WhizLabs Flashcards
Your company is planning on using Azure Cloud services.
They are looking at the different security aspects when it comes to Microsoft privacy.
Is Control a key Microsoft privacy principal?
A. Yes
B. No
A. Yes
Explanation:
Below are the key privacy principals as addresses by Microsoft:
Control
Transparency
Security
Strong legal protections
No content based targeting
Benefits to you
Your company is planning on using Azure Cloud Services.
They are looking at the different security aspects when it comes to Microsoft privacy.
Is Transparency a key Microsoft privacy principal?
A. Yes
B. No
A. Yes
Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust Principle. Is Verify Explicitly a Zero Trust Principle?
A. Yes
N. No
A. Yes
Explanation:
The principles when it comes to Zero trust are:
- Verify Explicitly
-Use least privileged access - Assume Breach
Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust Principle. Is Verify Explicitly a Zero Trust Principle?
A. Yes
B. No
A. Yes
Explanation:
The principles when it comes to Zero trust are:
- Verify Explicitly
-Use least privileged access - Assume Breach
Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?
A. Encryption
B. Deduplication
C. Archiving
D. Compression
A. Encryption
Explanation:
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can then be used to decrypt and read the data
Your company is planning on using Azure Active Directory for the storage identities. They want to make use of the self service password reset feature. Which of the following authentication methods are available for self service password reset?
A. Mobile App Notification
B. Mobile App Code
C. Iris Recognition
D. Fingerprint Recognition
E. Email
F. Security questions
A. Mobile App Notification
B. Mobile App Code
E. Email
F. Security questions
Explanation:
SSPR provides users with the ability to change or reset their password, without administrator or help desk involvement. If a users account is locked or they forget their password, they can unblock themselves and follow the prompts to get back to work.
Your company is planning on using Azure AD. They already have user identities stored in their on premises AD. They want to sync the user identities from their on premises AD onto Azure AD. Which of the following could be used for this purpose?
A. Azure Blueprints
B. Azure AD Connect
C. Azure Identity Protection
D. Azure Privileged Identity Management
B. Azure AD Connect
Explanation:
Azure AD Connect is used to synchronize identities from the on premises AD onto Azure AD
Your company is planning on making use of Azure AD. Does the company need to create a virtual machine in Azure for hosting AD?
A. Yes
B. No
B. No
Explanation:
Azure AD is a completely managed service. The underlying infrastructure is managed by Azure.
Your company is planning on making use of NSGs. Can you make use of network security groups to filter traffic based on the IP address, protocol and port number?
A. Yes
B. No
A. Yes
Explanation:
For a network security group rule, you can create a rule that is based on the IP address, the protocol and the port number
Which of the following can be used to provide just in time access to resources?
A. Azure AD Identity Protection
B. Azure AD Privileged Identity Management
C. Azure MFA
D. Azure Blueprints
B. Azure AD Privileged Identity Management
Explanation:
Azure AD PIM can be sued to provide just in time access to your resources
In Azure AD PIM, you can add assignments to resources to users in Azure
Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity Protection to provide access to resources in Azure?
A. Yes
B. No
A. Yes
Explanation:
Azure AD Identity Protection is used to identify risks based on the user sign in process. It is not used to provide access to resources in Azure
Your company is planning on using Azure AD Identity Protection.
Can you use Azure AD Identity Protection to enforce MFA for users based on a sign in risk policy?
A. Yes
B. No
A. Yes
Explanation:
In Azure AD Identity Protection, you can configure the sign in risk policy to allow access and enforce the use of MFA
Your company is planning on using Azure AD Identity Protection.
Does Azure AD Identity protection categorize events into Low, Medium and High?
A. Yes
B. No
A. Yes
Explanation:
When you configure a risk policy in Azure AD Identity Protection, you can decide on the category of risks.
This is because all of the identified risks are categorized into High Medium or Low risks
Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?
A. Microsoft Defender for Cloud
B. Azure Key Vaults
C. Microsoft Sentinel
D. Azure Information Protection
A. Microsoft Defender for Cloud
Explanation:
You have to decide on the right service to use based on the requirement.
Which of the following would you use for the below requirement?
Provide Network Address Translation
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection
B. Azure Firewall
Explanation:
The Azure Firewall service has the facility to translate traffic via its public IP address to private IP addresses to virtual networks
You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement?
Provide protection against large scale internet attacks
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection
D. Azure DDoS Protection
Explanation:
You can use the Azure DDoS service to protect against large scale Internet based attacks
Which of the following provides XDR capabilities that help to protect multi cloud and hybrid workloads?
