AD) assistant that empowers you to make due, control, and screen admittance to significant assets in your association. These assets remember assets for Azure AD, Azure, and other Microsoft Online Services, for example, Microsoft 365 or Microsoft Intune Associations need to limit the number of individuals who approach secure data or assets since that lessens the opportunity of a vindictive entertainer gaining admittance to an approved client, unintentionally affecting a delicate asset. Notwithstanding, clients actually need to do special tasks in Azure AD, Azure, Microsoft 365, or SaaS applications. Associations can give clients in the nick of time-restricted admittance to Endlessly sky blue AD assets and supervise how those clients are doing their restricted admittance.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 113-114). Kindle Edition.

Question 55

Q

What kind of identity is made when registering an application with Active Directory (Azure AD)?

A. A user account
B.A user-assigned managed identity
C.A system-assigned managed identity
D. A service principal

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 28). Kindle Edition.

Answer

A

D. A service principal

Explanation:
Whenever you register an application through the Azure portal, an application item and administration principles are consequently made in your home registry or occupant.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 114). Kindle Edition.

Question 56

Q

Which of the following uses a tiered security technique to delay an attack’s progress?

A. Shared Responsibility Model
B. Zero-Trust Methodology
C. CIA Model
D. Defense in Depth

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 28). Kindle Edition.

Answer

A

D. Defense in Depth

Explanation:
Defense in depth uses a layered approach to security to reduce the chances of a successful attack

Question 57

Q

A user wants to hear music. So he uses his Google account to log into the Spotify app. For further information, see the image below. Which of the following statements is NOT true in light of the above scenario?

A. Azure AD used by Spotify trusts Google
B. Google trusts Spotify’s Azure AD
C. There is a trust relationship between Spotify’s Azure AD & Google The user does not need a separate username and password to log into Spotify

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 29). Kindle Edition.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 28-29). Kindle Edition.

Answer

A

B. Google trusts Spotify’s Azure AD

Explanation:
Spotifys Azure AD trusts Google in the case above. However, this is the not the case. Unless the trust relationship is configure, Google does not trust Spotify

Question 58

Q

In entitlement management, you establish an access package and a set of resources to aid in onboarding new team members. In an access package, which of the following types of resources can you define (choose four options)?

A. Azure AD Enterprise Apps
B. SharePoint Online Sites
C. Azure Resources
D. Microsoft 365 Groups
E. Microsoft 365 Licenses
F. Azure AD Security Groups

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 29). Kindle Edition.

Answer

A

A. Azure AD Enterprise Apps
B. SharePoint Online Sites
D. Microsoft 365 Groups
F. Azure AD Security Groups

Explanation:
In Azure AD entitlement management, you define access packages to automate access request workflows, access assignments, and access expiration. This is critical since many users (whether new employees or those with recent role changes) are unsure of what access they require or to whom they should request it. The following are the sorts of resources defined in an access package, as seen in the figure above: Azure AD security groups and Microsoft 365 groups membership Access to Azure Active Directory apps and SaaS apps SharePoint Online site access Although you cannot manage access to Microsoft 365 licenses or Azure resources directly, you can create an Azure AD security group and allow users who require Microsoft 365 licenses access (via group-based licensing). For that group, you are required to create an Azure role assignment. If you have trouble understanding, the graphic above will help. So, the right answers are 1, 2, 4, and 6.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 115-116). Kindle Edition.

Question 59

Q

In the Azure portal, where can you enable workload protections?

A. Advisor
B. Azure AD Security
C. Microsoft Defender for Cloud
D. Azure Sentinel

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 30). Kindle Edition.

Answer

A

C. Microsoft Defender for Cloud

Explanation:
Microsoft takes a multi-layered security approach. Only Microsoft Defender for Cloud is a base layer (free, basic level of protection) Microsoft Defender for Cloud is a more advanced layer (paid, advanced protection with just-in-time access, Adaptive application controls, vulnerability assessment, etc.) Workload protections is accessed through Microsoft Defender for Cloud. Only after updating do you get the screen below.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 116-117). Kindle Edition.

Question 60

Q

Microsoft Azure Sentinel is a scalable, cloud-native SIEM/SOAR solution. What do the acronyms stand for?

A. Security Incident Event Management (SIEM), Security Orchestration Autonomous Response (SOAR)
B. Security Information Event Management (SIEM), Security Orchestration Automated Response (SOAR)
C. Security Incident Event Management (SIEM), Security Orchestration Automated Response (SOAR)
D. Security Information Event Management (SIEM), Security Orchestration Autonomous Response (SOAR)

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 30). Kindle Edition.

Answer

A

B. Security Information Event Management (SIEM), Security Orchestration Automated Response (SOAR)

Explanation:
Security Information Event Management (SIEM) is a consolidated repository for all log entries created by your infrastructure, resources, devices, firewall, and endpoints. It then uses these logs to create alerts and notify the administrator. SOAR (Security Orchestration Automated Response) automates your threat response by taking these signals (with playbooks). As a result, SOAR reduces incident reaction time. In a nutshell, if SIEM identifies suspicious behavior, it generates an alarm. SOAR processes alarms (including false positives) and generates an automatic reaction.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 117-118). Kindle Edition.

Question 61

Q

________________ is a feature in Microsoft Defender present for Endpoint that helps you actively detect threats.

A. Network Protection
B. Advanced Hunting
C. Next-Gen Protection
D. Automated Investigation

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 31). Kindle Edition.

Answer

A

B. Advanced Hunting

Explanation:
Microsoft Defender for Endpoint has several capabilities that could be useful during an exam. Advanced Hunting is the best option because it allows you to construct queries that actively seek hazards.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 119). Kindle Edition.

Question 62

Q

Which of the following compliance solution areas would you find in the Solutions catalog as a compliance data administrator when logging into the Microsoft 365 compliance center?

A. Communication compliance
B. Information protection & governance
C. Insider risk management
D. Data loss prevention
E. Discovery & response
F. Advanced eDiscovery

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 31). Kindle Edition.

Answer

A

B. Information protection & governance
C. Insider risk management
E. Discovery & response

Explanation:
The Microsoft 365 solutions catalog can help you find compliance and risk management solutions for your company. The compliance solution catalog is divided into three sections. Each solution area offers details on a variety of compliance options. The only three compliance solution categories are, as you might expect, insider risk management, information protection and governance, and discovery and response.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 119-120). Kindle Edition.

Question 63

Q

Which three sentences best explain the Zero Trust guiding principles? Each right answer contains the entire solution.

A.Define the perimeter by physical locations
B.Use identity as the primary security boundary C.Always verify the permissions of a user explicitly D.Always assume that the user system can be breached
E.Use the network as the primary security boundary

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 31-32). Kindle Edition.

