In this article i am gone to share Coursera Course: Microsoft SC-900 Exam Preparation and Practice | Week 6 | SC-900 Mock Exam Answers with you..

Enrol Link:  Microsoft SC-900 Exam Preparation and Practice

 

SC-900 Mock Exam Answers

Question 1)
Which two additional forms of authentication are available in Azure Active Directory for multi-factor authentication (MFA) from any device? Select all that apply.

• Facial recognition
• Fingerprint recognition
• Voice call
• Text message (SMS)

Question 2)
Which services can act as Security Information and Event Management (SIEM) and Security Orchestrated Automated Response (SOAR)?

• Azure Monitor
• Microsoft Defender
• Microsoft Bastion
• Microsoft Sentinel

Question 3)
Which services from the Defender suite could be considered a cloud access security broker (CASB)?

• Defender for storage
• Defender for Cloud
• Defender for Office 365
• Defender for Kubernetes

Question 4)
In the shared security model, which of the following is always the customer’s responsibility in a software as a service (SaaS) application?

• Authentication functionality
• Operating system
• User accounts
• Applications

Question 5)
Which pillar in the identity infrastructure is responsible for verifying that the identity provided for a user is who they say they are?

• Authentication
• Administration
• Audit
• Authorization

Question 6)
Which of the following elements feature in Microsoft’s six privacy principles? Select all that apply.

• Content-based targeting
• Limited control
• Security
• Strong legal protection

Question 7)
What type of control is used in Microsoft Purview Compliance Manager?

• Microsoft-managed control
• Micro control
• Third-party control
• Application control

Question 8)
Which of the following is a goal of the Microsoft Purview Data Lifecycle?

• Backup your data
• Label your data
• Classify your data
• Analyze your data

Question 9)
Which of the following are considered broad areas of compliance? Select all that apply.

• Legal risk
• Privacy risk
• Public risk
• Property risk

Question 10)
Which of the following features found in Microsoft Purview organizes and manages metadata for efficient data discovery and understanding?

• Data Catalog
• SaaS applications
• Power Bi
• SQL Server

Question 11)
What are information barriers?

• Obstacles preventing different systems from efficiently communicating.
• Lack of inter-operability resulting from different software vendors not having compatible systems.
• A breakdown of efficient management and control between management groups and resource groups.
• The limiting of the flow of information between users and groups within an organization

Question 12)
Which Azure Active Directory security measure is designed to prevent unauthorized access to sensitive data and resources in a Microsoft 365 environment?

• Self-service password reset (SSPR)
• Conditional Access
• Identity protection
• Microsoft Entra Password Protection

Question 13)
Which of the following are sign-on risks? Select all that apply.

• Atypical travel
• Anonymous IP address
• Role
• Protocol attack

Question 14)
Which of the following features prevent bilateral movement within an organization? Select all that apply.

• Role-based access control (RBAC)
• Microsoft Defender
• Privileged Identity Management (PIM)
• Conditional Access

Question 15)
Which of the following services are subsets of Microsoft Purview? Select all that apply.

• Privileged Identity Management (PIM)
• Security Operations Center
• Activity Explorer
• Content Explorer

Question 16)
What services can be found by navigating from Microsoft 365 Admin Center? Select all that apply.

• Microsoft 365 Defender portal
• Microsoft Sentinel portal
• Microsoft Cloud Security Benchmark (MCSB)
• Microsoft Purview portal

Question 17)
What does the compliance score evaluate?

• A reflection of actions taken by an organization to meet industry and security standards.
• The speed at which a company can deploy security measures
• A metric reflecting an organization’s ability to reach customers
• The complexity of security measures a company deploys

Question 18)
Which of the following services are designed to adhere to inter-departmental communication Select all that apply.

• eDiscovery
• Communication Compliance
• Data Loss Protection
• Information barriers

Question 19)
What would you use to ensure that you are not storing customer credit card information in your data dumps?

• Trainable Classifiers
• Activity Explorer
• Sensitive info types
• Content Explorer

Question 20)
What are some of the negative aspects of holding data lakes? Select all that apply.

• They can be used to extract additional information about customer habits.
• Not knowing information found in the data lake means that it may not have any value.
• The have the potential to hold legal repercussions if not stored correctly.
• They can be mined when it is clearer what a company is looking for.