A. Azure Policy
B. Microsoft Defender for Cloud
C. Azure Blueprints
D. Azure Identity Protection
B. Microsoft Defender for Cloud
Explanation:
Microsoft Defender for Cloud now has capabilities to deliver XDR-based capabilities that help to protect both multi cloud and hybrid workloads
Your company is planning on using the Microsoft Defender for Endpoint service. Can you use Defneder for Endpoint to protect Windows 2016 Azure Virtual machines?
A. Yes
B. No
A. Yes
Explanation:
You can onboard servers such as Windows Server 2012 and 2016 to the Microsoft Defender for Endpoint service
Your company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect SharePoint online?
A. yes
B. no
A. yes
Explanation:
You cant use Defender for Endpoint to protect SharePoint sites
You have to enroll devices into Microsoft Intune. Can you enroll your Windows 10 devices into Microsoft Intune?
A. yes
B. no
A. yes
Explanation:
When you enroll your Windows 10 devices into Microsoft Intune, you then get mobile access to your work and school applications, email and WiFi
You have to enroll devices into Microsoft Intune. Can you enroll your Android devices into Microsoft Intune?
A. yes
B. no
A. Yes
Explanation:
When you enroll your Android devices into Microsoft Intune, you then get mobile access to your work and school applications, email and WiFi
You have to enroll devices into Microsoft Intune. Can you enroll both your organization provided and personal devices?
A. yes
B. no
A. yes
Explanation:
You can enroll both organization provided devices and personal devices into Microsoft Intune
What is the maximum time frame for which you can retain audit logs in Microsoft 365?
A. 1 month
B. 1 year
C. 5 years
D. 10 years
D. 10 years
Explanation:
With long term retention in audit logs, you can retain logs for up to 10 years.
This can allow your security team to perform long running investigations if required on the data
Since Microsoft365 Advanced auditing supports auditing of up to 10 years, all other options are incorrect
Your compnay has just setup an Azure subscription. They have the following requirements:
Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions
Be able to ensure no one can delete resources defined in a resource group named whizlabs-staging
Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS antimalware extension installed
Which of the following can be used for the following requirements?
A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource Locks
B. Azure Blueprints
Explanation:
You can use Azure Blueprints to deploy a set of artifacts. The artifacts can be resources as ARM templates, resource groups and role assignments
Which of the following allows you to invite guest users and provide them access to Azure resources within your organization?
A. Azure Identity Protection
B. Azure Privileged Identity Management
C. Azure Active Directory B2B
D. Azure AD Connect
C. Azure Active Directory B2B
Explanation:
With Azure Directory B2B, you can actually invite users from external partners. You can then securely give them access to Azure resources within your organization
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels be used to encrypt the contents in documents?\
A. yes
B. no
A. yes
Explanation:
When you apply a Confidential label to a document, the label will encrypt the content in the document
You are considering the use of sensitivty labels in Microsoft 365. Do sensitivity labels add a header and footer to the underlying Office365 document for which the label is applied?
A. yes
B. no
B. No
Explanation:
When you apply a sensitivity label to a document, it will also add a header and footer to the document
Your company is looking at the different options available when it comes to security solutions for Microsoft 365.
Below are the key requirements:
Search for email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization
Provides access to a Microsoft support engineer to a users Exchange Online data
Provide just in time access to users in Microsoft 365 Exchange Online
Which of the following can be used for the following requirement?
Search for email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations
A. Information Barriers
B. Content Search Tool
C. Custom Lockbox
D. Privileged Access Management
B. Content Search Tool
Explanation:
With the Content Search tool, you can quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations. You can also search for instant messaging conversations in Microsoft Teams as well
Your company is looking at the different options available when it comes to security solutions for Microsoft 365.
Below are the key requirements:
Search for email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization
Provides access to a Microsoft support engineer to a users Exchange Online data
Provide just in time access to users in Microsoft 365 Exchange Online
Which of the following can be used for the following requirement?
Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
A. Information Barriers
Explanation:
Sometimes it might be required to ensure communication is not possible between two groups of people. This could be because of a potential conflict of interest between both parties. In this case, you can make use of Information Barriers
Which of the following can be used for the following requirement:
Provide access to a Microsoft support engineer to a users Exchange Online data
A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management
C. Customer Lockbox
Explanation:
Sometimes Microsoft Engineers need access a to a users data to diagnose an issue. This can be done with the help of the Custom Lockbox feature
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure virtual machine?
A. Yes
B. No
B. No
Explanation:
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine.
For this, you will need to use Network Security Groups. The Azure Bastion service is used to RDP/SSH into an Azure Virtual machine via the Azure portal and the browser
You are using Azure AD and you need to grant users the ability to create application registrations. So you decide to grant the role Application Administrator to the users. Does this role meet the requirements?
A. Yes
B. No
A. Yes
Explanation:
The Application Administrator role will provide the ability to create application registrations