Answer

A

B.Use identity as the primary security boundary
C.Always verify the permissions of a user explicitly
D.Always assume that the user system can be breached

Explanation:
The concept of zero trust is a security strategy. It is an approach to defining and implementing the following set of security principles rather than a product or service: Explicitly verify Use the least privileged access method Assume breach

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 120). Kindle Edition.

Question 64

Q

In the Azure portal, where can you enable Azure Defender?

A. Shared Responsibility Model
B. Zero-Trust Methodology
C. CIA Model
D. Defense in Depth

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 32). Kindle Edition.

Answer

A

D. Defense in Depth

Explanation:
Defense in Depth uses a layered approach to security to reduce the chances of a successful attack

Answer 59

A

A. Yes

Explanation:
The important privacy principles addressed by Microsoft are listed below. Control Transparency Security Strong legal safeguards No targeting by content Advantages for you When it comes to transparency, Microsoft claims to be transparent in its data collection practices.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 120-121). Kindle Edition.

Answer 60

A

C. Encryption

Explanation:
You can be certain that data is encrypted. The encryption key would then be available only to authorized users. The data can then be decrypted and read using the encryption key. Option B is improper because it is generally used to remove multiple copies of repeated data. Option A is wrong because it typically stores data that is not commonly used. Option D is inappropriate because it is typically used to lower data storage space.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 121). Kindle Edition.

Answer 61

A

D. Identity Provider

Explanation:
Microsoft’s identity supplier is Azure Active Directory. This is used for identity storage and access management. Azure Active Directory may handle identity and access in both Azure and Microsoft Office 365. Since Azure Active Directory is used for identity and access management, all other options are invalid.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 122). Kindle Edition.

Answer 62

A

B. No

Explanation:
Azure Active Directory comes with a variety of price options. The Free model is the most basic version. There is a feature limitation in this case. For example, you will not be able to use services like: Service Level Agreements (SLAs) Cloud users can reset their passwords themselves Management of group access

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 122). Kindle Edition.

Answer 63

A

A. Yes

Explanation:
You can construct a rule based on the network security group rule’s IP address, protocol, and port number. The sample screenshot below shows the IP address, protocol, and port number.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 122). Kindle Edition.

Answer 64

A

C. Azure Firewall

Explanation:
The Azure Firewall service can convert traffic from public IP addresses to private IP addresses and virtual networks. Option A is inappropriate since it enables access to your Azure virtual machines through RDP/SSH. Option B is wrong because it is used to filter traffic to your Azure virtual machine. Option D is inappropriate since it is used to safeguard your Azure resources from large-scale Internet threats.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 124). Kindle Edition.

Answer 65

A

A. Azure Bastion

Explanation:
The Azure Bastion service is a managed service that lets you connect to an Azure virtual machine through a browser or the Azure portal. Since this is a managed firewall service, Option B is inappropriate. Option C is wrong since it is used to filter traffic to and from your Azure virtual machines. Option D is inappropriate since it is used to safeguard your Azure resources from large-scale Internet threats.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 124). Kindle Edition.

Answer 66

A

A. Yes

Explanation:
Microsoft Defender for Endpoint service is compatible with Windows 10 devices.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 124). Kindle Edition.

Answer 67

A

B. Azure Blueprint

Explanation:
Azure Blueprints can be sued to deliver a group of artifacts. Resources such as ARM templates, resource groups, and role assignments are examples of artifacts
The artifacts can be deployed using Azure Blueprints
Option A is inappropriate because this is utilized as a governance mechanism for your Azure account’s resources. Option C is inappropriate because it is used to safeguard your Azure AD IDs. Option D is inappropriate because it prevents inadvertent resource loss and modification in Azure.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 125). Kindle Edition.

Answer 68

A

C. Customer Lockbox

Explanation:
Explanation: Microsoft Engineers occasionally require user data access to identify a problem. The Customer Lockbox functionality can be used to accomplish this. Option A is inappropriate since it is utilized to prevent a conflict of interest in the organization by restricting communication and collaboration between two groups. Option B is erroneous because it is used to look for material in Exchange emails, SharePoint sites, and OneDrive folders. Option D is wrong because it is utilized to provide just-in-time access to Microsoft 365 services.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 126). Kindle Edition.

Answer 69

A

D. Azure AD Connect

Explanation:
Identity synchronization from on-premises Active Directory to Azure Active Directory is done via Azure AD Connect. User identity synchronization can be accomplished using a variety of approaches. Option A is inappropriate because it is used to secure Azure identities. Option B is inappropriate because it is used to grant Azure conditional access. Option C is inappropriate because it provides users with rights in Azure Active Directory to control various elements.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 126). Kindle Edition.

Answer 70

A

A. Yes

Explanation:
Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Readonly lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, which ensures that the user is not allowed to delete the resource. In the given situation, the user can stop the virtual machine, create a new resource within this group, and change any resource created within “Ips” except to delete.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 126-127). Kindle Edition.

Answer 71

A

A. Azure Sentinel

Explanation:
Azure Sentinel can be used as a scalable, cloud-native solution for security information event management and security orchestration automatic response. Azure Sentinel may ingest data from various sources and monitor performance threats based on that data. Option B is inaccurate because, while Microsoft Defender for Cloud can provide various security metrics and recommendations for your environment, it cannot deliver a full orchestration and response-based solution. Option C is inappropriate because you are using Azure’s identity-based solution. Option D is inappropriate because it is used to secure your Azure identities.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 127-128). Kindle Edition.

Answer 72

A

A. Yes

Explanation:
Explanation: When constructing an Azure Blueprint, you can include several artifacts. Role assignment is one of them. Below is a screenshot of this.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 128). Kindle Edition.

Answer 73

A

C. Azure Defender

Explanation:
You can use Azure Defender to enable intelligent security of your Azure resources and your on-premises infrastructure. As illustrated below, this is an extra security capability included with Microsoft Defender for Cloud. Option D is inappropriate because it is utilized for Azure account resource governance. Option B is inappropriate because it is used to deploy various assets to your Azure account. Option A is wrong because this is a repository for personal information.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 128-129). Kindle Edition.

Answer 74

A

D. Azure Web Application Firewall

Explanation:
To secure web applications from common exploits and vulnerabilities, utilize the Azure Web Application Firewall in conjunction with the Azure Application Gateway resource. For example, it can assist defend against SQL injection and cross-site scripting attacks. Option C is wrong because this is a managed firewall service for the Azure virtual network resources. Option A is wrong because it is utilized for Azure resource governance. Option B is inappropriate because it is used to secure your Azure AD accounts.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 129-130). Kindle Edition.

Answer 75

A

B. Encryption at Rest

Explanation:
This concept is matched to the idea of encrypting data while it is in transit. The data on the physical media is encrypted in this case. All other possibilities are erroneous since the phrase “rest” refers to data stored on the physical device.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 130). Kindle Edition.

Answer 76

A

B. No

Explanation:
Azure Firewall is a managed service for securing your Azure virtual network resources. However, it cannot encrypt incoming traffic to Azure virtual machines.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 130). Kindle Edition.

