⬆️ Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) Practice Tests Exams Questions & Answers
- Yes.
- No.
Conditional access policies can be used to block access to an application based on the location of the user.
- Yes.
- No.
Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices.
- Yes.
- No.
[...] is used to identify, hold, and export electronic information that might be used in an investigation.
- Customer Lockbox.
- Data loss prevention (DLP).
- eDiscovery.
- A resource lock.
- Yes.
- No.
- Yes.
- No.
Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses.
- Yes.
- No.
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
- Automated remediation.
- Automated investigation.
- Advanced hunting.
- Network protection.
Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?
- Microsoft Secure Score.
- Productivity Score.
- Secure score in Azure Security Center.
- Compliance score.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
- The management of mobile devices.
- The permissions for the user data stored in Azure.
- The creation and management of user accounts.
- The management of the physical hardware.
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
- Sensitivity label policies.
- Customer Lockbox.
- Information Barriers.
- Privileged Access Management (PAM).
You can use [...] in the Microsoft 365 security center to identify devices that are affected by an alert.
- Classifications.
- Incidents.
- Policies.
- Secure score.
- assigned permissions.
- authenticated.
- authorized.
- resolved.
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?
- Threat modeling.
- Identity as the security perimeter.
- Defense in depth.
- The shared responsibility model.
- continually.
- monthly.
- on-demand.
- quarterly.
What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?
- Attack simulator.
- Reports.
- Hunting.
- Incidents.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?
- Plan.
- Manage.
- Adopt.
- Govern.
- Define Strategy.
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
- Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
- Azure Multi-Factor Authentication (MFA).
- Azure Active Directory (Azure AD) Identity Protection.
- conditional access policies.
- Yes.
- No.
The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions.
- Yes.
- No.
Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center.
- Yes.
- No.
[...] enables collaboration with business partners from external organizations such as suppliers, partners, and vendors. External users appear as guest in the directory.
- Active Directory Domain Services (AD DS).
- Active Directory forest trust.
- Azure Active Directory (Azure AD) business-to-business (B2B).
- Azure Active Directory business-to-consumer B2C (Azure AD B2C).
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
- Microsoft Service Trust Portal.
- Compliance Manager.
- Microsoft 365 compliance center.
- Microsoft Support.
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
- Microsoft Defender for Office 365.
- Microsoft Defender Antivirus.
- Microsoft Defender for Identity.
- Microsoft Defender for Endpoint.
- To control how often users must change their passwords.
- To identify devices to which users can sign in without using multi-factor authentication (MFA).
- To encrypt a password by using globally recognized encryption standards.
- To prevent users from using specific words in their passwords.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Encrypting communications by using a site-to-site VPN.
- Encrypting a virtual machine disk.
- Accessing a website by using an encrypted HTTPS connection.
- Sending an encrypted email.
- Azure Active Directory (Azure AD) applications.
- Azure Active Directory (Azure AD) users.
- resource groups.
- virtual networks.
- Text message (SMS).
- Microsoft Authenticator app.
- Email verification.
- Phone call.
- Security question.
Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?
- Audit.
- Compliance Manager.
- Content Search.
- Alerts.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Automated investigation and remediation.
- Transport encryption.
- Shadow IT detection.
- Attack surface reduction.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Display policy tips to users who are about to violate your organization’s policies.
- Enable disk encryption on endpoints.
- Protect documents in Microsoft OneDrive that contain sensitive information.
- Apply security baselines to devices.
- Multi-factor authentication (MFA).
- Pass-through authentication.
- Password writeback.
- Single sign-on (SSO).
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
[...] provides a central location for managing information protection, information governance, and data loss prevention (DLP) policies.
- Azure Defender.
- Microsoft Purview compliance portal.
- The Microsoft 365 security center.
- Microsoft Endpoint Manager.
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
- Content Search.
- Sensitivity labels.
- Retention policies.
- eDiscovery.
- deep investigation tools.
- hunting search-and-query tools.
- playbooks.
- workbooks.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- an extended detection and response (XDR) system.
- an identity provider.
- a management group.
- a security information and event management (SIEM) system.
[...] can be used to provide Microsoft Support Engineers with access to an organization's data stored in Microsoft Exchange Online, SharePoint Online, and OneDrive for Business.
- Customer Lockbox.
- Information barriers.
- Privileged Access Management (PAM).
- Sensitivity labels.
What do you use to provide real-time integration between Azure Sentinel and another security source?
- Azure AD Connect.
- Log Analytics workspace.
- Azure Information Protection.
- A data connector.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users' risk level.
- Yes.
- No.
Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public.
- Yes.
- No.
Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user's risk level.
- Yes.
- No.
- Integration with the Microsoft 365 compliance center.
- Support for threat hunting.
- Integration with Microsoft 365 Defender.
- Support for Azure Monitor Workbooks.
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
- Conditional access policies.
- Azure AD Identity Protection.
- Azure AD Privileged Identity Management (PIM).
- Authentication method policies.
In software as a service (SaaS), applying service packs to applications is the responsibility of the organization.
- Yes.
- No.
In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider.
- Yes.
- No.
In all Azure Cloud deployment types, managing the security of information and data is the responsibility of the organization.
- Yes.
- No.
Applications registered in Azure Active Directory (Azure AD) are associated automatically to a [...].
- guest account.
- managed identity.
- service principal.
- user account.
[...] is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.
- Azure Advisor.
- Azure Bastion.
- Azure Monitor.
- Azure Sentinel.
[...] a file makes the data in the file readable and usable to viewers that have the appropriate key.
- Archiving.
- Compressing.
- Deduplicating.
- Encrypting.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
[...] is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats.
- Microsoft Cloud App Security.
- Microsoft Defender for Endpoint.
- Microsoft Defender for Identity.
- Microsoft Defender for Office 365.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- multi-factor authentication (MFA).
- a trust relationship.
- user account synchronization.
- a VPN connection.
- Azure Bastion.
- Azure Firewall.
- Network Security Group (NSG).
- Azure Bastion.
- Azure Firewall.
- Network Security Group (NSG).
[...] provides provides traffic filtering that can be applied to specific network interfaces on a virtual network.
- Azure Bastion.
- Azure Firewall.
- Network Security Group (NSG).
- Yes.
- No.
- Yes.
- No.
Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
Azure AD Identity Protection can be used to invoke Multi-Factor Authentication based on the users' risk level.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
What should you use to ensure that the members of an Azure Active Directory group use multi-factor authentication (MFA) when they sign in?
- Azure Active Directory (Azure AD) Identity Protection.
- A conditional access policy.
- Azure role-based access control (Azure RBAC).
- Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
- Yes.
- No.
Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises.
- Yes.
- No.
- Azure Application Insights.
- Azure Network Watcher.
- Log Analytics workspaces.
- Security baselines for Azure.
- a network interface.
- an Azure App Service web app.
- a virtual network.
- a virtual network subnet.
- a resource group.
Which two Azure resources can a network security group (NSG) be associated with? Each correct answer presents a complete solution.
- a network interface.
- an Azure App Service web app.
- a virtual network.
- a virtual network subnet.
- a resource group.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
Hybrid identity refers to the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD).
- Yes.
- No.
- Corrective.
- Detective.
- Preventative.
- Corrective.
- Detective.
- Preventative.
- Yes.
- No.
- Azure Files.
- Azure SQL Managed Instances.
- Azure virtual machines.
- Azure App Service.
- Yes.
- No.
Conditional access policies only affect users who have Azure Active Directory (Azure AD)- joined devices.
- Yes.
- No.
- analytic rules.
- hunting queries.
- playbooks.
- workbooks.
What are three uses of Microsoft Cloud App Security? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- to discover and control the use of shadow IT
- to provide secure connections to Azure virtual machines
- to protect sensitive information hosted anywhere in the cloud
- to provide pass-through authentication to on-premises applications
- to prevent data leaks to noncompliant apps and limit access to regulated data
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- Alerts.
- Application Insights.
- Policy.
- Azure AD Connect Health.
- Security Center (Microsoft Defender for Cloud).
- Security Center.
- Advisor.
- Monitor.
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
- Azure virtual machines.
- Azure Active Directory (Azure AD) users.
- Microsoft Exchange Online inboxes.
- Azure virtual networks.
- Microsoft SharePoint Online sites.
- Microsoft Secure Score.
- application security groups.
- Microsoft Defender for Cloud.
- Azure Defender.
- Azure Bastion.
- Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
- Microsoft Defender for Cloud.
- Microsoft Sentinel.
- Microsoft Defender for Cloud Apps.
- Microsoft 365 admin center.
- Microsoft 365 Defender portal.
- Microsoft 365 Purview.
- Microsoft 365 admin center.
- Microsoft 365 Defender portal.
- Microsoft 365 Compliance Center
- Microsoft Support portal.
- Create an eDiscovery hold.
- Run Express Analysis.
- Configure attorney-client privilege detection.
- Export and download results.
can be used to provide Microsoft Support Engineers with access to an organization's data stored in Microsoft Exchange Online, SharePoint Online, and OneDrive for
- Customer Lockbox.
- Information barriers.
- Privileged Access Management (PAM) Business.
- Sensitivity labels.
Microsoft Secure Score in the Microsoft 365 security center can provide o recommendations for Microsoft Cloud App Security.
- Yes.
- No.
From the Microsoft 365 security center, you can view how your Microsoft Secure Score compares to the score of organizations like yours.
- Yes.
- No.
Microsoft Secure Score in the Microsoft 365 security center gives you points if you address the improvement action by using a third-party application or software.
- Yes.
- No.
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?
- retention policies.
- data loss prevention (DLP) policies.
- conditional access policies.
- information barriers.
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
- access reviews.
- managed identities.
- conditional access policies.
- Azure AD Identity Protection.
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?
- the Microsoft Endpoint Manager admin center.
- Azure Cost Management + Billing.
- Microsoft Service Trust Portal.
- the Azure Active Directory admin center.
- Microsoft Defender for Cloud.
- Azure Blueprints.
- Microsoft Sentinel.
- Azure Policy.
When you enable security defaults in Azure Active Directory (Azure AD), [...] will be enabled for all Azure AD users.
- Azure AD Identity Protection.
- Azure AD Privileged Identity Management (PIM).
- multi-factor authentication (MFA).
[...] provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.
- Azure Blueprints.
- Azure Policy.
- The Microsoft Cloud Adoption Framework for Azure.
- A resource lock.
- Azure Active Directory admin center.
- Microsoft 365 compliance center.
- Microsoft 365 Defender portal.
- Microsoft Endpoint Manager admin center.
- Yes.
- No.
- Yes.
- No.
The Zero Trust security model assumes that a firewall secures the internal network from external threats.
- Yes.
- No.
- Authentication.
- Authorization.
- Federation.
- Single sign-on (SSO).
- Define the perimeter by physical locations.
- Use identity as the primary security boundary.
- Always verify the permissions of a user explicitly.
- Always assume that the user system can be breached.
- Use the network as the primary security boundary.
- Yes.
- No.
Microsoft Secure Score measures progress in completing actions based on controls that include key regulations and standards for data protection and governance.
- Yes.
- No.
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?
- Active Directory Federation Services (AD FS).
- Microsoft Sentinel.
- Azure AD Connect.
- Azure AD Privileged Identity Management (PIM).
- is stored on an external device.
- is stored on a local device only.
- is stored in Azure Active Directory (Azure AD).
- is replicated to all the devices designated by the user.
- Azure Active Directory (Azure AD).
- Azure AD Connect.
- on-premises Active Directory Domain Services (AD DS).
- fingerprint.
- facial recognition.
- PIN.
- email verification.
- security question.
You have an Azure subscription. You need to implement approval-based, time-bound role activation. What should you use?
- Windows Hello for Business.
- Azure Active Directory (Azure AD) Identity Protection.
- access reviews in Azure Active Directory (Azure AD).
- Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
- Yes.
- No.
- Yes.
- No.
Conditional access policies can force the use of multi-factor authentication (MFA) to access cloud apps.
- Yes.
- No.
When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced?
- All users must authenticate from a registered device.
- Administrators must always use Azure Multi-Factor Authentication (MFA).
- Azure Multi-Factor Authentication (MFA) registration is required for all users.
- All users must authenticate by using passwordless sign-in.
- All users must authenticate by using Windows Hello.
Which type of identity is created when you register an application with Active Directory (Azure AD)?
- a user account.
- a user-assigned managed identity.
- a system-assigned managed identity.
- a service principal.
- Configure external access for partner organizations.
- Export risk detection to third-party utilities.
- Automate the detection and remediation of identity based-risks.
- Investigate risks that relate to user authentication.
- Create and automatically assign sensitivity labels to data.
- are.
- have.
- know.
- share.
- Yes.
- No.
- Yes.
- No.
Windows Hello for Business authentication information syncs across all the devices registered by a user.
- Yes.
- No.
- Azure Active Directory (Azure AD) joined device
- managed identity
- service principal
- user identity
You can use [...] in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack.
- Reports.
- Hunting.
- Attack simulator.
- Incidents.
- Yes.
- No.
- Yes.
- No.
- deep investigation tools.
- hunting search-and-query tools.
- playbooks.
- workbooks.
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
- network security groups (NSGs).
- Azure AD Privileged Identity Management (PIM).
- conditional access policies.
- resource locks.
What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
- Attack simulator.
- Reports.
- Hunting.
- Incidents.
You have a Microsoft 365 E3 subscription. You plan to audit user activity by using the unified audit log and Basic Audit. For how long will the audit records be retained?
- 15 days.
- 30 days.
- 90 days.
- 180 days.
- alerts.
- events.
- vulnerabilities.
- Microsoft Secure Score improvement actions.
- PowerShell remoting.
- the Azure portal.
- the Remote Desktop Connection client.
- an SSH client.
- Microsoft Defender for Cloud Apps.
- Microsoft Defender for Identity.
- Microsoft Defender for SQL.
- Microsoft Defender for Office 365.
- Microsoft Defender for Storage.
- Microsoft Defender for SQL.
- Microsoft Defender for Endpoint.
- Microsoft Defender for IoT.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
- to restrict unauthenticated access to Microsoft 365.
- to restrict Microsoft Teams chats between certain groups within an organization.
- to restrict Microsoft Exchange Online email between certain groups within an organization.
- to restrict data sharing to external email recipients.
- Microsoft Defender for Cloud.
- Azure Blueprints.
- Microsoft Sentinel.
- Azure Policy.
Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, your storage, and more
- Yes.
- No.
- Yes.
- No.
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.
- Yes.
- No.
- Yes.
- No.
Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your Microsoft 365 subscription.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.
The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions.
- Yes.
- No.
Enabling multi-factor authentication (MFA) increases an organization's secure score in Microsoft Defender for Cloud.
- Yes.
- No.
Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?
- Microsoft Secure Score.
- AProductivity Score.
- Secure score in Azure Security Center.
- Compliance score.
- Corrective.
- Detective.
- Preventative.
- Corrective.
- Detective.
- Preventative.
- Corrective.
- Detective.
- Preventative.
- Yes.
- No.
- Yes.
- No.
- Yes.
- No.