Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

SC900 > SC900 (Udemy) > Flashcards

SC900 (Udemy) Flashcards

1
Q

Which of the following allows you to invite guest users and provide them access to Azure resources within your organization?

A. Azure Identity Protection
B. Azure Privileged Identity Management
C. Azure Active Directory B2B
D. Azure AD Connect

A

C. Azure Active Directory B2B

Explanation:
With Azure Active Directory B2B, you can actually invite users from external partners. You can then securely give them access to Azure resources within your organization.

Option A is incorrect since this is used for the protection of identities.

Option B is incorrect since this is used to give just-in-time access to resources in Azure.

Option D is incorrect since this is used to sync your on-premises identities to Azure Active Directory.

For more information on Azure Active Directory B2B, please refer to:

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company is planning on making use of Azure Active Directory. Do all versions of Azure Active Directory provide the same set of features?

A. Yes
B. No

A

B. No

Explanation:
There are different pricing models available for Azure Active Directory. The most basic version is the Free model. With this plan, there is a limitation in terms of features. For example, you will not get features such as:

  • A service level agreement
  • Self-service password reset for cloud users
  • Group access management

For more information on Azure AD Pricing, please refer to: https://azure.microsoft.com/en-us/pricing/details/active-directory/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company is planning on making use of conditional access. Can you use conditional access to enable multi-factor authentication for users that sign in from certain locations?

A. Yes
B. No

A

A. Yes

Explanation:
Yes, you can use conditional access to enable multi-factor authentication for users that sign in from certain locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

As the Cloud Admin for your organization, you have been tasked to block all access requests that originate from outside of your home country. In addition, you need to require Multi-factor authentication for any requests that originate outside of your corporate network. What Azure AD feature can be used to accomplish this?

A. Conditional Access Policies
B. Privileged Identity Management
C. Active Directory Connect
D. Identity Protection

A

A. Conditional Access Policies

Explanation:
Answer A is correct as Conditional Access Policies are simple IF-THEN statements that evaluate signals such as a user device, user location, and real-time risk to determine if access should be blocked, granted with additional requirements, or just granted.

Answer B is incorrect as Privileged Identity Management is a feature of Azure Active Directory that provides time-based and approval-based role activation. It would not be used to prevent users from accessing resources from a specific country. This would not meet your requirements.

Answer C is incorrect as Active Directory Connect is a tool that is used to sync identity information from an on-premise Identity store such as Active Directory Domain Services to Azure Active Directory. This would not meet your requirements.

Answer D is incorrect as Identity Protection is an Azure Active Directory feature that enables the ability to detect, investigate, and remediate risks to your user’s identities, such as exposed passwords or compromised accounts. This would not meet your requirements.

Extra info:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following are the authentication techniques available for Windows Hello for business? Choose 3 answers from the options given below

A. PIN
B. Facial Recognition
C. Email message
D. Password
E. Fingerprint Recognition

A

A. PIN
B. Facial Recognition
E. Fingerprint Recognition

Explanation:
The entire purpose of Windows Hello for business is to ensure passwords are not used in the authentication process. Here uses can use other techniques for authentication via the usage of PIN and biometric recognition.

Options C and D are incorrect since Windows Hello for Business tries to ensure that security measures are used for the authentication process.

For more information on Windows Hello for business, please refer to:

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company is planning on making use of conditional access. Can you use conditional access to enable multi-factor authentication for users that sign in via certain cloud-based applications?

A. Yes
B. NO

A

A. Yes

Explanation:
Yes, you can use conditional access to enable multi-factor authentication for users that sign in via certain cloud-based applications.

For more information on Azure AD Conditional Access, please refer to:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure. Which of the following could be used for the following requirement?

“Enforce Multi-Factor authentication based on the location of the user and what application the user is trying to access ”

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

A

B. Azure Conditional Access

Explanation:
Yes, you can use conditional access to enable multi-factor authentication for users that sign in via certain cloud-based applications and also based on the location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to provide user access to manage an Azure virtual machine?

A. Yes
B. No

A

B. No

Explanation:
To manage access to resources in Azure, you need to use Role-based access control. You will define the user identities in Azure AD, but then provide access using Role-based access control.

For more information on Role-based access control, please refer to:

https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are looking at using Azure Active Directory Access Reviews. Can you use Azure AD Access reviews to review group memberships for users defined in Azure AD?

A. Yes
B. No

A

A. Yes

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company is planning on making use of Azure Active Directory Privileged Identity Management. Can Privileged Identity Management be used to provide time-bound access for Azure virtual machines?

A. Yes
B. No

A

B. No

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company is planning on making use of Network Security Groups. Can you make use of network security groups to deny all inbound traffic from the Internet?