Answer 77

A

A. Active Directory - Password

Explanation:
Use Active Directory password authentication when connecting with an Azure AD principal name using the Azure AD managed domain

Answer 78

A

C. Active Directory – Integrated

Explanation:
When using a federated solution with your on premise AD, you should use the authentication type as Active Directory - Integrated into Microsoft SQL Server Management Studio

Answer 79

A

B. Medium

Explanation:
This event is associated with the Medium risk level. This is also given in the Microsoft documentation. Since this is clearly given in the Microsoft documentation, all other options are incorrect

Answer 80

A

B. This specifies the type of service you can use in Azure

Explanation:
There are multiple ways of identity management in Azure. One and most implemented secure method is Multi-Factor Authentication (MFA). MFA can be implemented using fraud alerts, blocking/unblocking users, phone call settings, notification verification, etc. Such an authentication method is termed a conditional access policy that can be achieved by Azure Active Directory (AAD).

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 132). Kindle Edition.

Answer 81

A

C. Locks

Explanation:
Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Readonly lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, to ensure that the user is not allowed to delete the resource. Option A is invalid because it defines the security features for the protection of resources. Option B is invalid because it provides access rights to an authorized user. Option D is invalid because it shows the configuration of the selected resource.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 133). Kindle Edition.

Answer 82

A

D. Network Security Group

Explanation:
Explanation: Network Security Group (NSG) has a set of security rules that enable some special VMs to allow or not allow the inbound and outbound traffic load from other resources. The given figure shows the step to make the validity of the correct port for inbound traffic flow.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 133). Kindle Edition.

Answer 83

A

A. Azure DDoS Protection

Explanation:
Azure DDoS Protection Services protect the applications against targeted DDoS attacks. With DDoS Protection, the traffic always remains within the Azure data center. It also helps in the performance because as Azure DDoS protection does the attack mitigation, that’s how traffic does not leave the data center. Option B is invalid because the Azure Key Vault provides the protection of application secrets in encrypted form. Option C is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. Option D is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 134-135). Kindle Edition.

Answer 84

A

C. Azure Key Vault

Explanation:
Azure Key Vault store the secret and password. It allows sharing passwords and secrets with others in a hidden form so that no one can view the actual secret. Option A is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Option B is invalid because the DDoS Protection service protects an application against DDoS attacks. Option D is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 135). Kindle Edition.

Answer 85

A

B. No

Explanation:
Azure Firewall defines the rules for the incoming and outgoing traffic in the network to ensure the security of resources in the network. It does not create a blockage between Azure and the internet. It provides the secure protection layer between Azure and the internet to provide throughput without any unwanted incident or blockage.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 135-136). Kindle Edition.

Answer 86

A

D. Azure Multi-Factor Authentication

Explanation:
Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. MFA is based on “Something you know (id and password), something you have (phone or other hardware), and something you are (face recognition or biometric).” Option A is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Option B is invalid because the DDoS Protection service protects an application against DDoS attacks. Option C is invalid because the Azure Key Vault provides the protection of application secrets in encrypted form.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 136). Kindle Edition.

Answer 87

A

B. No

Explanation:
Azure Active Directory service provides a combination of application access management and identity protection services. This service allows access to specific services to a specific user who has a license for access to this type of service. There are multiple licenses assigned to one user depending upon their service demand.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 136). Kindle Edition.

Answer 88

A

B. No

Explanation:
Network Security Group (NSG) is required in the configuration of a Virtual Network (VNet) where different Virtual Machines (VM) within the subnet are connecting with each other. NSG uses Access Control List (ACL) rules to allow or deny network traffic access to subnet or VM. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 137). Kindle Edition.

Answer 89

A

B. No

Explanation:
Network Security Group (NSG) is required in the configuration of a Virtual Network (VNet) where different Virtual Machines (VM) within the subnet are connecting with each other. NSG uses Access Control List (ACL) rules to allow or deny network traffic access to subnet or VM. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 137). Kindle Edition.

Answer 90

A

A. Yes

Explanation:
Azure AD service is a management service that combines identity protection service and access management. Many users can securely access the Azure service by just entering the user name and password

Answer 91

A

D. Azure Locks

Explanation:
Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Read-only lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, to ensure that the user is not allowed to delete the resource. Option A is invalid because Azure Identity protection monitors every user’s identity in different phases. Option B is invalid because Azure Role-Based Access Control (RBAC) provides the access management of Azure resources. Option C is invalid because Azure Policies defines the rules and plans an organization can apply for better provision of services and resources.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 138). Kindle Edition.

Answer 92

A

D. Azure Key Vault

Explanation:
Azure Key Vault stores the secret and password. It allows sharing passwords and secrets with others in a hidden form so that no one can view the actual secret. Azure Key Vault has two main purposes: centralization and protection of application secrets, certificates, encryption keys, and secrets backed by the Hardware Security Module (HSM). Option A is invalid because Azure Storage Account allows the storage of data objects, files, and messages. Option B is invalid because Azure Identity Protection monitors every user’s identity in different phases. Option C is invalid because Microsoft Defender for Cloud allows users to monitor the security features for the Azure resources and on-premises.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 138). Kindle Edition.

Answer 93

A

B. Dynamic Scalability

Explanation:
Scalability is managing the traffic load and providing service without affecting network performance. This feature automatically allocates resources to meet the performance requirement defined in Service Level Agreement (SLA). Option A is invalid because Disaster Recovery is a mandatory plan adopted by each IT organization to protect its IT majors. It keeps the running applications available during recovery and does not harm any other service, whether on-premises or Azure. Option C is invalid because fault tolerance refers to the ability to provide guaranteed services during downtime. Option D is invalid because it ensures the quick access of resources by the user over the internet. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 139). Kindle Edition.

Answer 94

A

B. Azure AD B2C is a Customer Identity Access Management (CIAM) solution

Explanation:
Azure AD B2C is a Customer Identity Access Management (CIAM) solution. Azure AD B2C allows external users to sign in with their social or local account identities to get single sign-on to applications. Azure AD B2C supports millions of users and billions of authentications per day. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 139). Kindle Edition.

Answer 95

A

A. B2B collaboration allows sharing of an organization’s applications and services with guest users from other organizations while maintaining control over their own data.

Explanation:
B2B collaboration allows sharing of an organization’s applications and services with guest users from other organizations while maintaining control over their data. B2B collaboration uses an invitation and redemption process, allowing external users to access organizations’ resources with their credentials.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 139-140). Kindle Edition.

Answer 96

A

A. 2

Explanation:
There are two Azure AD External Identities:

B2B
B2C

Answer 97

A

C. Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can “bring their own identities” to sign in

Explanation:
Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can “bring their own identities” to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 98

A

C. A and B

Explanation:
Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can “bring their own identities” to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 99

A

C. 4

Explanation:
Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can “bring their own identities” to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 100

A

C. When system-assigned identity is enabled, an identity is created in Azure AD that is linked to the lifecycle and stages of that service instance

Explanation:
Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can “bring their own identities” to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 101

A

A. A user-assigned managed identity is assigned to one or more than one instance of an Azure service

Explanation:
A managed identity is managed by Azure AD. Managed identities are used to manage the credentials for the authentication of a cloud application with Azure service. There are benefits if we use managed identities; among them, some are listed below: Application developers can use the services that support managed identities for Azure resources Any Azure service supporting Azure AD authentication can get its hands on the managed identities to authenticate to another Azure service. We can take the example of accessing Azure Key Vault here.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 140-141). Kindle Edition.

Answer 102

A

B. Used to access particular Azure resources

Explanation:
This service principal is used to access particular Azure resources. The service principal defines what an application would do to the tenant, such as who can access the application and what resources the application is allowed to access.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 142). Kindle Edition.

Answer 103

A

C. A piece of hardware, such as mobile devices, laptops, servers, or printers

Explanation:
A device is said to be a piece of hardware, such as mobile devices, laptops, servers, or printers. Device identities are set up in different ways in Azure AD so that the device owner can determine properties. An organization’s assets can be protected if devices are managed properly by using tools such as Microsoft Intune to maintain security standards. Azure AD also lets the devices have a single sign-on. This property can be enabled on applications too. There are many options for devices to get access to Azure AD: Azure AD registered devices: These can be Windows 10, iOS, Android, or macOS devices Azure AD joined: These devices exist only in the cloud. Azure AD joined devices are owned by an organization and are signed in with their account. Windows 10 devices (except Windows 10 Home) can be configured in Azure AD Hybrid Azure AD joined devices: These are Windows 7, 8.1, or 10, Windows Server 2008, or newer ones

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 142-143). Kindle Edition.

Answer 104

A

B. Representation of everything that is managed by Azure AD

Explanation:
User identity is the representation of everything that is managed by Azure AD. Employees and guests are the users of Azure AD. A group can be created if several users have the same need for access. A group permits access to all the group members in place of assigning rights individually.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 143). Kindle Edition.

Answer 105

A

A. Microsoft’s cloud-based identity and access management service

Explanation:
Azure Active Directory, also known as Azure AD, is Microsoft’s cloud-based identity and access management service. When an organization’s employees, guests, and other people want to achieve access to the resources they majorly need, Azure AD is used. These resources include: Internal resources External services

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 143). Kindle Edition.

Answer 106

A

B. 2

Explanation:
There are two types of Azure Active Directory resources: Internal resources: These internal resources include the applications on an organization’s corporate network and on intranet and cloud apps that the organization itself develops External services: External services include Microsoft Office 365, the Azure portal, and SaaS applications that an organization uses

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 143-144). Kindle Edition.

Answer 107

A

C. Windows 10, iOS, Android, or macOS

Explanation:
These can be Windows 10, iOS, Android or macOS devices

Answer 108

A

A. Multi-Factor Authentication

Explanation:
MFA stands for Multifactor authentication. With the increasing modifications and advancements, people realized that passwords are still in danger. Hence, this thought brought multifactor authentication into origination. Multi-factor authentications require more than one verification form, like a fingerprint scan, which eliminates questions about compromised password security.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 144). Kindle Edition.

Answer 109

A

B. Includes the employer call or location

Explanation:
Custom banned password lists admins also can create customer banned password lists to assist unique enterprise safety needs.
The custom banned password listing prohibits passwords that include the employer call or local

Answer 110

A

C. Six

Explanation:
Mobile app notification Mobile app code Email Mobile phone Office phone Security questions

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 145). Kindle Edition.

Answer 111

A

A. SSPR

Explanation:
Self-Service Password Reset (SSPR) is a feature of Azure AD that allows users to change or reset their password without an administrator or the help of desk involvement.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 145). Kindle Edition.

Answer 112

A

A. Two

Explanation:
There are two configurations available for Windows Hello: Windows Hello convenience PIN Windows Hello for Business

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 145). Kindle Edition.

Answer 113

A

B. Mobile Device Management

Explanation:
Windows Hello for Business is configured by Group Policy or Mobile Device Management (MDM) policy, such as Microsoft Intune. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 146). Kindle Edition.

Answer 114

A

A. PIN or a biometric

Explanation:
Windows Hello is an authentication feature built into Windows 10. It replaces two-factor authentication on mobiles and PCs. A user credential is connected to a device that uses a PIN or a biometric.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 146). Kindle Edition.

Answer 115

A

A. OATH

Explanation:
Open Authentication is the full form of OATH. An open standard tells how time-based, one-time password (TOTP) codes are brought about. OATH TOTP is implemented using software or hardware to initiate the codes.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 146). Kindle Edition.

Answer 116

A

D. All the above

Explanation:
Three things are required by the Azure Active Directory Multi-Factor Authentication to work: Something you know: a password or PIN Something you have: a trusted device that’s not easily duplicated, like a phone or hardware key Something you are: biometrics which includes a fingerprint or face scan.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 146-147). Kindle Edition.

Answer 117

A

A. Four

Explanation:
In multi-factor authentication, extra forms of verification are used with Azure Active Directory Multi-Factor Authentication, which are: the Microsoft Authenticator app, SMS, Voice call, and OATH Hardware token.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 147). Kindle Edition.

Answer 118

A

A. More than one verification

Explanation:
Multifactor authentications require more than one verification form, like a fingerprint scan, which eliminates the questions about password security being compromised. Fingerprint scan has made identities very authentic and secure. This new advancement has undeniably improved security and protection and is very simple for users.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 147). Kindle Edition.

Answer 119

A

B. A set of basic identity security mechanisms

Explanation:
Microsoft recommends security defaults, a set of basic identity security mechanisms that start working on an organization as soon as they are enabled. The goal of these mechanisms is to provide security without any extra cost.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 147). Kindle Edition.

Answer 120

A

C. Fast Identity Online

Explanation:
FIDO stands for Fast Identity Online, an alliance that promotes open authentication standards and aims to minimize the reliance on passwords as a form of authentication. FIDO2 allows users to sign in using an external security key. The external key can be a USB device, lightning connector, Bluetooth, or NFC. The user never has to enter a password in whichever form it has implemented FIDO2.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 148). Kindle Edition.

Answer 121

A

C. TOTP

Explanation:
Open Authentication is the full form of OATH. An open standard tells how Time-Based, One-Time Password (TOTP) codes are brought about.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 148). Kindle Edition.

Answer 122

A

B. A feature of Azure AD

Explanation:
Conditional access is an Azure AD feature that adds another degree of security before authorized users can access data and other assets. Azure AD creates and manages policies that implement conditional access. Conditional access rules automate the choice to grant access to resources by analyzing signals such as people, locations, devices, applications, and dangers (apps and data).

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 148). Kindle Edition.

Answer 123

A

A. QnA

Explanation:
Conditional Access App Control for cloud apps leverages signals from Microsoft Defender to prevent sensitive document downloads, cuts, copies, and prints or to request that sensitive files be marked.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 149). Kindle Edition.

Answer 124

A

B. Seven

Explanation:
There are seven signals: Membership of users or groups Named Location Information Terminal Application Real-time sign-in risk detection Cloud apps and actions User risk

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 149). Kindle Edition.

Answer 125

A

A. Three

Explanation:
Azure AD-specific roles: These roles only provide access to Azure AD resources. For example, user admins, application admins, and group admins all provide permissions to handle Azure AD resources. Service-specific roles: Roles relevant to the service: Azure AD provides built-in service-specific roles for major Microsoft 365 services that grant access to manage features within the service. For example, you may manage functionality in each service using Azure AD’s built-in roles for Exchange admin, Intune admin, SharePoint admin, and Teams admin. Cross-service roles: Roles that transcend services: Azure AD includes several roles spanning services. Security-related roles, such as a security administrator who allows access to some security services in Microsoft 365, are available in Azure AD. The Compliance Administrator role can also administer compliance-related settings like Microsoft 365 Compliance Center and Exchange.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 150). Kindle Edition.

Answer 126

A

Three

Explanation:
Many Azure ADIN roles have a set of permissions that they roll out. The following are some of the most popular integration roles: Global Administrator - Users with this role have full access to all Azure Active Directory administration functions. The user who created the Azure Active Directory tenant becomes a global administrator by default. User Administrator - Users with the user administrator position can create and manage all elements of users and groups. This position also requires managing support tickets and tracking service status. Billing Administrator – Users with the Billing Administrator role make purchases, manage subscriptions and support tickets, and keep track of service status. All built-in roles are permission packages that have been pre-configured for specific purposes. A built-in role’s permissions are set in stone and cannot be changed.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 150-151). Kindle Edition.

Answer 127

A

C. 3

Explanation:
Identity Protection is a tool that enables organizations to perform three main tasks, which are as follows: Automate identity-based risk detection and remediation Investigate the risks to the data in the portal Export the risk detection data to a third-party utility for further analysis

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 151). Kindle Edition.

Answer 128

A

D. Privileged Identity Management is a service in Azure Active Directory (Azure AD) that allows you to manage, control, and monitor access to critical resources in your organization

Explanation:
Privileged Identity Management (PIM) is an Azure Active Directory (Azure AD) service that allows you to manage, control, and monitor access to critical resources in your organization. This includes resources for Azure AD, Azure, and other Microsoft online services such as Microsoft 365 and Microsoft Intune.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 151-152). Kindle Edition.

Answer 129

A

A. This type of risk detection identifies two logins originating from geographically separated locations

Explanation:
This type of risk detection identifies two logins originating from geographically separated locations. In this case, at least one location may not be common to the user based on past behavior.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 152). Kindle Edition.

Answer 130

A

B. Provides privileged access only when needed

Explanation:
Just-in-time provides privileged access only when needed, not previously.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 152). Kindle Edition.

Answer 131

A

A. An identity governance feature allows organizations to manage their identities and gain extensive access to their lifecycle

Explanation:
Permissions management is an identity governance feature that allows organizations to manage their identities and gain extensive access to their lifecycle. Permission management automates access request workflows, access assignments, reviews, and expiration dates.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 152). Kindle Edition.

Answer 132

A

B. 3

Explanation:
Azure AD Identity Governance allows organizations to perform the following tasks: Govern the identity lifecycle Govern access lifecycle Secure privileged access for administration

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 153). Kindle Edition.

Answer 133

A

A. Management of ID lifecycle users

Explanation:
Management of ID lifeycle users is the focus of identity management

Answer 134

A

A. Manage Permissions

Explanation:
If a user not already in the directory requests and approves access, the user is automatically invited to the directory and granted access. If your access has expired and no other access packages have been assigned, your B2B account may be automatically removed from the directory. A feature of Azure AD Premium P2, Manage Permissions, uses access packages to manage access to resources.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 153). Kindle Edition.

Answer 135

A

C. Trust no one, verify everything

Explanation:
“Trust no one, verify everything.” This is a principle upon which Zero Trust Methodology operates. It believes that nothing is worth our trust, even the resources behind the firewalls of a corporate network.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 153-154). Kindle Edition.

Answer 136

A

B. Salting Passwords

Explanation:
To avoid such risks, a fixed-length random value is added to the input of the hash function to create a new hash for all the given inputs. This process is called ‘salting’ the passwords.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 154). Kindle Edition.

Answer 137

A

A. First

Explanation:
The first and initial stage of the life cycle of the cloud adoption framework is defining strategies so that all the other stages can proceed without any hurdles.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 154). Kindle Edition.

Answer 138

A

A. PaaS serves for building, testing, and deploying software applications

Explanation:
PaaS serves for building, testing, and deploying software applications. PaaS aims to help you create an application quickly without dealing with any problem that comes in the way of proficiently managing the infrastructure.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 154). Kindle Edition.

Answer 139

A

A. Azure Active Directory

Explanation:
Azure Active Directory will be the next evolution of identity and access management solutions

Answer 140

A

A. The central component in organizations with an on-premises IT foundation

Explanation:
AD DS is the central component in organizations with on-premises IT foundations. Through AD DS, organizations can manage multiple on-premises infrastructure components and systems that use a single identity for each user.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 155). Kindle Edition.

Answer 141

A

B. Single Sign-on

Explanation:
Single sign-on is the full form of SSO. It is an authentication solution that allows users to safely log in to numerous apps and websites with just one set of credentials.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 155). Kindle Edition.

Answer 142

A

A. Client and Server

Explanation:
Modern authentication is a term used for authentication and authorization methods between a client and server

Answer 143

A

B. Identity Provider

Explanation:
Identity provider plays the main role in modern authentication. An identity provider creates, maintains, and manages all identity information while offering authentication, authorization, and auditing services.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 156). Kindle Edition.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 155). Kindle Edition.

Answer 144

A

B. Create a new network security rule that allows RDP traffic and that has a higher priority than the default rule

Explanation:
You can create a new rule to allow RDP with a higher priority than the default rule

Answer 145

A

B. Standard

Explanation:
The Standard service tier offers additional mitigation capabilities tuned specifically to Microsoft Azure Virtual Network resources. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 156). Kindle Edition.

Answer 146

A

A. Azure Bastion is deployed per virtual network, with support for virtual network peering

Explanation:
Azure Bastion deployment is per virtual network with support for virtual network peering, not per subscription/account or virtual machine.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 156). Kindle Edition.

Answer 147

A

C. Azure Key Vault

Explanation:
Azure Key Vault is a unified cloud service for storing your application secrets

Answer 148

A

A. Azure Security Benchmark

Explanation:
The Azure Security Benchmark offers prescriptive best practices and recommendations to help enhance the security of workloads, data, and services on Azure.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 157). Kindle Edition.

Answer 149

A

B. Remediate security recommendations

Explanation:
Remediate security recommendations from the recommendations list to enhance a secure score.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 157). Kindle Edition.

Answer 150

A

B. Network Map

Explanation:
The network map offers a map of the topology of your network workloads, which allows you to block unwanted connections.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 157). Kindle Edition.

Answer 151

A

B. Collect, Detect, Investigate, and Respond

Explanation:
A SIEM/SOAR solution uses to collect, identify, investigate, and respond to identify and protect your organization’s network perimeter.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 152

A

A. Azure Monitor Workbooks

Explanation:
Explanation: The Microsoft Sentinel integration with Azure Monitor Workbooks lets you monitor data and offers versatility in creating custom workbooks.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 153

A

A. Microsoft Defender for Office 365

Explanation:
Microsoft Defender for Office 365 protects against malicious threats posted by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 154

A

C. Data Security

Explanation:
An admin can detect and control sensitive information and react to classification labels on content through the Data Security pillar.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 155

A

B. Microsoft Defender for Identity

Explanation:
Microsoft Defender for Identity is a cloud-based security solution that recognizes, detects, and facilitates investigating advanced threats, compromised identities, and malicious insider actions directed at your organization.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 156

A

B. Secure Score

Explanation:
In the M365 Defender portal, Secure Score will give a snapshot of an organization’s security posture and offer details on how to improve it.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 157

A

A. Group by topic

Explanation:
Use this filter to view security cards arranged by risk, detection trends, configuration, and health.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 158

A

C. Incidents

Explanation:
An incident is a set of correlated alerts that make up the story of an attack. For further detail, you can visit the given URL.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 159

A

A. Mobile Application Management (MAM)

Explanation:
This service will allow you to manage apps on your employee’s mobile devices without needing full control.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 160

A

C. Windows devices

Explanation:
Security baseline settings are used only on Windows 10 version 1809 or later tools.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 161

A

B. 100

Explanation:
The DDoS Standard Protection service has a fixed monthly charge that includes protection for 100 resources, and protection for additional resources is charged monthly per resource.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 162

A

C. Both of the above

Explanation:
Bastion provides a secure RDP and SSH connectivity to all VMs in the virtual and peered virtual networks in which it is provisioned.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 163

A

A. SIEM

Explanation:
A SIEM system is a tool that an organization uses to gather data from across the whole estate, including infrastructure, software, and resources.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 161). Kindle Edition.

Answer 164

A

B. SOAR

Explanation:
The SOAR system triggers action-driven automated workflows and processes to run security tasks that lessen the issue.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 161). Kindle Edition.

Answer 165

A

A. CSPM

Eplanation:
CSPM uses tools and services to monitor and prioritize security enhancements and features in your cloud environment

Answer 166

A

A. CSPM

Explanation:
CSPM uses tools and services to monitor and prioritize security enhancements and features in your cloud environment

Answer 167

A

A. Customer control, transparency, and security

Explanation:
The foundation of Microsoft’s approach to privacy is created on the following six principles: customer control, transparency, and security, strong legal protections for privacy, no content-based targeting, and advantages to customers.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 162). Kindle Edition.

Answer 168

A

A. Compliance Administrator Role

Explanation:
Compliance Administrator Role is one of the multiple roles you can use to get into the Compliance Center

Answer 169

A

C. Controls that both your organization and Microsoft share responsibility for executing

Explanation:
Both your organization and microsoft work together to execute these controls

Answer 170

A

A. Compliance Manager is an end-to-end Microsoft 365 Compliance Center solution that allows admins to manage and track compliance activities

Explanation:
Compliance Manager offers admins the capabilities to understand and improve their compliance score to understand and improve their compliance score to enhance the organizations compliance posture and help it stay in line with its compliance requirements

Answer 171

A

C. Govern your data

Explanation:
Capabilities like retention policies, retention labels and records management allows organizations to govern their data

Answer 172

A

C. Use sensitive information types

Explanation:
Microsoft provides built in sensitive information types that you can use to detect data such as credit card numbers

Answer 173

A

B. Use sensitivity labels

Explanation: Sensitivity labels help ensure that emails can only be decrypted by users authorized by the label’s encryption settings.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 163). Kindle Edition.

Answer 174

A

A. Use data loss prevention policies

Explanation:
With data loss prevention policies administrators can now define policies that stop users from sharing sensitive information in a Microsoft Teams chat session or Teams channel

Answer 175

A

C. Use retention policies

Explanation:
You can use retention policies to describe data retention for all documents on a SharePoint site

Answer 176

A

A. To detect and defend against risks like an employee sharing confidential information

Explanation:
Use risk management to help safe guard your organization against these risks

Answer 177

A

B. Use Communication Compliance

Explanation:
Communication compliance helps reduce communication risks by allowing you to detect, capture and take remediation actions for inappropriate messages in the organization

Answer 178

A

C. Use information barriers

Explanation:
With information barriers, you can restrict communications among specific groups of users when necessary

Answer 179

A

A. Add them as a member of the eDiscovery Manager role group

Explanation:
Members of this role group can make and manage Core eDiscovery cases

Answer 180

A

C. Advanced eDiscovery

Explanation:
Advanced eDiscvoery allows you to collect and copy data into review sets, where you can filter, search and tag content to identify and focus on the most relevant content

Answer 181

A

A. Advanced Auditing

Explanation:
Advanced Auditing helps organizations organize forensic and compliance investigations by offering access to these crucial events.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 165). Kindle Edition.

Answer 182

A

C. Azure Blueprints

Explanation:
Azure Blueprint will allow your development teams to define a repeatable set of Azure resources and achieve shorter development time and faster delivery

Answer 183

A

B. Use Azure Policy

Explanation:
Azure Policy ensures that your Azure resources comply with your organizations business rules

Answer 184

A

B. Data Map

Explanation:
Azure Purview Data Map can capture metadata about enterprise data to identify and classify sensitive data

Answer 185

A

C. Both of the above

Explanation:
Admins can customize the card section by moving cards around or adding/removing cards displayed on the home screen

Answer 186

A

A. Controls

Explanation:
It defines how to assess and manage system configuration, organizational process, and people responsible for meeting a specific regulation requirement, standard or policy

Answer 187

A

A. Manager

Explanation:
Compliance Manager is an end to end solution in Microsoft 365 compliance center to allow admins to manage and track compliance activities

Answer 188

A

B. Score

Explanation:
A compliance score is a calculation of the overall compliance posture across the organization and the compliance score is available through the Compliance Manager

Answer 189

A

A. Protection

Explanation:
MIcrosoft Information Protection (MIP) discovers, classifies, and keeps sensitive and business critical content throughout its lifecycle across your organization

Answer 190

A

B. Governance

Explanation:
MIcrosoft Information Governance (MIG) manages your content lifecycle using solutions to import, store and classify business critical data so you can keep what you need and delete what you do not

Answer 191

A

B. Activity

Explanation:
Activity explorer offers visibility into what content has been discovered and labeled and where that content is

Answer 192

A

A. Active Directory - Password

Explanation:
Use Active Directory password authentication when connecting with an Azure AD principal using the Azure AD managed domain

Answer 193

A

B. An Azure Active Directory (Azure AD) role assignment

Explanation:
Azure also creates a service principal to support cluster operability with other Azure resources when you create an AKS cluster. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you must create an Azure AD role assignment that grants the cluster’s service principal access to the container registry.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 169). Kindle Edition.

Answer 194

A

A. From Azure Monitor, create an action group.

Explanation:
An alert is sent out when Azure Monitor data suggests that your infrastructure or application may be experiencing a problem. Action groups are then used by Azure Monitor, Azure Service Health, and Azure Advisor to inform users of the alert and initiate a response. The owner of an Azure subscription can specify a group of notification preferences known as an action group.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 170). Kindle Edition.

Answer 195

A

D. Pass-through authentication with seamless single sign-on

Explanation:
The Microsoft documentation has a clear decision tree regarding which method to use if you want to use both your on-premises Active Directory and Azure AD. This shows a clear path if you want to enforce user-level Active directory policies. Options A and B are incorrect since you would need to implement additional servers for Active Directory Federation Services. And there is a key requirement to reduce the “number of servers required for the entire implementation”. Option C is incorrect since this would not allow for the enforcement of Active Directory rules.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 170-171). Kindle Edition.

Answer 196

A

B. From Microsoft Defender for Cloud, configure adaptive application controls.

Explanation:
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Microsoft Defender for Cloud. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 171-172). Kindle Edition.

Answer 197

A

B. Self-Service Password Reset for cloud users

Explanation:
SSPR feature is available in Azure Active Directory and is also used for help desk professionals.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 172). Kindle Edition.

Answer 198

A

B. No

Explanation:
Azure Key Vault is a useful service that hides the actual passwords and keys from other parties. It secures the network by defining the access policy that allows secure access to secrets and passwords.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 172). Kindle Edition.

Answer 199

A

D. Azure Multi-Factor Authentication

Explanation:
Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. MFA is based on “Something you know (id and password), something you have (phone or other hardware), and something you are (face recognization or biometric)”. Option A is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Option B is invalid because the DDoS Protection service protects an application against DDoS attacks. Option C is invalid because the Azure Key Vault provides the protection of application secrets in encrypted form.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 172-173). Kindle Edition.

Answer 200

A

C. Azure Network Security Group

Explanation:
Network Security Group (NSG) is required in the configuration of a Virtual Network (VNet) where different virtual machines (VM) within the subnet are connecting with each other. NSG uses Access Control List (ACL) rules to allow or deny network traffic access to the subnet or VM. Option A is invalid because the DDoS Protection service protects applications against DDoS attacks. Option B is invalid because the Azure Key Vault provides the protect application secrets in encrypted form. Option D is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 173). Kindle Edition.

Answer 201

A

A. Yes

Explanation:
Azure Active Directory service is a management service that combines identity protection service and access management. Many users can securely access the Azure service by entering their username and password.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 173). Kindle Edition.

Answer 202

A

B. No

Explanation:
Azure Active Directory holds users and groups in Azure. To reduce the cost overhead, the elimination of users from Azure Active Directory (AD) is not a solution. Azure AD offers to create 500,00 objects for free which include both users and groups.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 174). Kindle Edition.

Answer 203

A

B. No

Explanation:
Azure AD service is used for better and more secure access to resources. It is a mandatory service when users create an Azure account. There is no need to implement any domain controller service in Azure. Azure is a Platform as a Service (PaaS) where all the infrastructural work is managed by Microsoft.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 174). Kindle Edition.

Answer 204

A

B. No

Explanation:
Azure Active Directory holds users and groups in Azure. Eliminating users from Azure Active Directory (AD) is not a solution to reduce the cost overhead. Azure AD offers to create 500,00 objects for free, including users and groups.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 174). Kindle Edition.

Answer 205

A

C. Azure AD Identity Protection

Explanation:
Multi-Factor Authentication (MFA) is a multi-layer authentication process that checks the user’s identity at different levels, such as username and password detection, Biometric verification, sending code on the given device, etc. Azure AD Identity protection monitors every user’s identity in different phases. It helps MFA to create an authentication level using different key requirements. Option A is invalid because it provides protection services against DDoS attacks. Option B is not used because Azure privileged identity management is responsible for managing and monitoring important resources for a limited period. Option D is invalid because Microsoft Defender for Cloud allows users to monitor the security features for the Azure resources and on-premises.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 175). Kindle Edition.

Answer 206

A

B. No

Explanation:
There are multiple ways of identity management in Azure. One and most implemented secure method is Multi-Factor Authentication (MFA). MFA can be implemented using fraud alerts, blocking/unblocking users, phone call settings, notification verification, etc. Such an authentication method is termed a conditional access policy that can be achieved by Azure Active Directory (AAD).

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 175). Kindle Edition.

Answer 207

A

A. True

Explanation:
Azure AD is the first service created when users sign in. It provides multiple ways of protection features when users log in to Azure. For authorization, access management policies are used in Azure. Azure AD is the directory service that stores information and provides secured and authorized user access to the resources.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 176). Kindle Edition.

Answer 208

A

B. No

Explanation:
Azure Management Groups manage resources in the Resource Group. It managed resources in a hierarchy so the resources could be easily scaled up and down.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 176). Kindle Edition.

Answer 209

A

A. Microsoft Office 365

Explanation:
Microsoft Office 365, a Software as a Service (SaaS) platform that allows users to access the application without managing and controlling the underlying cloud infrastructure. Options B and C are invalid because they are PaaS that gives users access to software development resources to create their own applications using programming languages, services, and libraries. Option D is invalid because Virtual Machine is an Infrastructure as a Service (IaaS) platform that allows users to access resources in a virtual environment.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 176). Kindle Edition.

Answer 210

A

B. No

Explanation:
Content Delivery Network (CDN) is a distributed network of servers that can deliver web content close to users. Within Azure, CDN places the duplicates of data at the data center closer to the user side, and users can easily log into the application they want. The data center present closer to the users is called edge nodes/edge servers containing a cache of files that provide the edge of the internet close to the users. It is not responsible for directing traffic load to the backend.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 177). Kindle Edition.

Answer 211

A

B. False

Explanation:
Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. MFA is based on “Something you know (id and password), something you have (phone or other hardware), and something you are (face recognization or biometric)”.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 177). Kindle Edition.

Answer 212

A

B. No

Explanation:
Azure Firewall defines rules for the incoming and outgoing traffic in the network to ensure the security of resources in the network. It does not create a blockage between Azure and the internet. It provides a secure protection layer between Azure and the internet to provide throughput without any unwanted incident or blockage.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 177-178). Kindle Edition.

Answer 213

A

B. Operating Expenditure

Explanation:
In cloud computing, the software, cloud applications, storage, IT operations, and rented hardware are Operation Expenditures. The usage of the azure resources, services, deployment of the networks, and building of applications all come in operational expenditure.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 178). Kindle Edition.

Answer 214

A

C. In the Azure Marketplace

Explanation:
Azure Marketplace is an online store with thousands of VMs, developer services, and applications. Cloud-based solutions can easily sell to others using Azure Marketplace. It also enables to development of the applications by seeking help and using tools available in Azure Marketplace. It is clear from the explanation that all the remaining options are invalid.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 178). Kindle Edition.

Answer 215

A

A. Yes

Explanation:
Azure Blueprint enables us to design and package the entire Azure environment, including preferred policy, ARM template, and role-based access assignment. These blueprints assign to multiple subscriptions, which can help us to scale up the use of Azure.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 178). Kindle Edition.

Answer 216

A

A. Yes

Explanation:
Azure provides the following authentication methods for both Multi-Factor authentication and self-service password reset. In this, SMS is an authentication method available.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 179). Kindle Edition.

Answer 217

A

D. Enable Conditional Access

Explanation:
To secure user sign-in events in Azure AD, you can require Multi-Factor Authentication (MFA). Enabling Azure AD Multi-Factor Authentication using Conditional Access policies is the recommended approach to protect users. Conditional Access is an Azure AD Premium P1 or P2 feature that lets you apply rules to require MFA as needed in certain scenarios.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 180). Kindle Edition.

Answer 218

A

A. Yes

Explanation:
Yes, this is the correct service to fulfill this condition. With the aid of the Azure Key Vault service, the company can store secrets, encryption keys, and certificates.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 180). Kindle Edition.

Answer 219

A

B. Azure Policies

Explanation:
This requirement can be fulfilled by the use of Azure Policies. With Azure policies, we can apply an in-built policy to define the SKU size that can be used to launch an Azure virtual machine. As shown in the figure below, an in-built policy can already be utilized for this purpose. Option A is invalid because this is used for shielding resources from accidental deletion. Option C is invalid because this is applied to orchestrate the deployment of resources. Option D is invalid because this is adopted to organize resources logically. Hence Option B is the correct answer.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 180-181). Kindle Edition.

Answer 220

A

C. Azure Blueprints

Explanation:
Azure Blueprints can be adopted to orchestrate the deployment of multiple resource templates and artifacts that include. Role Assignments Policy Assignments Azure Resource Manager templates (ARM templates) Resource Groups Option B is invalid because this is used as a governance service for our resources. Option D is invalid because this is adopted to organize resources logically. Option A is invalid because this is used to shield resources from accidental deletion. Hence Option C is the correct answer.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 181-182). Kindle Edition.

Answer 221

A

D. Azure Active Directory

Explanation:
Explanation: Azure Multi-Factor Authentication can be enabled in a couple of ways. This can be done from Azure Active Directory. As shown in the figure below, if we go to the Users section, we can enable Multi-Factor Authentication. The other options are invalid because we cannot enable Multi-Factor Authentication in the other services.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 182). Kindle Edition.

Answer 222

A

C. A user-defined route

Explanation:
Although the use of system routes facilitates traffic automatically for your deployment, there are cases in which you want to control the routing of packets through a virtual appliance. You can do so by creating user-defined routes that specify the next hop for packets flowing to a specific subnet to go to your virtual appliance instead enabling IP forwarding for the VM running as the virtual appliance.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 183). Kindle Edition.

Answer 223

A

A. Yes

Explanation:
For VM, you have to create an Inbound port in the Networking Security group to check whether the RDP port is set or not.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 183). Kindle Edition.

Answer 224

A

D. az keyvault create

Explanation:
Azure Key Vault is a useful service that hides the actual passwords and keys from other parties. It secures the network by defining the access policy that allows secure access to secrets and passwords. You can use the following command to create a Key Vault using Azure CLI. az keyvault create –name “<your-unique-keyvault-name>" --resource-group "ips-rg" --location "EastUS" This command will output the newly created key vault properties in JSON format.</your-unique-keyvault-name>

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 183-184). Kindle Edition.

Answer 225

A

A. Outbound

Explanation:
With the outbound policy, you can easily remove the formatting text from the responses. To remove the formatting text, you will require to add “find and replace” command with certain detail as shown below. <policies> <outbound> <base></base> <find-and-replace from="<result>" to="@{ string str = "<result>\n <operation>"; str += context.Request.Method; str += " \""; str += context.Variables.GetValueOrDefault<string>("requestPath"); str += "\"</operation>"; return str; }" /> </outbound> </policies> From the above explanation, all the remaining options are invalid for the given situation.</string></operation></result></outbound></policies>

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 184-185). Kindle Edition.

Answer 226

A

B. Inbound

Explanation:

You can apply inbound policy at the API level to provide additional context information to the backend service. The following set of commands with certain detail can be used in this case. <set-header> <value>@(context.User.Id)</value> <value>@(context.Deployment.Region)</value> </set-header> From the above explanation, all the remaining options are invalid for the given situation.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 185). Kindle Edition.

Answer 227

A

D. deployIfNOtExist

Explanation:
Since the effect of “DeployIfNotExist”, looks at deployment, it would need managed service identity. This is also mentioned in the Microsoft documentation. Since this is clear from the Microsoft documentation, all other options are incorrect. For more information on remediating resources,

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 187). Kindle Edition.

Answer 228

A

A. Azure DDoS Protection

Explanation:
Azure DDoS Protection services protect the applications against targeted DDoS attacks. With DDoS Protection, the traffic always remains within the Azure data center. It also helps in the performance because Azure DDoS protection does the attack mitigation; that’s how traffic does not leave the data center. Option B is invalid because the Azure Key Vault protects application secrets in encrypted form. Option C is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. Option D is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 187). Kindle Edition.

Answer 229

A

A. This is the act of providing legitimate credentials

Explanation:
The eligibility and identity of the users are called authentication. It is the way of checking whether the user is valid to access the resource or not. The validation is done by checking the user’s credentials in the company database. All the remaining options are invalid as they belong to the authorization process.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 187-188). Kindle Edition.

Answer 230

A

C. Locks

Explanation:
Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Readonly lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, to ensure that the user is not allowed to delete the resource. Option A is invalid because it defines the security features for the protection of resources. Option B is invalid because it provides access rights to an authorized user. Option D is invalid because it shows the configuration of the selected resource.

Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 188). Kindle Edition.

Brainscape's Knowledge GenomeTM

SC900 Kindle IP Specialist Flashcards

Brainscape's Knowledge Genome^TM