WhizLabs Flashcards

1
Q

Your company is planning on using Azure Cloud services.
They are looking at the different security aspects when it comes to Microsoft privacy.
Is Control a key Microsoft privacy principal?

A. Yes
B. No

A

A. Yes

Explanation:
Below are the key privacy principals as addresses by Microsoft:

Control
Transparency
Security
Strong legal protections
No content based targeting
Benefits to you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company is planning on using Azure Cloud Services.
They are looking at the different security aspects when it comes to Microsoft privacy.
Is Transparency a key Microsoft privacy principal?

A. Yes
B. No

A

A. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust Principle. Is Verify Explicitly a Zero Trust Principle?

A. Yes
N. No

A

A. Yes

Explanation:
The principles when it comes to Zero trust are:

  • Verify Explicitly
    -Use least privileged access
  • Assume Breach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust Principle. Is Verify Explicitly a Zero Trust Principle?

A. Yes
B. No

A

A. Yes

Explanation:
The principles when it comes to Zero trust are:

  • Verify Explicitly
    -Use least privileged access
  • Assume Breach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?

A. Encryption
B. Deduplication
C. Archiving
D. Compression

A

A. Encryption

Explanation:
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can then be used to decrypt and read the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company is planning on using Azure Active Directory for the storage identities. They want to make use of the self service password reset feature. Which of the following authentication methods are available for self service password reset?

A. Mobile App Notification
B. Mobile App Code
C. Iris Recognition
D. Fingerprint Recognition
E. Email
F. Security questions

A

A. Mobile App Notification
B. Mobile App Code
E. Email
F. Security questions

Explanation:
SSPR provides users with the ability to change or reset their password, without administrator or help desk involvement. If a users account is locked or they forget their password, they can unblock themselves and follow the prompts to get back to work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company is planning on using Azure AD. They already have user identities stored in their on premises AD. They want to sync the user identities from their on premises AD onto Azure AD. Which of the following could be used for this purpose?

A. Azure Blueprints
B. Azure AD Connect
C. Azure Identity Protection
D. Azure Privileged Identity Management

A

B. Azure AD Connect

Explanation:
Azure AD Connect is used to synchronize identities from the on premises AD onto Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company is planning on making use of Azure AD. Does the company need to create a virtual machine in Azure for hosting AD?

A. Yes
B. No

A

B. No

Explanation:
Azure AD is a completely managed service. The underlying infrastructure is managed by Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company is planning on making use of NSGs. Can you make use of network security groups to filter traffic based on the IP address, protocol and port number?

A. Yes
B. No

A

A. Yes

Explanation:
For a network security group rule, you can create a rule that is based on the IP address, the protocol and the port number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following can be used to provide just in time access to resources?

A. Azure AD Identity Protection
B. Azure AD Privileged Identity Management
C. Azure MFA
D. Azure Blueprints

A

B. Azure AD Privileged Identity Management

Explanation:
Azure AD PIM can be sued to provide just in time access to your resources
In Azure AD PIM, you can add assignments to resources to users in Azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity Protection to provide access to resources in Azure?

A. Yes
B. No

A

A. Yes

Explanation:
Azure AD Identity Protection is used to identify risks based on the user sign in process. It is not used to provide access to resources in Azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your company is planning on using Azure AD Identity Protection.
Can you use Azure AD Identity Protection to enforce MFA for users based on a sign in risk policy?

A. Yes
B. No

A

A. Yes

Explanation:
In Azure AD Identity Protection, you can configure the sign in risk policy to allow access and enforce the use of MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company is planning on using Azure AD Identity Protection.
Does Azure AD Identity protection categorize events into Low, Medium and High?

A. Yes
B. No

A

A. Yes

Explanation:
When you configure a risk policy in Azure AD Identity Protection, you can decide on the category of risks.
This is because all of the identified risks are categorized into High Medium or Low risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?

A. Microsoft Defender for Cloud
B. Azure Key Vaults
C. Microsoft Sentinel
D. Azure Information Protection

A

A. Microsoft Defender for Cloud

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have to decide on the right service to use based on the requirement.
Which of the following would you use for the below requirement?

Provide Network Address Translation

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

A

B. Azure Firewall

Explanation:
The Azure Firewall service has the facility to translate traffic via its public IP address to private IP addresses to virtual networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have to decide on the right service to use based on the requirement. Which of the following would you use for the below requirement?

Provide protection against large scale internet attacks

A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

A

D. Azure DDoS Protection

Explanation:
You can use the Azure DDoS service to protect against large scale Internet based attacks

17
Q

Which of the following provides XDR capabilities that help to protect multi cloud and hybrid workloads?

A. Azure Policy
B. Microsoft Defender for Cloud
C. Azure Blueprints
D. Azure Identity Protection

A

B. Microsoft Defender for Cloud

Explanation:
Microsoft Defender for Cloud now has capabilities to deliver XDR-based capabilities that help to protect both multi cloud and hybrid workloads

18
Q

Your company is planning on using the Microsoft Defender for Endpoint service. Can you use Defneder for Endpoint to protect Windows 2016 Azure Virtual machines?

