Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

SC-900 > Topic 4 > Flashcards

Topic 4 Flashcards

1
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • Authorization is used to identify the level of access to a resource
  • Authentication is proving that users are who they say they are
  • Authentication identifies whether you can read and write to a file
A
  • Authorization is used to identify the level of access to a resource → Yes
  • Authentication is proving that users are who they say they are → Yes
  • Authentication identifies whether you can read and write to a file → No
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a function of Conditional Access session controls?

A. enforcing device compliance
B. enforcing client app compliance
C. enable limited experiences, such as blocking download of sensitive information
D. prompting multi-factor authentication (MFA)

A

C. enable limited experiences, such as blocking download of sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • Azure AD Identity Protection can add users to groups based on the user’s risk level
  • Azure AD Identity Protection can detect whether user credentials were leaked to the public
  • Azure AD Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level
A
  • Azure AD Identity Protection can add users to groups based on the user’s risk level → No
  • Azure AD Identity Protection can detect whether user credentials were leaked to the public → Yes
  • Azure AD Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level → Yes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What can you use to ensure that all the users in a specific group must use multi-factor authentication (MFA) to sign to Azure Active Directory (Azure AD)?

A. Azure Policy
B. a communication compliance policy
C. a Conditional Access policy
D. a user risk policy

A

C. a Conditional Access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • You can create a hybrid identity in an on-premises Active Directory that syncs to Azure AD
  • User accounts created in Azure AD sync automatically to an on-premises Active Directory
  • When using a hybrid model, authentication can either be done by Azure AD or by another identity provider
A
  • You can create a hybrid identity in an on-premises Active Directory that syncs to Azure AD → Yes
  • User accounts created in Azure AD sync automatically to an on-premises Active Directory → No
  • When using a hybrid model, authentication can either be done by Azure AD or by another identity provider → Yes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which three authentication methods can Azure AD users use to reset their password?

A. mobile app notification
B. text message to a phone
C. security questions
D. certificate
E. picture password

A

A. mobile app notification
B. text message to a phone
C. security questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • Azure AD B2C enables external users to sign in by using their preferred social or enterprise account identities
  • External Azure AD B2V users are managed in the same directory as users in the Azure AD organization
  • Custom branding can be applied to Azure AD B2C authentication
A
  • Azure AD B2C enables external users to sign in by using their preferred social or enterprise account identities → Yes
  • External Azure AD B2V users are managed in the same directory as users in the Azure AD organization → No
  • Custom branding can be applied to Azure AD B2C authentication → Yes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • Software tokens are an example of passwordless authentication
  • Windows Hello is an example of passwordless authentication
  • FIDO2 security keys are an example of passwordless authentication
A
  • Software tokens are an example of passwordless authentication → No
  • Windows Hello is an example of passwordless authentication → Yes
  • FIDO2 security keys are an example of passwordless authentication → Yes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which security feature is available in the free mode of Microsoft Defender for Cloud?

A. threat protection alerts
B. just-in-time (JIT) VM access to Azure virtual machines
C. vulnerability scanning of virtual machines
D. secure score

A

D. secure score

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems?

A. Windows 10 and newer only
B. Windows 10 and newer and Android only
C. Windows 10 and newer and iOS only
D. Windows 10 and newer, Android, and iOS

A

A. Windows 10 and newer only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • Microsoft Defender for Cloud can detect vulnerabilities and threats for Azure Storage
  • Cloud Security Posture Management (CSPM) is available for all Azure subscriptions
  • Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises
A
  • Microsoft Defender for Cloud can detect vulnerabilities and threats for Azure Storage → Yes
  • Cloud Security Posture Management (CSPM) is available for all Azure subscriptions → Yes
  • Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises → Yes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Select the answer that correctly completes the sentence.

  • Azure Active Directory (Azure AD) Password Protection
  • Azure Bastion
  • Azure Information Protection (AIP)
  • Azure Key Vault

    is a cloud service for storing application secrets.
A

Azure Key Vault

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Select the answer that correctly completes the sentence.

  • Microsoft Defender for Cloud
  • Azure Monitor
  • Azure Security Benchmark
  • Microsoft Secure Score

    provides cloud workload protection for Azure and hybrid cloud resources.
A

Microsoft Defender for Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the maximum number of resources that Azure DDoS Protection Standard can protect without additional costs?

A. 50
B. 100
C. 500
D. 1000

A

B. 100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are two reasons to deploy multiple virtual networks instead of using just one virtual network?

