SC-900
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Plan E. Define Strategy
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
A. access reviews
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution. NOTE: Each correct selection is worth one point.
A. automated investigation and remediation D. attack surface reduction Hide Solution
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point
A. fingerprint B. facial recognition C. PIN
when users sign in to the Azure portal, they are first ________
Authenticated
_______ is the process of identifying whether a signed-in user can access a specific resource
Authorization
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?
Azure AD Connect
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
Azure AD Privileged Identity Management (PIM)
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) ***Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common****
_____ enables collaboration with business partners from external organization such as suppliers, partners, and vendors. External users, appear as a guest users in the directory.
Azure Active directory (Azure AD) business-to-business (B2B)
Drag and Drop: Provides secure and seamless Remote Desktop connectivity to Azure virtual machines.
Azure Bastion
Drag and Drop: Provides network address translation (NAT) service
Azure Firewall
____ is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel
What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?
B. Reports
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?
C. Microsoft Service Trust Portal
Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?
Compliance score
_______ is used to identify, hold, and export electronic information that might be used in an investigation
Customer lockbox
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
D. the management of the physical hardware
What is the purpose of Azure Active Directory (Azure AD) Password Protection?
D. to prevent users from using specific words in their passwords
___________ a file makes the data in the file readable and usable to viewers that have the appropriate key.
Encrypting
You can use _________in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack.
Incidents
________ can use conditional access policies to control sessions in real time.
Microsoft Cloud App Security
_______ is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats.
Microsoft Defender for Identity
You can manage Microsoft intune by using the _______
Microsoft Endpoint Manager admin center
_______ requires additional verification, such as a verification code sent to a mobile phone
Multi-factor authentication (MFA)
Drag and Drop: Provides traffic filtering that can be applied to specific network interfaces on a virtual network
Network security group (NSG)
Conditional access policies only affect users who have Azure Active Directory (Azure AD)- joined devices
No
Shared responsibility is a key privacy principle of Microsoft
No
Yes or No All Azure Active Directory (Azure AD) license editions include the same features
No
Yes or No Azure Active Directory (Azure AD) is deployed to an on-premises environment
No
Yes or No Conditional access policies apply before first-factor authentication is complete
No
Yes or No Conditional access policies are evaluated before a user is authenticated
No
Yes or No Hybrid identity requires the implementation of two Microsoft 365 tenants.
No
Yes or No In software as a service (SaaS), applying service packs to applications is the responsibility of the organization.
No
Yes or No The Zero Trust security model assumes that a firewall secures the internal network from external threats.
No
Yes or No You must deploy Azure virtual machines to host Azure Active Directory (Azure AD) tenant
No
Yes or No An Azure Active Directory (Azure AD) user can be assigned only one role
No
Yes or No Conditional access policies always enforce the use of multi-factor authentication (MFA)
No
_______ provides benchmark recommendations and guidance
Security baselines for Azure
Applications registered in Azure Active Directory (Azure AD) are associated automatically to a __________
Service Principal
_________ provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment
The Microsoft Cloud adoption Framework for Azure
Azure DDoS Protection Standard can be used to protect _____
Virtual networks
In all Azure cloud deployment types, managing the security of information and data is the responsibility of the organization.
Yes
Yes or No Applying system updates increases an organization's secure score in Azure Security Center
Yes
Yes or No Assume breach is one of the guiding principles of Zero Trust.
Yes
Yes or No Azure AD Connect can be used to implement hybrid identify
Yes
Yes or No Azure Active Directory (Azure AD) is an identity and access management service
Yes
Yes or No Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription.
Yes
Yes or No Azure Defender can detect vulnerabilities and threats for Azure Storage
Yes
Yes or No Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises
Yes
Yes or No Cloud security Posture Management (CSPM) is available for all Azure subscriptions
Yes
Yes or No Conditional access policies can be applied to global administrators
Yes
Yes or No Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application
Yes
Yes or No Conditional access policies can use a device platform, such as Android or iOS, as a signal
Yes
Yes or No Conditional access policies can use the device state as a signal
Yes
Yes or No Control is a key privacy of Microsoft
Yes
Yes or No Digitally signing a document requires a private key.
Yes
Yes or No Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center
Yes
Yes or No Global administrator is a role in Azure Active Directory (Azure AD)
Yes
Yes or No Hybrid identity refers to the synchronization of Active Directory Domain Services (AD AS) and Azure Active Directory (Azure AD)
Yes
Yes or No In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider.
Yes
Yes or No Network Security groups (NSGs) can deny inbound traffic from the internet
Yes
Yes or No Network Security groups (NSGs) can deny outbound traffic to the internet
Yes
Yes or No Network Security groups (NSGs) can filter traffic based on IP address, protocol, and port.
Yes
Yes or No The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions
Yes
Yes or No Transparency is a key privacy principle of Microsoft
Yes
Yes or No Verify explicitly is one of the guiding principles of Zero Trust
Yes
Yes or No Verifying the authenticity of a digitally signed document requires the private key of the singer.
Yes
Yes or No Verifying the authenticity of a digitally signed document requires the public key of the signer
Yes
Yes or No You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal.
Yes
Yes or No you can create custom roles in Azure Active Directory (Azure AD)
Yes
Yes or No Conditional access policies can be used to block access to an application based on the location of the user
Yes
What do you use to provide real-time integration between Azure Sentinel and another security source?
a connector
Federation is used to establish ________ between organizations
a trust relationship
Azure Active Directory (Azure AD) is ____________used for authentication and authorization
an identity provider
What is an example of encryption at rest?
encrypting a virtual machine disk
you can use ______ in the Microsoft 365 security center to identify devices that are affected by an alert.
incidents
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
information batteries
With Windows Hello for Business, a user's biometric data used for authentication _______
is stored on a local device only
When you enable security defaults in Azure Active Directory (Azure AD), ________ will be enabled for all Azure AD users.
multi-factor authentication (MFA)
Microsoft Defender for identity can identify advanced threats from ____________
on-premises Active Directory Domain Services (AD DS)
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
text message (SMS) Microsoft Authenticator app phone call