A. Yes
B. No

A

A. Yes

Explanation:
You can onboard servers such as Windows Server 2012 and 2016 to the Microsoft Defender for Endpoint service

19
Q

Your company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for Endpoint to protect SharePoint online?

A. yes
B. no

A

A. yes

Explanation:
You cant use Defender for Endpoint to protect SharePoint sites

20
Q

You have to enroll devices into Microsoft Intune. Can you enroll your Windows 10 devices into Microsoft Intune?

A. yes
B. no

A

A. yes

Explanation:
When you enroll your Windows 10 devices into Microsoft Intune, you then get mobile access to your work and school applications, email and WiFi

21
Q

You have to enroll devices into Microsoft Intune. Can you enroll your Android devices into Microsoft Intune?

A. yes
B. no

A

A. Yes

Explanation:
When you enroll your Android devices into Microsoft Intune, you then get mobile access to your work and school applications, email and WiFi

22
Q

You have to enroll devices into Microsoft Intune. Can you enroll both your organization provided and personal devices?

A. yes
B. no

A

A. yes

Explanation:
You can enroll both organization provided devices and personal devices into Microsoft Intune

23
Q

What is the maximum time frame for which you can retain audit logs in Microsoft 365?

A. 1 month
B. 1 year
C. 5 years
D. 10 years

A

D. 10 years

Explanation:
With long term retention in audit logs, you can retain logs for up to 10 years.
This can allow your security team to perform long running investigations if required on the data
Since Microsoft365 Advanced auditing supports auditing of up to 10 years, all other options are incorrect

24
Q

Your compnay has just setup an Azure subscription. They have the following requirements:

Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions
Be able to ensure no one can delete resources defined in a resource group named whizlabs-staging
Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS antimalware extension installed

Which of the following can be used for the following requirements?

A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource Locks

A

B. Azure Blueprints

Explanation:
You can use Azure Blueprints to deploy a set of artifacts. The artifacts can be resources as ARM templates, resource groups and role assignments

25
Q

Which of the following allows you to invite guest users and provide them access to Azure resources within your organization?

A. Azure Identity Protection
B. Azure Privileged Identity Management
C. Azure Active Directory B2B
D. Azure AD Connect

A

C. Azure Active Directory B2B

Explanation:
With Azure Directory B2B, you can actually invite users from external partners. You can then securely give them access to Azure resources within your organization

26
Q

You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels be used to encrypt the contents in documents?\

A. yes
B. no

A

A. yes

Explanation:
When you apply a Confidential label to a document, the label will encrypt the content in the document

27
Q

You are considering the use of sensitivty labels in Microsoft 365. Do sensitivity labels add a header and footer to the underlying Office365 document for which the label is applied?

A. yes
B. no

A

B. No

Explanation:
When you apply a sensitivity label to a document, it will also add a header and footer to the document

28
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365.
Below are the key requirements:

Search for email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization
Provides access to a Microsoft support engineer to a users Exchange Online data
Provide just in time access to users in Microsoft 365 Exchange Online

Which of the following can be used for the following requirement?

Search for email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations

A. Information Barriers
B. Content Search Tool
C. Custom Lockbox
D. Privileged Access Management

A

B. Content Search Tool

Explanation:
With the Content Search tool, you can quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations. You can also search for instant messaging conversations in Microsoft Teams as well

29
Q

Your company is looking at the different options available when it comes to security solutions for Microsoft 365.
Below are the key requirements:

Search for email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization
Provides access to a Microsoft support engineer to a users Exchange Online data
Provide just in time access to users in Microsoft 365 Exchange Online

Which of the following can be used for the following requirement?

Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

A

A. Information Barriers

Explanation:
Sometimes it might be required to ensure communication is not possible between two groups of people. This could be because of a potential conflict of interest between both parties. In this case, you can make use of Information Barriers

30
Q

Which of the following can be used for the following requirement:

Provide access to a Microsoft support engineer to a users Exchange Online data

A. Information Barriers
B. Content Search Tool
C. Customer Lockbox
D. Privileged Access Management

A

C. Customer Lockbox

Explanation:
Sometimes Microsoft Engineers need access a to a users data to diagnose an issue. This can be done with the help of the Custom Lockbox feature

31
Q

You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure virtual machine?

A. Yes
B. No

A

B. No

Explanation:
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine.
For this, you will need to use Network Security Groups. The Azure Bastion service is used to RDP/SSH into an Azure Virtual machine via the Azure portal and the browser

32
Q

You are using Azure AD and you need to grant users the ability to create application registrations. So you decide to grant the role Application Administrator to the users. Does this role meet the requirements?

A. Yes
B. No

A

A. Yes

Explanation:
The Application Administrator role will provide the ability to create application registrations