A. to meet governance policies
B. to connect multiple types of resources
C. to separate the resources for budgeting
D. to isolate the resources

A

A. to meet governance policies
D. to isolate the resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Select the answer that correctly completes the sentence.

Microsoft Sentinel provides quick insights into data by using

- Azure Logic Apps
- Azure Monitor workbook templates
- Azure Resource Graph Explorer
- playbooks

A

Azure Monitor workbook templates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have an Azure subscription that contains multiple resources.

You need to assess compliance and enforce standards for the existing resources.

What should you use?

A. Azure Blueprints
B. the Anomaly Detector service
C. Microsoft Sentinel
D. Azure Policy

A

D. Azure Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which Microsoft Defender for Cloud metric displays the overall security health of an Azure subscription?

A. secure score
B. resource health
C. completed controls
D. the status of recommendations

A

A. secure score

19
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • You can use information barriers with Microsoft Exchange
  • You can use information barriers with Microsoft SharePoint
  • You can use information barriers with Microsoft Teams
A
  • You can use information barriers with Microsoft Exchange → No
  • You can use information barriers with Microsoft SharePoint → Yes
  • You can use information barriers with Microsoft Teams → Yes
20
Q

Select the answer that correctly completes the sentence.

Insider risk management is configured from the

- Microsoft 365 admin center
- Microsoft 365 compliance center (Microsoft Purview)
- Microsoft 365 Defender portal
- Microsoft Defender for Cloud Apps portal

A

Microsoft 365 compliance center (Microsoft Purview)

21
Q

You need to ensure repeatability when creating new resources in an Azure subscription.

What should you use?

A. Microsoft Sentinel
B. Azure Policy
C. Azure Batch
D. Azure Blueprints

A

D. Azure Blueprints

22
Q

What is a characteristic of a sensitivity label in Microsoft 365?

A. encrypted
B. restricted to predefined categories
C. persistent

A

C. persistent

23
Q

-Same Q as 109-

Match the Microsoft Purview Insider Risk Management workflow step to the appropriate task.

-Steps-
- Action
- Investigate
- Triage

-Answer Area-
- Review and filter alerts
- Create cases in the Case dashboard
- Send a reminder of corporate policies to users

A

Triage → Review and filter alerts
Investigate → Create cases in the Case dashboard
Action → Send a reminder of corporate policies to users

