Missed SC900
What is the maximum time frame for which you can retain audit logs in Microsoft 365?
10 years
To protect your Azure AD accounts with privileged roles, you enable MFA for 7 of 10 privileged accounts.How many points does your action contribute to the Microsoft Secure Score if the maximum score for this improvement action is 10? None of the above 7 0 10
7
Which of the following is TRUE about ARM templates & Azure Blueprints? a. With ARM templates, there is an active connection between 'what should be deployed' and 'what was deployed. b. The ARM templates can deploy everything that an Azure Blueprint deploys. c. Azure Blueprints help in tracking & auditing deployments
B & C
Which of the following is NOT an identity governance feature in Azure Active Directory? Access Reviews Entitlement management Conditional Access Privileged Identity Management
Conditional Access
Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained? Controls that both external regulators and Microsoft share responsibility for implementing. Controls that both your organization and external regulators share responsibility for implementing. Controls that both your organization and Microsoft share responsibility for implementing.
Controls that both your organization and Microsoft share responsibility for implementing.
Which of the following scenarios is BEST applicable for access packages in Entitlement Management? For IT teams who manage access policies for the other project teams For managing access to privileged roles in your organization For managing access requests for users only in the connected organizations For project teams who wish to manage access to their resources
D. For project teams who wish to manage access to their resources
An organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited to managing user access to this organization's resources? Azure Terms of Use. Dynamic groups. Entitlement management.
Entitlement Management
Read the following two statements and select whether they are TRUE/FALSE. Privileged access management (PAM) is defined at the role level Privileged identity management (PIM) applies protection at the task level
False False PIM is role level PAM is task level
Acronym for Zero Trust Model?
Identities Network Devices Data Infrastructure Applications
For SharePoint Online, who is responsible for applying service packs as per the shared responsibility model?
Microsoft
An organization needs to continuously monitor the security status of its network. What Security Center tool would they use? Continuous assessment. Network map. Network assessment.
Network Map
Which of the following is NOT a type of identity? Users Services Devices Networks
Networks
In Microsoft 365 Defender, can you proactively find threats across devices, emails, apps, and identities with hunting?
No. Its called "advanced hunting" in 365 Defender
Where does passthrough authentication happen?
On-Prem AD
If you need to write back passwords to the on prem AD what edition of Zure AD do you need at a minimum?
P1
Which edition of Azure AD gives you PIM?
P2
Bastion is a(n) IaaS PaaS SaaS
PaaS
Which of the following is NOT an authentication method used to achieve hybrid identity? Federation Password hash synchronization Pass-through authentication Pass-through synchronization
Passthrough Synchronization
Do you connect to Bastion over private or public IP?
Private
Difference between Azure AD registered and joined?
Registered - personal devices (win 10 iOS/Android/Mac) Joined - org owned and cloud based Hybrid - org owned....cloud/on-prem based (Win 7 and up. server 2008 and up)
IT admins have been asked to review Azure AD roles assigned to users, to improve organizational security. Which of the following should they implement? Remove all global admin roles assigned to users. Create custom roles. Replace global admin roles with specific Azure AD roles.
Replace global admin roles with specific Azure AD roles.
What are "non-sanctioned apps" also known as?
Shadow IT
What's the difference between a system-assigned managed identity & a user-assigned managed identity?
System-assigned managed identity is created as part of an Azure resource; User-assigned managed identity is created as a standalone resource
Which of the following encrypts data at rest in Azure Data Warehouse? Transparent Data Encryption (TDE) Azure Disk Encryption Azure Storage Service Encryption Azure Key vault
TDE
How do you connect to bastion?
TLS
How is activity explorer helpful to a compliance administrator? To view how people are interacting with their content To find out the types of content searched by the users To verify if the established policies/controls are effective To check the activities of the privileged users
To verify if the established policies/controls are effective
Which of the following are examples of Microsoft Trust principle? Control Privacy Transparency Security Strong legal protections
Transparency Security Strong legal protections Control
You are planning to make use of Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure Virtual Machine?
Yes
Can you protect iOS with Defender for Endpoint?
Yes. as well as android, windows 10/server, linux, and macOS
Which of the following defense in depth layer implements the Availability concern of the CIA principle? Perimeter Data Identity and access Physical security
perimeter
Where can you track the protection status of your organization's identities, devices, and data in the Microsoft 365 Security Center? Action center Reports Classification Incidents
reports
As part of a new data loss prevention policy, the compliance admin needs to be able to identify important information such as credit card numbers, across the organization's data. How can the admin address this requirement? Use activity explorer Use sensitivity labels Use sensitive information types
sensitive information types