SC-900: Microsoft Security Compliance and Identity Fundamentals Part 2
Question #: 48
Topic #: 1
You have an Azure subscription.
You need to implement approval-based, time-bound role activation.
What should you use?
A. Windows Hello for Business
B. Azure Active Directory (Azure AD) Identity Protection
C. access reviews in Azure Active Directory (Azure AD)
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Question #: 50
Topic #: 1
When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. All users must authenticate from a registered device.
B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.
D. All users must authenticate by using passwordless sign-in.
E. All users must authenticate by using Windows Hello.
Question #: 51
Topic #: 1
Which type of identity is created when you register an application with Active Directory (Azure AD)?
A. a user account
B. a user-assigned managed identity
C. a system-assigned managed identity
D. a service principal
Question #: 52
Topic #: 1
Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Configure external access for partner organizations.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.
Question #: 57
Topic #: 1
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
NOTE: Each correct selection is worth one point.
A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction
Question #: 65
Topic #: 1
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection
Question #: 67
Topic #: 1
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure virtual machines
B. Azure Active Directory (Azure AD) users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E. Microsoft SharePoint Online sites
Question #: 68
Topic #: 1
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?
A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model
Question #: 70
Topic #: 1
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint
Question #: 71
Topic #: 1
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
A. integration with the Microsoft 365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks
Question #: 72
Topic #: 1
What can you use to provide threat detection for Azure SQL Managed Instance?
A. Microsoft Secure Score
B. application security groups
C. Microsoft Defender for Cloud
D. Azure Bastion
Question #: 74
Topic #: 1
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
C. conditional access policies
D. resource locks
Question #: 77
Topic #: 1
What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
A. Attack simulator
B. Reports
C. Hunting
D. Incidents
Question #: 78
Topic #: 1
You have a Microsoft 365 E3 subscription.
You plan to audit user activity by using the unified audit log and Basic Audit.
For how long will the audit records be retained?
A. 15 days
B. 30 days
C. 90 days
D. 180 days
Question #: 79
Topic #: 1
To which type of resource can Azure Bastion provide secure access?
A. Azure Files
B. Azure SQL Managed Instances
C. Azure virtual machines
D. Azure App Service
Question #: 80
Topic #: 1
What are three uses of Microsoft Cloud App Security? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. to discover and control the use of shadow IT
B. to provide secure connections to Azure virtual machines
C. to protect sensitive information hosted anywhere in the cloud
D. to provide pass-through authentication to on-premises applications
E. to prevent data leaks to noncompliant apps and limit access to regulated data
Question #: 82
Topic #: 1
You need to connect to an Azure virtual machine by using Azure Bastion.
What should you use?
A. PowerShell remoting
B. the Azure portal
C. the Remote Desktop Connection client
D. an SSH client
Question #: 83
Topic #: 1
Which service includes the Attack simulation training feature?
A. Microsoft Defender for Cloud Apps
B. Microsoft Defender for Identity
C. Microsoft Defender for SQL
D. Microsoft Defender for Office 365
Question #: 84
Topic #: 1
Which type of alert can you manage from the Microsoft 365 Defender portal?
A. Microsoft Defender for Storage
B. Microsoft Defender for SQL
C. Microsoft Defender for Endpoint
D. Microsoft Defender for IoT
Question #: 86
Topic #: 1
Which two Azure resources can a network security group (NSG) be associated with? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a virtual network subnet
B. a network interface
C. a resource group
D. a virtual network
E. an Azure App Service web app
Question #: 87
Topic #: 1
What is a use case for implementing information barrier policies in Microsoft 365?
A. to restrict unauthenticated access to Microsoft 365
B. to restrict Microsoft Teams chats between certain groups within an organization
C. to restrict Microsoft Exchange Online email between certain groups within an organization
D. to restrict data sharing to external email recipients
Question #: 88
Topic #: 1
What can you use to deploy Azure resources across multiple subscriptions in a consistent manner?
A. Microsoft Defender for Cloud
B. Azure Blueprints
C. Microsoft Sentinel
D. Azure Policy
Question #: 91
Topic #: 1
Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?
A. Audit
B. Compliance Manager
C. Content Search
D. Alerts
Question #: 93
Topic #: 1
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?
A. retention policies
B. data loss prevention (DLP) policies
C. conditional access policies
D. information barriers
Question #: 95
Topic #: 1
In a Core eDiscovery workflow, what should you do before you can search for content?
A. Create an eDiscovery hold.
B. Run Express Analysis.
C. Configure attorney-client privilege detection.
D. Export and download results.
Question #: 96
Topic #: 1
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
A. Microsoft Service Trust Portal
B. Compliance Manager
C. Microsoft 365 compliance center
D. Microsoft Support
Question #: 97
Topic #: 1
What can you protect by using the information protection solution in the Microsoft 365 compliance center?
A. computers from zero-day exploits
B. users from phishing attempts
C. files from malware and viruses
D. sensitive data from being exposed to unauthorized users
Question #: 98
Topic #: 1
What can you specify in Microsoft 365 sensitivity labels?
A. how long files must be preserved
B. when to archive an email message
C. which watermark to add to files
D. where to store files
Question #: 102
Topic #: 1
Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Display policy tips to users who are about to violate your organization’s policies.
B. Enable disk encryption on endpoints.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
D. Apply security baselines to devices.
Question #: 105
Topic #: 1
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
A. Content Search
B. sensitivity labels
C. retention policies
D. eDiscovery