24
Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • Microsoft Purview provides sensitive data classification
  • Microsoft Sentinel is a data lifecycle management solution
  • Microsoft Purview can only discover data that is stored in Azure
A
  • Microsoft Purview provides sensitive data classification → Yes
  • Microsoft Sentinel is a data lifecycle management solution → No
  • Microsoft Purview can only discover data that is stored in Azure → No
25
Select the answer that correctly completes the sentence. - Compliance score - Microsoft Purview compliance portal reports - The Trust Center - Trust Documents ↘ measures a company's progress in completing actions that help reduce risks around data protection and regulatory standards.
Compliance score
26
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Asymmetric encryption uses a public key and private key pair - Symmetric encryption uses a public key and private key pair - You can use decryption to retrieve original content from a content hash
- Asymmetric encryption uses a public key and private key pair → Yes - Symmetric encryption uses a public key and private key pair → No - You can use decryption to retrieve original content from a content hash → No
27
- Same Q as 158- For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Asymmetric encryption uses a public key and private key pair - Symmetric encryption uses a public key and private key pair - You can use decryption to retrieve original content from a content hash
- Asymmetric encryption uses a public key and private key pair → Yes - Symmetric encryption uses a public key and private key pair → No - You can use decryption to retrieve original content from a content hash → No
28
Select the answer that correctly completes the sentence. Ensuring that the data you retrieve is the same as the data you stored is an example of maintaining ↘ - availability. - confidentiality. - integrity. - transparency.
integrity
29
Select the answer that correctly completes the sentence. - Assessment - Improvement actions - Solutions - Templates ↘ track compliance with groupings of controls from a specific regulation or requirement.
Assessment
30
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - In software as a service (SaaS), applying application updates is the responsibility of the organization - In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider - In all Azure cloud deployment types, managing the security of information and data is the responsibility of the organization
- In software as a service (SaaS), applying application updates is the responsibility of the organization → No - In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider → Yes - In all Azure cloud deployment types, managing the security of information and data is the responsibility of the organization → Yes
31
What should you use to associate the same identity to more than one Azure virtual machine? A. an Azure AD user account B. a user-assigned managed identity C. a system-assigned managed identity D. an Azure AD security group
B. a user-assigned managed identity
32
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Security defaults require an Azure AD Premium license - Security defaults can be enabled for a single Azure AD user - When Security defaults are enabled, all administrators must use multi-factor authentication (MFA)
- Security defaults require an Azure AD Premium license → No - Security defaults can be enabled for a single Azure AD user → No - When Security defaults are enabled, all administrators must use multi-factor authentication (MFA) → Yes
33
Which three forms of verification can be used with Azure AD Multi-Factor Authentication (MFA)? A. security questions B. the Microsoft Authenticator app C. SMS messages D. a smart card E. Windows Hello for Business
B. the Microsoft Authenticator app C. SMS messages E. Windows Hello for Business
34
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - An external email address can be used to authenticate self-service password reset (SSPR) - A notification to the Microsoft Authenticator app can be used to authenticate self-service password reset (SSPR) - To perform self-service password reset (SSPR), a user must already be signed in and authenticated to Azure AD
- An external email address can be used to authenticate self-service password reset (SSPR) → Yes - A notification to the Microsoft Authenticator app can be used to authenticate self-service password reset (SSPR) → Yes - To perform self-service password reset (SSPR), a user must already be signed in and authenticated to Azure AD → No
35
Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems? A. Windows 10 and newer only B. Windows 10 and newer and Android only C. Windows 10 and newer and macOS only D. Windows 10 and newer, Android, and macOS
C. Windows 10 and newer and macOS only
36
You have an Azure subscription that contains a Log Analytics workspace. You need to onboard Microsoft Sentinel. What should you do first? A. Create a hunting query. B. Correlate alerts into incidents. C. Connect to your security sources. D. Create a custom detection rule.
C. Connect to your security sources.
37
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Azure DDos Protection Standard protects against man-in-the-middle (MITM) attacks - Azure DDos Protection Standard is enabled by default in an Azure subscription - Azure DDos Protection Standard protects against protocol attacks
- Azure DDos Protection Standard protects against man-in-the-middle (MITM) attacks → No - Azure DDos Protection Standard is enabled by default in an Azure subscription → No - Azure DDos Protection Standard protects against protocol attacks → Yes
38
Select the answer that correctly completes the sentence. The ________ features of Microsoft Defender for Cloud block malware and other unwanted applications, while reducing the network attack surface on Azure virtual machines. ↘ - access and application control - Cloud Security Posture Management (CSPM) - container security - vulnerability assessment
access and application control
39
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - You can use Microsoft Purview Information Barriers to detect messages that contain inappropriate language - You can use Microsoft Purview Communication Compliance to scan files stored in Microsoft SharePoint Online - You can use Microsoft Purview Communication Compliance to scan internal and external emails in Microsoft Exchange Online
- You can use Microsoft Purview Information Barriers to detect messages that contain inappropriate language → No - You can use Microsoft Purview Communication Compliance to scan files stored in Microsoft SharePoint Online → No - You can use Microsoft Purview Communication Compliance to scan internal and external emails in Microsoft Exchange Online → Yes
40
Select the answer that correctly completes the sentence. Single sign-on (SSO) configured between multiple identity providers in an example of ↘ - federation - integration - password hash synchronization - pass-through authentication
federation
41
You plan to move resources to the cloud. You are evaluating the use of Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS) cloud models. You plan to manage only the data, user accounts, and user devices for a cloud-based app. Which cloud model will you use? A. SaaS B. PaaS C. IaaS
A. SaaS
42
Select the answer that correctly completes the sentence. Enabling a system-assigned managed identity creates a service principal that ↘ - can be shared with multiple Azure resources - is managed separately from the resource that uses it - is tied to the lifecycle of the resource that uses it - must be registered manually with Azure AD
is tied to the lifecycle of the resource that uses it
43
For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Device identity can be stored in Azure AD - A single system-assigned managed identity can be used by multiple Azure resources - If you delete an Azure resource that has a user-assigned managed identity, the managed identity is deleted automatically
- Device identity can be stored in Azure AD → Yes - A single system-assigned managed identity can be used by multiple Azure resources → No - If you delete an Azure resource that has a user-assigned managed identity, the managed identity is deleted automatically → No
44
Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards? A. Adoption Score B. Microsoft Secure Score C. Secure score in Microsoft Defender for Cloud D. Compliance score
D. Compliance score

SC-900 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions