SC-900 Preparation Exam (2023)

All Azure Active Directory (Azure AD) license editions include the same features.

You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal.

You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant.

_______________ provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.

__________ is used to identify, hold, and export electronic information that might be used in an investigation.

You can manage Microsoft Intune by using the _____________.

Federation is used to establish __________ between organizations.

Applying system updates increases an organization's secure score in Azure Security Center.

The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions.

Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center.

Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?

What do you use to provide real-time integration between Azure Sentinel and another security source?

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?

Verify explicitly is one of the guiding principles of Zero Trust.

Assume breach is one of the guiding principles of Zero Trust.

The Zero Trust security model assumes that a firewall secures the internal network from external threats.

Control is a key privacy principle of Microsoft.

Transparency is a key privacy principle of Microsoft.

Shared responsibility is a key privacy principle of Microsoft.

______ a file makes the data in the file readable and usable to viewers that have the appropriate key.

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

N a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?

You can create custom roles in Azure Active Directory (Azure AD).

Global administrator is a role in Azure Active Directory (Azure AD).

An Azure Active Directory (Azure AD) user can be assigned only one role.

Azure Active Directory (Azure AD) is deployed to an on-premises environment.

Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription.

Azure Active Directory (Azure AD) is an identity and access management service.

With Windows Hello for Business, a user's biometric data used for authentication

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

________ requires additional verification, such as verification code sent to a mobile phone.

Conditional access policies can use the device state as a signal.

Conditional access policies apply before first-factor authentication is complete.

Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application.

_______ is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats.

Microsoft Defender for Identity can identify advanced threats from ______________ signals.

Azure Active Directory (Azure AD) is _________ used for authentication and authorization.

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?

Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.

________ can use conditional access policies to control sessions in real time.

Azure DDoS Protection Standard can be used to protect ___________ .

What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?

You can use _______ in the Microsoft 365 security center to identify devices that are affected by an alert.

What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.

_______ Provides Network Address Translation (NAT) services.

_______ Provides secure and seamless Remote Desktop connectivity to Azure virtual machines.

_______ Provides traffic filtering that can be applied to specific network interfaces on a virtual network.

________ is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting and threat response.

Azure Defender can detect vulnerabilities and threats for Azure Storage.

Cloud Security Posture Management (CPSM) is available for all Azure subscriptions.

Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises.

You can use ________ in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack.

With Advanced Audit in Microsoft 365, you can identify when email items were accessed.

Advanced Audit in Microsoft 365 supports the same retention period of audit logs as core auditing.

Advanced Audit in Microsoft 365 allocates customer-dedicated bandwidth for accessing audit data.

Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users' risk level.

Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public.

Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user's risk level.

Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?

Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution.

Compliance Manager assesses compliance data __________ for an organization.

Sensitivity labels can be used to encrypt documents.

Sensitivity labels can add headers and footers to documents.

Sensitivity labels can apply watermarks to emails.

Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?

Compliance Manager tracks only customer-managed controls.

Compliance Manager provides predefined templates for creating assessments.

Compliance Manager can help you assess whether data adheres to specific data protection standards.

Azure Policy supports automatic remediation.

Azure Policy can be used to ensure that new resources adhere to corporate standards.

Compliance evaluation in Azure Policy occurs only when a target resource is created or modified.

What is a use case for implementing information barrier policies in Microsoft 365?

What can you use to provision Azure resources across multiple subscriptions in a consistent manner?