A. Yes
B. No

A

A. Yes

Explanation:
By default, there is a rule in the Network security group that blocks all network traffic except for that within the Azure virtual network. This rule will block all traffic from the Internet.

For more information on Azure network security groups, please refer to:

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have to decide on the right service to use based on a requirement:

Provide protection against large scale internet attacks

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

A

D. Azure DDoS Protection

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
D. Azure Identity Protection

A

B. Azure Web Application Firewall

Explanation:
The Azure Web Application Firewall can be used along with the Azure Application Gateway resource to protect web applications from common exploits and vulnerabilities. It can help to protect against attacks such as SQL injection attacks or cross-site scripting attacks.

For more information on the Azure Web Application Firewall, please refer to:

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to filter incoming traffic to Azure virtual machines?

A. Yes
B. No

A

A. Yes

Explanation:
The Azure Firewall service has network traffic filtering rules that can be defined to allow or deny traffic. You can filter traffic based on the source, destination IP address, port number, and protocol.

For more information on the network traffic filtering rules in the Azure Firewall service, please refer to:

https://docs.microsoft.com/en-us/azure/firewall/features#network-traffic-filtering-rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have to decide on the right service to use based on a requirement. Which of the following would you use for the below requirement?

Provide a secure way to RDP/SSH into Azure virtual machines.

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

A

A. Azure Bastion

Explanation:
The Azure Bastion service is a managed service that allows you to connect to an Azure virtual machine via the browser and the Azure portal.

Option B is incorrect since this is a managed firewall service.

Option C is incorrect since this is used to filter the traffic to your Azure virtual machines.

Option D is incorrect since this is used to protect your Azure resources against large-scale attacks from the Internet.

For more information on the Azure Bastion service , please refer to the below URL

https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following maps to the below encryption technique?

Encrypting information that resides in persistent storage on physical media.

A. Encryption in transit
B. Encryption at Rest
C. In Memory Encryption
D. SSL Encryption

A

B. Encryption at Rest

Explanation:
This concept is mapped to the concept of ensuring that data is encrypted at rest. The data on the underlying physical media is encrypted.

The other options are all incorrect since the keyword of “rest” maps to data that resides on the physical device

For more information on Azure Encryption, please refer to:

https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?

A. Azure Security Center
B. Azure Key Vaults
C. Azure Sentinel
D. Azure Information Protection

A

A. Azure Security Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?

A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure Active Directory

A

A. Azure Defender

Explanation:
With Azure Defender, you can enable intelligent protection of your resources that are defined in Azure and also in your on-premises infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is a scalable, cloud-native, security information event management and security orchestration automated response solution?

A. Azure Sentinel
B. Azure Security Center
C. Azure Active Directory
D. Azure AD IDentity Protection

A

A. Azure Sentinel

Explanation:
Explanation

You can use Azure Sentinel as a scalable, cloud-native, security information event management and security orchestration automated response solution. Azure Sentinel has the capability to ingest data from a variety of sources and perform threat monitoring on that data.

For more information on Azure Sentinel, please refer to:

https://docs.microsoft.com/en-us/azure/sentinel/overview

20
Q

The Microsoft 365 Defender Suite provides functionality for your IT staff to assess threat signals from your organizations’ Identities, Endpoints, Applications, and ___________.

A. Databases
B. Email
C. Container Registries
D. Storage

A

B. Email

Explanation:
The Microsoft 365 Defender suite includes the 4 services below which protect Identities, Endpoints, Applications, and Emails:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for O365
  • Microsoft Defender for Identity
  • Microsoft Cloud App Security

Databases are protected by Azure Defender for SQL, but it is not part of the Microsoft 365 Defender suite.

Storage accounts are protected by Azure Defender for Storage, but it is not part of the Microsoft 365 suite.

Container Registries are protected by Azure Defender for Container Registries, but it is not part of the Microsoft 365 suite.

More info:

https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide

21
Q

You want to enable safe attachments for SharePoint and OneDrive. Which of the following can be used for this requirement?

A. Microsoft Defender for Endpoint
B. Microsoft Defender for Identity
C. Microsoft Defender for O365
D. Azure AD Identity Protection

A

C. Microsoft Defender for O365

Explanation:

22
Q

Which of the following is a component of the Cloud App Security Framework?

A. Entitlement Management to provide access packages
B. MFA
C. Regulatory Compliance to ensure Regulatory Standards
D. Control and Discover the use of Shadow IT

A

D. Control and Discover the use of Shadow IT

Explanation:

23
Q

Your organization is exploring the possibility of allowing users to Bring Your Own Device and use it to access company resources. What tool can be used to help protect organizational data resources when accessed on devices owned by end-users?

A. Azure Sentinel
B. Microsoft 365 Compliance Center
C. Azure Security Center
D. Microsoft Intune

A

D. Microsoft Intune

Explanation:

24
Q

You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels be used to encrypt the contents in documents?

A. Yes
B. No

25
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Which of the following can be used for the following requirement? Provide access to a Microsoft support engineer to a user’s Exchange Online data A> Information Barriers B. Content Search Tool C. Customer Lockbox D. Privileged Access Management
C. Customer Lockbox Explanation:
26
Your company is looking at the different options available when it comes to security solutions for Microsoft 365. Which of the following can be used for the following requirement? Provide just-in-time access to users in Microsoft Office 365 Exchange Online. A. Information Barriers B. Content Search Tool C. Customer Lockbox D. Privileged Access Management
D. Privileged Access Management Explanation: You can make use of privileged access management to provide just-in-time access to services in Microsoft 365. So instead of giving prior access, you can ensure that access is only provided whenever it is required.
27
You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the right tool that can be used for desired requirement below. Provide capabilities on searching and exporting content in Microsoft 365. A. Core eDiscovery B. Privileged Access Management C. Sensitivity Labels D. Content Search
A. Core eDiscovery Explanation: The Core eDiscovery tool helps you to find and export content in Microsoft 365 and Office 365. You can also use the tool to place an eDiscovery hold on certain content locations.
28
What is the maximum time frame for which you can retain audit logs in Microsoft 365? A. 1 month B. 1 year C. 5 years D. 10 years
D. 10 years Explanation:
29
_________ can be used to ensure users are not able to deploy resources of a specific size into specific regions. A. Azure Policy B. Resource Locks C. Privileged Identity Management
A. Azure Policy Explanation:
30
Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is "Verify explicitly" a Zero Trust principle? A. Yes B. No
A. Yes Explanation: Here you have to ensure that not everyone is provided access to a system. Here you should always authenticate and authorize users. For more information on the Zero Trust Principle, please refer to the below URL: https://www.microsoft.com/en-us/security/business/zero-trust
31
Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is "Assume breach" a Zero Trust principle? A. Yes B. No
A. Yes Explanation: You need to ensure that you implement the required network controls. For more information on the Zero Trust Principle, please refer to the below URL: https://www.microsoft.com/en-us/security/business/zero-trust
32
A company is planning on hosting resources in Azure cloud. If the company is planning on using Infrastructure as a service in Azure, would the cloud provider be responsible for managing the underlying infrastructure? A. Yes B. No
A. yes Explanation: When it comes to a cloud provider, the entire physical infrastructure is managed by Azure when it comes to the Infrastructure as a service. Aspects such as the physical servers and the security of the data center will be managed by the cloud provider. For more information on Infrastructure as a service, please refer to the following URL: https://azure.microsoft.com/en-us/overview/what-is-iaas/
33
A company is planning on hosting resources in Azure cloud. If the company is planning on hosting their data and applications in the cloud, are they responsible for the protection of the underlying data? A. yes B. No
A. Yes Explanation: There is a clear model when it comes to the responsibility of the customer and the cloud provider. The customer is responsible for the protection of the data and the applications in the cloud. You can refer to the link on the Shared Responsibility Model, this gives the delineation of the responsibilities of the customer and the cloud provider. For more information on the Shared Responsibility Model, please refer to the following URL: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility/
34
Your company wants to start hosting resources on Azure. When using Azure cloud, would the company be responsible for maintaining the underlying physical hosts? A. yes B. No
A. No Explanation: The responsibility of managing the underlying physical hosts would lie with Azure. Azure would manage all aspects when it comes to the underlying physical infrastructure. For more information on the Shared Responsibility Model, please refer to the following URL: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility/
35
Your company wants to start hosting resources on Azure. When using Azure cloud, would the company be responsible for maintaining the underlying identities that would be assigned access to Azure resources? A. Yes B. No
A. yes Explanation: The maintenance of the underlying identities in Azure would lie with the customer. Azure provides an option of Azure Active Directory for storing the identities, but the final responsibility of managing the identities lies with the customer. For more information on the Shared Responsibility Model, please refer to the following URL: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
36
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is the Shared Responsibility Model a key Microsoft privacy principal? A. Yes B. No
B. No Explanation:
37
Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users? A. Encryption B. Deduplication C. Archiving D. Compression
A. Encryption Explanation: You can ensure data is encrypted. Then, only authorized users would have the encryption key. The encryption key can then be used to decrypt and read the data.
38
Describe the concepts of security, compliance, and identity. Your organization has detected a threat against its resources in which a malicious actor has been attempting to use various known passwords against a list of known usernames. What type of attack would this be classified as? A. SQL injection attack B. DDoS Attack C. Dictionary Attack D. Ransomware attack
C. Dictionary Attack Explanation: Answer A is incorrect as SQL Injection attacks are attacks that are made by executing malicious SQL statements in an effort to manipulate or expose data within a database system. Answer B is incorrect as a DDoS attack is when a malicious actor floods a server or other network resources with so many requests that the service is unable to respond to the malicious attempts or valid attempts. Answer C is correct as Dictionary attacks, also known as brute force attacks, are when a malicious actor repeatedly tries known passwords against known usernames in an attempt to gain access to an application or system. Answer D is incorrect as Ransomware attacks generally involve malware that is installed on systems that give malicious actors access to your data, in which they can then encrypt the data and make it unavailable for the organizations unless a ransom is paid to unencrypt the data.
39
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Control a key Microsoft privacy principal? A. Yes B. No
A. Yes Explanation: When it comes to control, control is given to the customer when it comes to privacy. For more information on Microsoft Privacy control, please refer to the below URL: https://privacy.microsoft.com/en-US/
40
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes to Microsoft privacy. Is Transparency a key Microsoft privacy principal? A. Yes B. No
A. yes Explanation: When it comes to Transparency, Microsoft tells their customers that they are transparent when it comes to data collection. For more information on Microsoft Privacy control, please refer to the below URL: https://privacy.microsoft.com/en-US/
41
Which of the following is the process of checking if a signed-in user has access to a particular resource in Azure? A. Authentication B. Authorization C. Conditional Access D. Resource Locks
B. Authorization Explanation: After a user has signed in, the user is checked to see if they have access to resources. If a user tries to access a resource, it would be checked on whether they first have the right to access the resource. This process is known as authorization. Option A is incorrect since this is used to check if a person is really who they say they are. Option C is incorrect since this is used to provide a conditional way to authenticate to Azure. Option D is incorrect since this is used to lock resources in Azure. For more information on Authentication and Authorization, refer to the following URL: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization
42
What Azure service is used to store identifying information for users, groups, and applications? A. Security Center B. Azure Active Directory C. Azure Active Directory Domain Services D. Azure Sentinel
B. Azure Active Directory Explanation: Answer A is incorrect because Security Center is a infrastructure management system that helps you to improve your security posture by providing recommendations and alerts for security events. Users and Groups are not stored within Security Center. Answer B is correct because Azure Active Directory is the primary Identity store that is used for Azure and Microsoft 365 subscriptions. Azure AD stores information for users and groups that are created locally in the Azure AD tenant or synced from a Active Directory Domain Services directory. Answer C is incorrect because Azure Active Directory Domain Services provides you with a managed domain in the cloud. This service is used to provide features such as LDAP and support for legacy authentication protocols such as Kerberos and NTLM Answer D is incorrect because Azure Sentinel is a Security Incident and Event Management System as well as a Security Orchestration and Automated Response tool. This service is used to ingest logs from multiple sources and run threat analytics against those sources to help identify, notify, and respond to security incidents.
43
A company is planning on using Azure Active Directory. Which of the following is used to describe the exact term for Azure Active Directory? A. Federation server B. Identity Provider C. Proxy Server D. Firewall
B. Identity Provider Explanation: Azure Active Directory is Microsoft’s identity provider. This is used for storage of identities and for access management. Both Azure and Microsoft Office 365 can use Azure Active Directory for identity and access management All of the other options are incorrect since Azure Active Directory is used for identity and access management. For more information on Azure Active Directory, please refer to the below URL: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
44
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to provide user access to create application registrations in Azure Active directory? A. Yes B. NO
A. Yes Explanation: In Azure Active Directory, you will go ahead and assign roles to users. Here you can assign the Application administrator role to the user to manage various aspects when it comes to managing applications in Azure Active Directory. For more information on Azure Active Directory roles, please refer to: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
45
Your company is planning on using Azure Active Directory. They already have user identities stored in their on-premises Active Directory. They want to sync the user identities from their on-premises Active Directory onto Azure Active Directory. Which of the following could be used for this purpose? A. Azure Blueprints B. Azure AD Connect C. Azure Identity Protection D. Azure Privileged Identity Management
B. Azure AD Connect Explanation: Azure AD Connect is used to synchronize identities from the on-premises Active Directory onto Azure Active Directory. There are different methods available for user identity synchronization. Option A is incorrect since this is used to define a repeatable set of Azure resources. Option C is incorrect since this is used for securing identities in Azure AD. Option D is incorrect since this is used for providing just-in-time access to resources in Azure AD. For more information on Azure AD Connect, please refer to: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect

SC900 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions