Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC900 > SC900 Learn Microsoft > Flashcards

SC900 Learn Microsoft Flashcards

1
Q

Which functionality is provided by Azure AD?
Select only one answer.

A. single sign on (SSO) for users
B. defense in depth
C. encryption of data at rest
D. encryption of data in transit

A

A. single sign on (SSO) for users

Explanation:
Azure AD provides SSO.
Azure AD provides federation
Azure AD is one perimeter of defense in depth
Azure AD does not provide file services
Azure AD does not provide the encryption of data in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of identity should you use to allow Azure virtual machines to access Azure Storage without having to handle password changes manually?
Select only one answer.

A. user
B. device
C. service principal
D. managed identity

A

D. managed identity

Explanation:
Managed identities are fully managed by Azure AD and can be used by Azure resources when accessing other Azure resources.
Users need to manage passwords manually
Device is used for devices but cannot be used to access Azure resources
Service principal is used for apps, but not for Azure resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You need to allow external users to use either Microsoft accounts or Google accounts to access an application hosted in Azure.

What is the minimum edition of Azure AD that you can use?
Select only one answer.

A. Free
B. Office 365 Apps
C. Azure AD Premium P1
D. Azure AD Premium P2

A

C. Azure AD Premium P1

Explanation:
Both Azure AD Premium P1 and P2 allow external users, but Azure AD Premium P1 is the minimum edition that allows this. Free and Office365 apps do not provide external access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which two authentication methods are available in Azure AD during sign in? Each correct answer presents a complete solution.
Select all answers that apply.

A. password
B. SMS-based authentication
C. security questions
D. driver’s license
E. calling the Microsoft Helpdesk

A

A. password
B. SMS-based authentication

Explanation:
Passwords are the most common form of authentication and are supported in Azure AD
Text messaging can be used as a primary form of authentication
The Google authenticator app can be used as a primary form of authentication to sign into any Azure AD account
Calling the Microsoft Helpdesk is not a valid authentication method in Azure AD.
Security questions are not used during sign in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of Microsoft identity is used for identifying an application?
Select only one answer.

A. service principal
B. Managed Identity
C. device
D. user

A

A. service principal

Explanation:
A service principal is, essentially, an identity for an application
For an application to delegate its identity and access functions to Azure AD, the application must first be registered with Azure AD to enable its integration
Once registered, a service principal is created in each Azure AD tenant where the application is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization is migration to the Microsoft cloud. The plan is to use a hybrid identity model.

What can be used to sync identities between Active Directory Domain Services (AD DS) and Azure AD?
Select only one answer.

A. Active Directory Federation Services (AD FS)
B. Microsoft Sentinel
C. Azure AD Connect
D. Azure AD Privileged Identity Management (PIM)

A

C. Azure AD Connect

Explanation:
Azure AD Connect is designed to meet and accomplish hybrid identity goals.
ADFS cannot be used for hybrid identity models.
Microsoft Sentinel is not an identity product
PIM is used for managing and monitoring access to important resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Based on a Microsoft Azure Security Score recommendation, an administrator decides to improve identity security within an organization.

What provides the greatest protection to user identities?
Select only one answer.

A. using the Microsoft Authenticator app
B. enforcing password change
C. enforcing complex password
D. using soft tokens

A

A. using the Microsoft Authenticator app

Explanation:
The Microsoft Authenticator app (phone sign in) is the strongest authentication method.
Enforcing a password change or enforcing a complex password will not provide the greatest protection alone
Using soft tokens does not offer as strong protection as Microsoft Authenticator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are three things that a user can use for Azure AD Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
Select all answers that apply.

A. something the claimant knows
B. something the claimant has
C. something the claimant is
D. something the claimant can not reuse
E. something the claimant solves

A

A. something the claimant knows
B. something the claimant has
C. something the claimant is

Explanation:
Azure AD MFA works by requiring something you know (such as password), and something you have (such as phone), or something you are (biometrics)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A malicious user is attempting to access many user accounts by using commonly used passwords. The user repeats the action every 20 minutes to avoid triggering an account lockout.

Which Azure AD feature can protect organizations from such attacks?
Select only one answer.

A. Windows Hello for Business
B. Self-service password reset (SSPR)
C. Conditional Access
D. Azure AD Password Protection

A

D. Azure AD Password Protection

Explanation:
Azure AD Password Protection helps you defend against password spray attacks
Conditional Access brings signals together to make decisions and enforce organizational policies, but it cannot stop password attacks by itself
SSPR allows users to change or reset their password without administrator or help desk involvements, but it cannot prevent password attacks
Windows Hello for Business replaces passwords with strong 2FA on devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which condition can you use in a Conditional Access policy to evaluate the likelihood that a user account was compromised?
Select only one answer.

A. location
B. device State
C. user risk
D. sign-in risk

A

C. user risk

Explanation:
User risk can evaluate the likelihood that a user account was compromised
Sign in risk can identify whether the sign in attempt is considered risky, such as attempts to sign in from compromised IP networks.
Device state verifies the device platform
Locations are associated to specific IP networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which Azure feature provides network-level filtering, application-level filtering, and outbound SNAT?
Select only one answer.

A. distributed denial-of-service (DDoS) protection
B. Azure Firewall
C. Azure Web Application Firewall (WAF)
D. Azure Bastion hosts

A

B. Azure Firewall

Explanation:
Azure Firewall provides all these capabilities. DDoS protection does not provide filtering
Azure WAF does not provide network filtering, just application level filtering
Bastion does not provide filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What Azure feature provides application-level filtering and SSL termination?
Select only one answer.

A. distributed denial-of-service (DDoS) protection
B. Azure Firewall
C. Azure Web Application Firewall (WAF)
D. Azure Bastion hosts

A

C. Azure Web Application Firewall (WAF)

Explanation:
Azure WAF provides all these capabilities
DDoS protection does not provide filtering
Azure Firewall does not provide SSL termination
Bastion does not provide filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

To implement network segmentation in Azure, you must create [answer choice].
Select only one answer.

A. bastion hosts
B. firewalls
C. security groups
D. virtual networks

A

D. virtual networks

Explanation:
Virtual networks are the core component for network segmentation
Firewalls can be used to control access between networks
Bastion hosts provide RDP and SSH access to virtual machines through a web portal
Security groups group users together to simply assigning access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which statement describes network security groups (NSG)?
Select only one answer.

A. Provide network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.
B. Provide protection of web app from common exploits and vulnerabilities.
C. Provide a centralized network firewall as-a-service, which provides network and application-level protection across different subscriptions and virtual networks.
D. Allow a lock down of inbound traffic only, reducing exposure to attacks.

A

A. Provide network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.

Explanation:
NSGs provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which service enables you to continually assess the security posture, identify threats, and harden resources in Azure and on-premises workloads?
Select only one answer.

A. Azure Firewall
B. Microsoft Defender for Cloud
C. Azure Web Application Firewall (WAF)
D. Microsoft Purview

A

B. Microsoft Defender for Cloud

Explanation:
These capabilities of Defender for Cloud
Azure Firewall does not harden or assess threats
Azure WAF protects web apps, not Azure resources
Microsoft Purview provides data governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

[Answer choice] can be used to apply guidance from the Azure Security Benchmark to services such as Azure AD.
Select only one answer.

A. Security baselines
B. Microsoft Sentinel
C. Microsoft Purview
D. Compliance policies

A

A. Security baselines

Explanation:
Security baselines for Azure apply guidance from the Azure Security Benchmark to the specific service for which it is defined and provide organizations with a consistent experience when securing their environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which two features are part of Microsoft Defender for Clouds enhanced security? Each correct answer presents a complete solution.
Select all answers that apply.

A. endpoint detection and response (EDR)
B. vulnerability scanning for SQL resources
C. security information and event management (SIEM) coloration
D. Security Benchmark Recommendation

A

A. endpoint detection and response (EDR)
B. vulnerability scanning for SQL resources

Explanation:
EDR and vulnerability scanning for SQL is part of Defender for Cloud enhanced security
SIEM coloration is part of Microsoft Sentinel and Security Benchmark Recommendation is part of Azure Security Benchmarks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which two types of security systems make up Microsoft Sentinel? Each correct answer presents part of the solution.
Select all answers that apply.

A. data loss prevention (DLP)
B. security information and event management (SIEM)
C. security orchestration automated response (SOAR)
D. endpoint protection platform (EPP)

A

B. security information and event management (SIEM)
C. security orchestration automated response (SOAR)

Explanation:
Microsoft Sentinel is a mix of SIEM and SOAR systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What can you use to aggregate security alerts into incidents and to create automated responses to security alerts?
Select only one answer.

A. Microsoft Sentinel
B. Microsoft Defender for Cloud
C. Microsoft Intune
D. Microsoft 365 Defender

A

A. Microsoft Sentinel

Explanation:
Aggregating security alerts into incidents and creating automated responses to security alerts can be completed by using MIcrosoft Sentinel
Microsoft for Cloud and Microsoft 365 Defender cannot help you manage cyber incidents unless it is connected to MIcrosoft Sentinel
Intune cannot help you manage cyber incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What can you use in Microsoft Sentinel to create visual reports?
Select only one answer.

A. workbooks
B. analytics
C. playbooks
D. hunting

A

A. workbooks

Explanation:
You can monitor data by using Microsoft Sentinel integration with Azure Monitor workbooks
Microsoft Sentinel uses analytics to correlate alerts into incidents
Playbooks are collections of pro

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which feature is only available in Microsoft Defender for Office 365 Plan 2?
Select only one answer.

A. Attack Simulator
B. Safe Links
C. Anti-phishing protection
D. Real-time detections

A

A. Attack Simulator

Explanation:
Attack Simulator is only available in Microsoft defender for Office 365 Plan 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which Microsoft Defender for Endpoint feature regulates access to malicious IP addresses, domains, and URLs?
Select only one answer.

A. threat and vulnerability management
B. attack surface reduction (ASR)
C. automated investigation and remediation (AIR)
D. Microsoft threat experts

A

B. attack surface reduction (ASR)

Explanation:
ASR handles access to malicious endpoints.
AIR uses playbooks to analyze alerts and take action
Microsoft threat experts handle the SOCs of Microsoft
Threat and vulnerability management scans for vulnerabilities and configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

For which two services does Microsoft Secure Score provide recommendations? Each correct answer presents a complete solution.
Select all answers that apply.

A. Azure AD
B. Microsoft Teams
C. Azure SQL Database
D. Azure Cosmos DB

A

A. Azure AD
B. Microsoft Teams

Explanation:
Microsoft Secure Score supports recommendations for Microsoft 365 (including Exchange Online), Azure AD, Microsoft Defender for Endpoint, Defender for Identity, Defender Cloud Apps and Teams

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which three components are protected by using Microsoft Defender? Each correct answer provides a complete solution.
Select all answers that apply.

A. identity
B. endpoints
C. applications
D. analytics
E. mobile devices

A

A. identity
B. endpoints
C. applications

Explanation:
Microsoft 365 Defender suite protects identities with Microsoft Defender for Identity and Azure AD Identity Protection, endpoints with Microsoft Defender for Endpoint, applications with Microsoft Defender for Cloud Apps and email and collaboration with Microsoft Defender for Office365

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which Microsoft privacy principle defines the use and management of encryption keys?
Select only one answer.

A. transparency
B. security
C. control
D. strong legal protection

A

B. security

Explanation:
The security principle defines the use of encryption and key management
The control principle states that customers are in control of their data
The strong legal protection principle states that any request from legal authorities for access to customer data must go to the customer, not Microsoft
The transparency principle describes how MIcrosoft informs all parties of how data is used and accessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The Microsoft approach to privacy is built on [answer choice].
Select only one answer.

A. control, transparency, security, strong legal protections, no content-based targeting, and benefits to you
B. control, transparency, security, legal protections, limited content-based targeting, and mutual benefits to Microsoft and you
C. governance, transparency, security, no content-based targeting, freedom of information, and benefits to you
D. governance, transparency, security, content-based targeting, freedom of information, and benefits to you

A

A. control, transparency, security, strong legal protections, no content-based targeting, and benefits to you

Explanation:
Control, transparency, security, strong legal protections, no content based targeting and benefits to you are the MIcrosoft approach to privacy

27
Q

Where can you find independent audit reports and assessments of Microsoft cloud services?
Select only one answer.

A. Microsoft Service Trust Portal
B. Microsoft Cloud Account Manager
C. https://privacy.microsoft.com/
D. https://portal.azure.com/

A

A. Microsoft Service Trust Portal

Explanation:
The Service Trust Portal provides information, tools and other resources about Microsoft security, privacy and compliance practices
The best way to obtain the documents is on the Service Trust Portal

28
Q

What are the three types of controls used in Microsoft Purview Compliance Manager? Each correct answer presents part of the solution.
Select only one answer.

A. Microsoft-managed controls, third-party managed controls, and customer-managed controls
B. Microsoft-managed controls, shared controls, and customer-managed controls
C. third-party controls, shared controls, and government controls
D. government controls, customer-managed controls, and shared controls

A

B. Microsoft-managed controls, shared controls, and customer-managed controls

Explanation:
Compliance Manager uses Microsoft managed controls, shared controls, as well as customer controls
It does not use third party controls or government controls

29
Q

In Microsoft Purview, which type of policy allows you to prevent documents that contain personal identification from being shared outside your organization?
Select only one answer.

A. sensitivity label policy
B. retention policy
C. data loss prevention (DLP) policy
D. Azure policy

A

C. data loss prevention (DLP) policy

Explanation:
A DLP policy is used to handle data loss
Sensitivity label policies are used to apply a label to a document
A retention policy is used to define how long a document is maintained
Azure Policy is used to determine how Azure services are configured

30
Q

In Microsoft Purview, what can you use to label items as regulatory records, maintain proof of item deletion, and export information about disposed items?
Select only one answer.

A. a retention label and a retention label policy
B. a retention policy
C. a sensitivity label and a sensitivity label policy
D. data loss prevention (DLP) policy

A

A. a retention label and a retention label policy

Explanation:
These are features of records management
Sensitivity labels allow us to label items
Azure Policy cannot be sued to handle documents
DLP does not handle the disposition of items

31
Q

What can you use to prevent the inadvertent disclosure of sensitive information shared in Microsoft Teams?
Select only one answer.

A. Microsoft Defender for Cloud
B. Microsoft Sentinel workbooks
C. Microsoft Purview data loss prevention (DLP) policies
D. Microsoft Defender for Office 365 Safe Links

A

C. Microsoft Purview data loss prevention (DLP) policies

Explanation:
DLP is a way to protect sensitive information and prevent its inadvertent disclosure

32
Q

Where can you access and review sensitive files from a snapshot of the scanned items?
Select only one answer.

A. the Microsoft Purview compliance portal
B. Microsoft Defender for Cloud
C. the Azure Active Directory admin center
D. Microsoft Intune

A

A. the Microsoft Purview compliance portal

Explanation:
Scanned source content that is stored in different locations such as Exchange, SharePoint and OneDrive can be accessed and reviewed using the compliance manager

33
Q

What can be used to set up a unified data governance service that enables end-to-end data lineage?
Select only one answer.

A. Active Directory
B. Microsoft Defender for SQL
C. Microsoft Purview
D. Microsoft Intune

A

C. Microsoft Purview

Explanation:
Microsoft Purview is a unified data governance service that helps you manage and govern on premises, multi cloud, and SaaS data
it can be used to set up a unified data governance service, enabling end to end data lineage

34
Q

In Microsoft Purview, what can you use to detect potential leaks of sensitive data and theft of intellectual property?
Select only one answer.

A, Data lifecycle management
B. eDiscovery
C. Information protection
D. Insider risk management

A

D. Insider risk management

Explanation:
Insider risk management is a solution that helps minimize the risks associated with sensitive data leaks, spillage, confidentiality violations, intellectual property theft, fraud, insider trading, and regulatory compliance violations

35
Q

In Microsoft Purview, what can you use to scan for offensive language across an organization?

A. Information Protection
B. Communication Compliance
C. Information Barriers
D. Activity Explorer

A

B. Communication Compliance

Explanation:
Communication compliance allows you to detect and remediate inappropriate language. Information barriers can be used to disable certain interactions, but not based on language. Activity explorer can be used to view activities in Compliance Manager. Policy compliance lets you see which policies are in or out of compliance.

36
Q

In Microsoft Purview insider risk management, what should you create for alerts that require further investigation?
Select only one answer.

A. a case
B. a policy
C. a label

A

A. a case

Explanation:
Insider risk management is a solution that helps minimize internal risks by enabling an organization to detect, investigate, and act on risky and malicious activities. It enables you to protect against sensitive data leaks, confidentiality violations, and intellectual property theft. Alerts must be triaged, and alerts that require further investigation must be added to a case. Each case is associated to one user and may contain several alerts.

37
Q

Which two signals can be used as part of Conditional Access? Each correct answer presents part of the solution.
Select all answers that apply.

A. group membership
B. device platform
C. password length
D. phone number

A

A. group membership
B. device platform

Explanation:
Conditional Access signals include User or group membership, Named location information, Application, Real Time Sign in Risk detection, cloud apps or actions and user risk

38
Q

What is the least privileged Azure AD role that can be used to create and manage users and groups?
Select only one answer.

A. Global Administrator
B. Security Administrator
C. User Administrator
D. Teams Administrator

A

C. User Administrator

Explanation:
User Administrator can manage both users and groups.
Global Administrator can also manager users and groups, but the role has far too many privileges

39
Q

What is a user risk in Azure AD Identity Protection?
Select only one answer.

A. leaked credentials
B. atypical travel
C. password spray
D. anonymous IP address

A

A. leaked credentials

Explanation:
Leaked credentials is a user risk. Atypical travel, anonymous IP address and password spray are sign in risks

40
Q

Which three features reduce the chance of a malicious user accessing a sensitive resource or an authorized user inadvertently affecting a sensitive resource? Each correct answers presents a complete solution.
Select all answers that apply.

A. Microsoft Defender for Cloud
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. Microsoft Sentinel
E. role-based access control (RBAC)

A

B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
E. role-based access control (RBAC)

Explanation:
Azure AD Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats
PIM provides time based and approval based role activation to mitigate the risks of excessive, unecessary or misused access permissions on resources
RBAC is Azure AD roles control access to Azure AD resources

41
Q

What are two characteristics of an identity as the primary security perimeter model? Each correct answer presents a complete solution.
Select all answers that apply.

A. Software as a service (SaaS) applications for business-critical workloads can be hosted outside of a corporate network.
B. Only corporate devices can be used to complete corporate tasks.
C. Bring your own device (BYOD) can be used to complete corporate tasks.
D. Software as a service (SaaS) applications for business-critical workloads that might be hosted cannot be hosted outside of a corporate network.

A

A. Software as a service (SaaS) applications for business-critical workloads can be hosted outside of a corporate network.
C. Bring your own device (BYOD) can be used to complete corporate tasks.

Explanation:
SaaS applications for business-critical workloads can be hosted outside of the corporate network and BYOD can be used to complete corporate tasks in the identity as the primary security perimeter model
The other options represent the traditional perimeter based security model

42
Q

What is a characteristic of federation?
Select only one answer.

A. Federation must be cloud-based.
B. Federation enables access to services across organizations.
C. The trust is always bidirectional.
D. Users must maintain different usernames in other domains.

A

B. Federation enables access to services across organizations.

Explanation:
Federation enables access to services across organizations. Identity providers can be on premises, trust is not always bidirectional and users do not need to maintain different usernames in other domains

43
Q

Where can you find information, tools, and other resources about Microsoft security, privacy, and compliance practices?
Select only one answer.

A. the Azure portal
B. the Microsoft 365 Defender portal
C. the Microsoft Service Trust Portal
D. the Microsoft 365 admin center

A

C. the Microsoft Service Trust Portal

Explanation:
The Service Trust Portal is where you can find information, tools and resources on security and privacy.
The Azure Portal is used to manage Azure resources
The Microsoft 365 Defender portal is where you manage Microsoft Defender

44
Q

Which type of Compliance Manager controls are used for Microsoft cloud services?
Select only one answer.

A. customer-managed controls
B. shared controls
C. Microsoft-managed controls
D. assessment controls

A

C. Microsoft-managed controls

Explanation:
Microsoft managed controls are used to control Microsoft cloud services

45
Q

What can be used to set up a unified data governance service that enables end-to-end data lineage?
Select only one answer.

A. Active Directory
B. Microsoft Defender for SQL
C. Microsoft Purview
D. Microsoft Intune

A

C. Microsoft Purview

Explanation
Microsoft Purview is a unified data governance service that helps you manage and govern on premises, multi cloud, and SaaS data
It can be used to set up a unified data governance service, enabling end to end data lineage

46
Q

In Microsoft Purview, what can be used to investigate possible security or compliance breaches and identify their scope based on records?
Select only one answer.

A. Audit (Premium)
B. Content search
C. eDiscovery (Standard)
D. eDiscovery (Premium)

A

A. Audit (Premium)

Explanation:
Audit (Premium) can be used to investigate possible security or compliance breaches and identify their scope based on records
Content search is used to search documents
eDiscovery (Standard) allows you to create cases and assign managers, not auditing. eDiscovery (Premium) allows you to assign custodians

47
Q

What can help you to identify documents needed for a compliance audit?
Select only one answer.

A. the Microsoft Service Trust Portal
B. Azure Information Protection (AIP)
C. Microsoft Purview Communication Compliance
D. Microsoft Purview eDiscovery

A

D. Microsoft Purview eDiscovery

Explanation:
eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. It can help you to identify documents that are needed for a compliance audit

48
Q

What are types of distributed denial-of-service (DDoS) attacks?
Select only one answer.

A. password spray, protocol attacks, and man-in-the-middle (MITM) attacks
B. password spray, dictionary attack, and resource layer attacks
C. resource layer attacks, protocol attacks, and volumetric attacks
D. dictionary attacks, man-in-the-middle (MITM) attacks, and volumetric attacks

A

C. resource layer attacks, protocol attacks, and volumetric attacks

Explanation:
Resource layer attacks, protocol attacks and volumetric attacks are the most common DDoS attacks. Password spray and MITM attacks are not DDoS attacks

49
Q

Which statement describes network security groups (NSG)?
Select only one answer.

A. Provide network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.
B. Provide protection of web app from common exploits and vulnerabilities.
C. Provide a centralized network firewall as-a-service, which provides network and application-level protection across different subscriptions and virtual networks.
D. Allow a lock down of inbound traffic only, reducing exposure to attacks.

A

A. Provide network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.

Explanation:
NSGs provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription

50
Q

What can you use to connect to Azure virtual machines remotely over RDP and SSH from the Azure portal?
Select only one answer.

A. Azure Web Application Firewall (WAF)
B. Azure AD Identity Protection
C. Microsoft Defender for Cloud
D. Azure Bastion

A

D. Azure Bastion

Explanation:
Bastion is a service that lets you connect to virtual machines by using a browser and the Azure portal
The Bastion service is a fully platform managed PaaS service that you provision on a virtual network

51
Q

What can you use to manage security for a multi-cloud environment that includes Amazon Web Services (AWS) and Google Cloud Platform (GCP)?
Select only one answer.

Microsoft Defender for Cloud
This answer is correct.
Microsoft Purview Insider Risk Management
Microsoft Secure Score
Azure AD Privileged Identity Management (PIM)

A

Microsoft Defender for Cloud

Explanation:
Defender for Cloud gives you the ability to connect and secure resources hosted in AWS and GCP

52
Q

Which two characteristics are part of a security orchestration automated response (SOAR) solution? Each correct answer presents a complete solution.
Select all answers that apply.

A. collection of data from IT estate
B. correlation of data
C. action-driven workflows
D. issue mitigation

A

C. action-driven workflows
D. issue mitigation

Explanation:
Action driven workflows and issue mitigation are done by SOAR systems

53
Q

Which Microsoft solution allows you to meet compliance standards for General Data Protection Regulation (GDPR) and Payment Card Industry (PCI)?
Select only one answer.

A. Microsoft Defender for Cloud Apps
B. Microsoft Defender Identity
C. Microsoft Defender for Cloud
D. Microsoft Defender for Office 365

A

A. Microsoft Defender for Cloud Apps

Explanation:
Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy
It allows you to meet the compliance standards for GDPR and PCI

54
Q

What are the four pillars of a Cloud Access Security Broker (CASB)?
Select only one answer.

A. control, compliance, platform security, and governance
B. discovery, protection, accessible cloud apps, and platform security
C. visibility, compliance, data security, and platform security
D. visibility, compliance, data security, and threat protection

A

D. visibility, compliance, data security, and threat protection

Explanation:
Visibility, compliance, data security and threat protection are the four pillars of a CASB

55
Q

Which three actions should be performed to enable self-service password reset (SSPR) for a user? Each correct answer presents part of the solution.
Select all answers that apply.

A. Assign an Azure AD license.
B. Enable SSPR for the user.
C. Register an authentication method.
D. Sign up for a Microsoft account.
E. Create a custom banned password list.

A

A. Assign an Azure AD license.
B. Enable SSPR for the user.
C. Register an authentication method.

Explanation:
To use SSPR, users must be assigned an Azure AD license that is enabled for SSPR by an administrator and registered with the authentication methods they want to use. Two or more authentication methods are recommend in case one is unavailable

56
Q

What should you use in Azure AD to provide users with the ability to perform administrative tasks?
Select only one answer.

A. app registrations
B. external identities
C. groups
D. roles

A

D. roles

Explanation:
Roles in Azure AD have permission to perform certain administrative tasks
You assign these roles to users

57
Q

What can you use to receive alerts for potentially compromised user accounts without blocking the users from signing in?
Select only one answer.

A. real-time sign-in risk detection
B. user risk
C. Application Signal
D. cloud apps or actions

A

B. user risk

Explanation:
User risk represents the probability that a given identity or account is compromised
User risk can be configured for high, medium, or low probability
Admins can set up this signal without interrupting user sign ins

58
Q

What feature can you use to assign users with access to resources based on the city attribute of the user?
Select only one answer.

A. Azure AD Privilege Identity Management (PIM)
B. dynamic groups
C. Azure AD built-in roles
D. Azure built-in roles

A

B. dynamic groups

Explanation:
Dynamic groups have their membership determined automatically based on user attributes, such as city
No roles in Azure AD have dynamic membership
PIM allows you to force authentication based on rights

59
Q

Which security model assumes that everything is an open and untrusted network?
Select only one answer.

A. shared responsibility
B. defense in depth
C. Zero Trust
D. Payment Card Industry Data Security Standards (PCI DSS) compliance

A

C. Zero Trust

Explanation:
Zero Trust assumes breach, and that all networks are open and untrusted
Shared responsibility is about defining the responsibilities of each party (company and vendor)
Defense in depth uses a layered approach to security
PCI is a compliance regulation, not a security model

60
Q

What is a feature of single sign-on (SSO)?
Select only one answer.

A. enables a user to sign in once, and then not have to sign in again
B. leverages individual identity providers
C. uses one credential to access multiple applications or resources
D. eliminates the need for password resets due centralized directory

A

C. uses one credential to access multiple applications or resources

Explanation:
SSO allows a user to sign in with a single credential and have access to multiple applications and resources
It does not ensure that a user will not have to sign in again
It leverages a centralized identity provider
It has nothing to do with password resets

61
Q

Microsoft Purview information protection and data lifecycle management work together to [answer choice] data.
Select only one answer.

A. classify, protect, and govern
B. classify, protect, and back up
C. explore, protect and share
D. explore, protect, and back up

A

A. classify, protect, and govern

Explanation:
Information protection and data lifecycle management work together to classify, protect and govern data
You cannot share data via Microsoft Purview

62
Q

What can you use to prevent the inadvertent disclosure of sensitive information shared in Microsoft Teams?
Select only one answer.

A. Microsoft Defender for Cloud
B. Microsoft Sentinel workbooks
C. Microsoft Purview data loss prevention (DLP) policies
D. Microsoft Defender for Office 365 Safe Links

A

C. Microsoft Purview data loss prevention (DLP) policies

Explanation:
DLP is a way to protect sensitive information and prevent its inadvertent disclosure

63
Q

Which type of policy can you use to prevent user from sharing files with users in other departments?
Select only one answer.

A. data loss prevention (DLP) policy
B. retention policy
C. Azure policy
D. information barrier policy

A

D. information barrier policy

Explanation:
DLP policies can prevent data loss, but only based on sensitivity labels, not based on which application (Teams) is used
Retention policies are used to specify how long files are kept
Azure policies are used to govern Azure resources, not files
Information barrier policies can be used to prevent users from sharing files and communicating in teams

SC900 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions