SC-900: Microsoft Security Compliance and Identity Fundamentals Part 3
Question #: 110
Topic #: 1
Which two cards are available in the Microsoft 365 Defender portal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Devices at risk
B. Compliance Score
C. Service Health
D. User Management
E. Users at risk
Question #: 111
Topic #: 1
What should you use to ensure that the members of an Azure Active Directory group use multi-factor authentication (MFA) when they sign in?
A. Azure role-based access control (Azure RBAC)
B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
C. Azure Active Directory (Azure AD) Identity Protection
D. a conditional access policy
Question #: 113
Topic #: 1
You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete the files from the site.
What should you apply to the site?
A. a retention policy
B. an insider risk policy
C. a data loss prevention (DLP) policy
D. a sensitivity label policy
Question #: 114
Topic #: 1
You need to create a data loss prevention (DLP) policy.
What should you use?
A. the Microsoft 365 Compliance center
B. the Microsoft Endpoint Manager admin center
C. the Microsoft 365 admin center
D. the Microsoft 365 Defender portal
Question #: 115
Topic #: 1
What is an assessment in Compliance Manager?
A. A policy initiative that includes multiple policies.
B. A dictionary of words that are not allowed in company documents.
C. A grouping of controls from a specific regulation, standard or policy.
D. Recommended guidance to help organizations align with their corporate standards.
Question #: 116
Topic #: 1
What can you use to view the Microsoft Secure Score for Devices?
A. Microsoft Defender for Cloud Apps
B. Microsoft Defender for Endpoint
C. Microsoft Defender for Identity
D. Microsoft Defender for Office 365
Question #: 120
Topic #: 1
What are customers responsible for when evaluating security in a software as a service (SaaS) cloud services model?
A. operating systems
B. network controls
C. applications
D. accounts and identities
Question #: 123
Topic #: 1
What does Conditional Access evaluate by using Azure Active Directory (Azure AD) Identity Protection?
A. user actions
B. group membership
C. device compliance
D. user risk
Question #: 124
Topic #: 1
Which statement represents a Microsoft privacy principle?
A. Microsoft manages privacy settings for its customers.
B. Microsoft respects the local privacy laws that are applicable to its customers.
C. Microsoft uses hosted customer email and chat data for targeted advertising.
D. Microsoft does not collect any customer data.
Question #: 127
Topic #: 1
Which compliance feature should you use to identify documents that are employee resumes?
A. pre-trained classifiers
B. Activity explorer
C. eDiscovery
D. Content explorer
Question #: 130
Topic #: 1
Which pillar of identity relates to tracking the resources accessed by a user?
A. authorization
B. auditing
C. administration
D. authentication
Question #: 131
Topic #: 1
What can be created in Active Directory Domain Services (AD DS)?
A. line-of-business (LOB) applications that require modern authentication
B. computer accounts
C. software as a service (SaaS) applications that require modern authentication
D. mobile devices
Question #: 134
Topic #: 1
What is a function of Conditional Access session controls?
A. enforcing device compliance
B. enforcing client app compliance
C. enable limited experiences, such as blocking download of sensitive information
D. prompting multi-factor authentication (MFA)
Question #: 136
Topic #: 1
What can you use to ensure that all the users in a specific group must use multi-factor authentication (MFA) to sign to Azure Active Directory (Azure AD)?
A. Azure Policy
B. a communication compliance policy
C. a Conditional Access policy
D. a user risk policy
Question #: 138
Topic #: 1
Which three authentication methods can Azure AD users use to reset their password? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. mobile app notification
B. text message to a phone
C. security questions
D. certificate
E. picture password
Question #: 141
Topic #: 1
Which security feature is available in the free mode of Microsoft Defender for Cloud?
A. threat protection alerts
B. just-in-time (JIT) VM access to Azure virtual machines
C. vulnerability scanning of virtual machines
D. secure score
Question #: 142
Topic #: 1
Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems?
A. Windows 10 and newer only
B. Windows 10 and newer and Android only
C. Windows 10 and newer and iOS only
D. Windows 10 and newer, Android, and iOS
Question #: 146
Topic #: 1
What is the maximum number of resources that Azure DDoS Protection Standard can protect without additional costs?
A. 50
B. 100
C. 500
D. 1000
Question #: 147
Topic #: 1
What are two reasons to deploy multiple virtual networks instead of using just one virtual network? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. to meet governance policies
B. to connect multiple types of resources
C. to separate the resources for budgeting
D. to isolate the resources
Question #: 149
Topic #: 1
You have an Azure subscription that contains multiple resources.
You need to assess compliance and enforce standards for the existing resources.
What should you use?
A. Azure Blueprints
B. the Anomaly Detector service
C. Microsoft Sentinel
D. Azure Policy
Question #: 150
Topic #: 1
Which Microsoft Defender for Cloud metric displays the overall security health of an Azure subscription?
A. secure score
B. resource health
C. completed controls
D. the status of recommendations
Question #: 153
Topic #: 1
You need to ensure repeatability when creating new resources in an Azure subscription.
What should you use?
A. Microsoft Sentinel
B. Azure Policy
C. Azure Batch
D. Azure Blueprints
Question #: 154
Topic #: 1
What is a characteristic of a sensitivity label in Microsoft 365?
A. encrypted
B. restricted to predefined categories
C. persistent
Question #: 163
Topic #: 1
What should you use to associate the same identity to more than one Azure virtual machine?
A. an Azure AD user account
B. a user-assigned managed identity
C. a system-assigned managed identity
D. an Azure AD security group
Question #: 165
Topic #: 1
Which three forms of verification can be used with Azure AD Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
NOTE: Each correct answer is worth one point.
A. security questions
B. the Microsoft Authenticator app
C. SMS messages
D. a smart card
E. Windows Hello for Business
Question #: 167
Topic #: 1
Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems?
A. Windows 10 and newer only
B. Windows 10 and newer and Android only
C. Windows 10 and newer and macOS only
D. Windows 10 and newer, Android, and macOS
Question #: 168
Topic #: 1
You have an Azure subscription that contains a Log Analytics workspace.
You need to onboard Microsoft Sentinel.
What should you do first?
A. Create a hunting query.
B. Correlate alerts into incidents.
C. Connect to your security sources.
D. Create a custom detection rule.
Question #: 173
Topic #: 1
You plan to move resources to the cloud.
You are evaluating the use of Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS) cloud models.
You plan to manage only the data, user accounts, and user devices for a cloud-based app.
Which cloud model will you use?
A. SaaS
B. PaaS
C. IaaS
Question #: 176
Topic #: 1
Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?
A. Adoption Score
B. Microsoft Secure Score
C. Secure score in Microsoft Defender for Cloud
D. Compliance score
Question #: 180
Topic #: 1
You have an Azure subscription.
You need to implement approval-based, time-bound role activation.
What should you use?
A. access reviews in Azure AD
B. Azure AD Privileged Identity Management (PIM)
C. Azure AD Identity Protection
D. Conditional access in Azure AD
Question #: 181
Topic #: 1
What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
A. Reports
B. Incidents
C. Hunting
D. Secure score
Question #: 185
Topic #: 1
Which portal contains the solution catalog?
A. Microsoft Purview compliance portal
B. Microsoft 365 Defender portal
C. Microsoft 365 admin center
D. Microsoft 365 Apps admin center
Question #: 189
Topic #: 1
When you enable Azure AD Multi-Factor Authentication (MFA), how many factors are required for authentication?
A. 1
B. 2
C. 3
D. 4
Question #: 195
Topic #: 1
Which Microsoft Purview solution can be used to identify data leakage?
A. insider risk management
B. Compliance Manager
C. communication compliance
D. eDiscovery
Question #: 197
Topic #: 1
Which solution performs security assessments and automatically generates alerts when a vulnerability is found?
A. cloud security posture management (CSPM)
B. DevSecOps
C. cloud workload protection platform (CWPP)
D. security information and event management (SIEM)