Question 21)
Which of the following provides a secure means of presenting an endpoint to the public?

• Microsoft Defender
• Microsoft Purview
• Azure Bastion
• Azure Firewall

Question 22)
Which services are most closely connected with remote desktop protocol (RDP) and Secure Shell (SSH) protocols?

• Microsoft Defender
• Azure Bastion
• Azure Identity Protection (AIP)
• Microsoft Sentinel

Question 23)
Which of the following are created expressly for data governance?

• Azure Active Directory
• Azure Policy
• Azure Identity and Access control
• Azure Blueprints

Question 24)
Which of the following accurately reflects Insider risk management?

• Implementing security measures that minimize the actions a hacker can take having gained access to an organization.
• configuring sensitive data so that it is more difficult to move from one resource to another.
• Preventing inappropriate sharing of company data intentionally or unintentionally.
• Vetting employees strictly to avoid hiring individuals who are intent on compromising a company.

Question 25)
Which of the following most accurately describes Azure Blueprints?

• A list of compliance requirements to be consulted when designing new services.
  
• An outline on how various Azure resources will communicate.
• A tool for creating repeatable sets of Azure resources aligned with standards and requirements.
• An outline of the configuration required to enable compliant communication.

Question 26)
What is the maximum number of network groups that can be associated with a Network Security Group (NSG)?

• 1
• 2
• 4
• 3

Question 27)
Which of the following are instances of Microsoft Defender? Select all that apply.

• Defender for Storage
• Defender for Endpoints
• Defender for Resources
• Defender for Virtual Networks

Question 28)
Which of the following statements best describes a Control domain?

• The means in which Active Directory Domain Services communicates.
• a conceptual framework that encapsulates and categorizes various security-related features, settings, and practices within the Microsoft ecosystem.
• The area where the security operation center is housed.
• The central planning division of the security team.

Question 29)
Which of the following features requires Microsoft Defender for Cloud enhanced features?

• Threat protection
• Phishing
• Malware
• Cloud workload protections

Question 30)
Complete the following sentence. When it comes to the Zero Trust motto, “Trust no one, ___________ everything.”

• Verify
• Defer
• Delegate
• Accept

Question 31)
Which of the following techniques is used to ensure that a message has not been tampered with while in transit?

• Asymmetric encryption
• Hashing
• A cypher
• Symmetric encryption

Question 32)
Which of the following features is present in Azure Active Directory (AD) but absent in Active Directory Domain Services? Select all that apply.

• Access management
• Support for Modern authentication methods
• Identity management
• Integration with SaaS applications

Question 33)
What is the correct order of events within Microsoft’s Insider risk management workflow?

• Triage, Policy, Action, Investigate, Alerts
• Policy, Alerts, Triage, Investigate, Action
• Action, Triage, Investigate, Alerts, Policy
• Alerts, Investigate, Action, Policy, Triage

Question 34)
Which of the following most accurately describes Azure Active Directory?

• Infrastructure as a Service (IaaS)
• Software as a Service (SaaS)
  
• Identity as a Service (IDaaS)
• Platform as a Service (PaaS)

Question 35)
True or False: Erratic travel behavior triggers an alert on your company network.

• True
• False

Question 36)
Which service acts as an intermediary for services that are on-premises and cloud-based?

• Azure AD Pass-through Authentication
• Azure AD Password Hash Synchronization
• Azure AD Connect
• Federated Access

Question 37)
A user that has logged onto a system using a registered device that is configured with multi-factor authentication (MFA) is asked for a second verification method. Which of the following are acceptable as the second verification method? Select all that apply.

• Password
• Secondary mobile device
• Key fob
• Retina scan

Question 38)
Which of the following licenses allow you to configure writeback for self-service password reset (SSPR)? Select all that apply.

• Office 365 Apps
• Azure AD Premium P2
• Azure AD free edition
• Azure AD Premium P1

Question 39)
Which of the following principles does Microsoft employ to manage data?

• Transparency regarding data collection and usage
• Data monetization for profit
• Content-based targeting for advertising.

Question 40)
Which components are inherently multi-regional and require no modification in the proposed geographically distributed architecture?

• Azure Blob Storage
• Azure DNS
• Azure Application Gateway

Question 41)
True or False: In Microsoft Purview Records management, a regulatory label can be easily removed once an item has been marked as a regulatory record.

• True
• False

Question 42)
Which of the following best describes the role of data labeling in the data protection process?

• Tagging data with meaningful identifiers to make it easily discernible and retrievable.
• A visual representation of how data is spread across a system.
• Organizing data into specific shelves based on its nature.

Question 43)
True or False: Windows hello for Business runs on the Mac.

• True
• False

Question 44)
Which of the following solutions are the best means of ensuring that authentication is secure?

• Complex passwords
• Azure AD password protection
• Multi-factor authentication (MFA)
• Banned password list

Question 45)
In which of the following ways can Conditional Access policies be described?

• While the condition is not met.
• IF – THEN statements
• Continue until the condition is met.
• Stop, no condition

Question 46)
What is the minimum available license that can be used to configure granular scope settings in Azure Active Directory (AD)?

• Premium P1
• Premium P2
• Microsoft Office 365 Apps.
• Azure AD Free Edition.

Question 47)
Which of the following Microsoft Purview features enable you to govern your data?

• Data sharing
• Data estate insights
• Data policy
• Data catalog

Question 48)
Which services best facilitate a smooth integration between Azure AD and your on-premises AD?

• Active Directory Federated Services (AD FS)
• Microsoft Defender
• Azure Active Directory
• Azure AD Connect

Question 49)
What tool can be integrated with Azure Workbooks to gain insight into threat attacks?

• Microsoft Sentinel
• Azure Key Vault
• Azure Bastion
• Microsoft Defender

Question 50)
Which of the following would be most appropriately used by a company looking to ensure that an item’s label cannot be altered once applied?

• Retention label
• Regulatory Record
• Sensitivity label
• Records label

 

---

 

Question 51)
Which of the following helps achieve the defense in depth strategy?

• Multi-factor authentication (MFA)
• Single sign-on
• ISO standards
• Identity as a perimeter

Question 52)
Which of the following is a goal of the Microsoft Purview Data Lifecycle?

• Know your data
• Plot your data
• Store your data
• Visualize your data

Question 53)
Through which of the following services would you likely find the Compliance Manager?

• Microsoft Purview
• Microsoft Sentinel
• Microsoft Azure
• Microsoft Defender

Question 54)
Where can one find the Compliance Manager?

• Azure Active Directory
• Microsoft Defender portal
• Admin 365 Security Center
• Microsoft Sentinel portal

Question 55)
When would you employ information barriers?

• To prevent some roles without sufficient permissions from accessing sensitive information
• To prevent sensitive company data from leaking
• To prevent different departments from sharing information
• To preserve company intellectual property

Question 56)
Which of the following is most appropriate for allocating short-term access to resources?

• Roles
• Groups
• Managed identity
• External identities

Question 57)
Which of the following roles can affect changes in Azure AD?

• Exchange Administrator
• Exchange Server Administrator
• SQL Server Administrator
• Power BI Administrator

Question 58)
There are various templated Conditional Access policy templates that are divided into five categories. Which of the following are categories associated with Conditional Access? Select all that apply.

• Protect administrator
• Secure foundations
• Highest privilege
• Service principal

Question 59)
In Microsoft 365, what is the primary purpose of Content Explorer?

• Content classification and labeling
• Activity monitoring and analysis
• Content search and discovery
• Data loss prevention (DLP) policy enforcement

Question 60)
Which of the following tasks is Microsoft Purview portal best suited for?

• Ensuring compliance
• Housing various industry standards
• Generating security scores
• Overseeing access and control

Question 61)
Which of the following best describes using Sensitivity label types to sensor data?

• Machine learning
• Automated pattern recognition
• Artificial Intelligence
• Manual filtering

Question 62)
Which of the following would be used if a company needs to gather information in a legal case?

• Content Explorer
• Communication Compliance
• eDiscovery
• Activity Explorer

Question 63)
What is the role of just-in-time access (JIT)?

• Just-in-time access means that a user can only access resources during work hours.
• Just-in-time access relates to access allocation time where a user is only allocated access to the resources when project is scheduled to start.
• Just-in-time access relates to productivity, where a gantt chart determines how long a user has access and it is only retained for this length.
• Just-in-time access relates to permissions where a user is only allowed access to the resources for the length of time that is required to complete a project.

Question 64)
Which of the following accurately reflects Microsoft’s workflow for Insider risk management?

• Policy, alerts, triage, investigate, action
• Action, policy, alerts, triage, investigate
• Investigate, action, policy, alerts, triage
• Alerts, triage, investigate, action, policy

Question 65)
Which of the following services can Microsoft Defender provide? Select all that apply.

• Threat protection Alerts
• Storing keys and certificates for authentication and verification purposes.
• Tracking compliance
• Visualization of logs gathered from various resources and integrated into one central location.

Question 66)
How many keys are used in symmetric encryption to encrypt and decrypt messages?

• 2
• 3
• 1
• 4

Question 67)
Which of the following applications best suits an organization wanting to create an authentication gateway for their organization that allows the integration of Azure solutions, software as a service (SaaS) and threat intelligence to protect their system.

• Social media accounts such as Facebook or Instagram
• Azure Active Directory
• Active Directory
• Email accounts such as Google

Question 68)
What options are available to investigators in the Case dashboard, in an active triage?

• User associations, content labels, case notes
• Legal implications, triage history, user history
• Content explorer, activity explorer, sensitivity labels, retention notes.
• User activity analysis, content exploration, case notes

Question 69)
To which of the following solutions is Azure Active Directory considered to be a successor?

• Active Directory Domain Services
• Azure Dynamic 365
• Microsoft Office 365
• Microsoft Intune

Question 70)
Which of the following services allows you to compare an on-premises and cloud-based password in real time?

• Azure AD Password Hash Synchronization
• Azure AD Connect
• Federated Access
• Azure AD Pass-through Authentication

Question 71)
Which of the following are acceptable means of validating your identity for self-service password reset? Select all that apply.

• Email
• Retina scan
• Security question
• Key fob

Question 72)
True or False: Azure Traffic Manager operates at the network application layer and uses HTTP and HTTPS properties for filtering and routing.

• True
• False

Question 73)
What happens when an item is declared a record using a retention label in Microsoft Purview’s Records management?

• The item becomes publicly accessible to all members of the organization.
• The item is automatically deleted after a set period.
• Restrictions are placed on the item, additional activities about the item are logged, and there is proof of disposition when the item is deleted at the end of its retention period.

Question 74)
True or False: Microsoft Purview only provides tools for data labeling but not for classification.

• True
• False

Question 75)
Which open-source authentication standard works by creating a once-off access code that regenerates after a short period?

• Open authentication (OATH)
• Window Hello for business
• Fast Identity Online (FIDO)
• Self-service password reset (SSPR)

Question 76)
True or False: With a hybrid environment it is necessary to change passwords stored on-premises and update the cloud-based ones to ensure passwords are available on both locations.

• True
• False

Question 77)
In which of the following ways can Conditional Access policies be described?

• Continue until the condition is met.
• IF – THEN statements
• Stop, no condition
• While the condition is not met.

Question 78)
Which of the following are service-specific roles found in Azure AD?

• Intune Administrator
• Exchange Administrator
• Teams Administrator
• Global Administrator

Question 79)
Which of the following descriptions best describes Microsoft Purview Policy?

• A feature that facilitates secure and collaborative data sharing within an organization.
• A feature that provides a comprehensive view of an organization’s data estate, including types, sources, storage, and usage.
• A feature that organizes and manages metadata for efficient data discovery and understanding.
• A feature designed to establish and enforce policies governing data within an organization.

Question 80)
Which of the following services are interoperable and can run on Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)?

• Azure Security Center
• Azure Key Vault
• Microsoft Defender
• Shadow IT

Question 81)
Which services apply a Data Lifecycle Management approach for managing sensitive and business-critical data?

• Azure Active Directory Domain Services.
• Microsoft Sentinel
• Azure AD Connect
• Microsoft Purview

---

 

Question 82)
Which of the following services performs actions that collect, detect, investigate, and respond?

• Azure Monitor
• Microsoft Defender
• Microsoft Sentinel
• Microsoft Bastion

Question 83)
Which of the following are considered pillars of cloud access security broker (CASB)? Select all that apply.

• Accessibility
• Visibility
• Compliance
• Integrity

Question 84)
Which pillar in the identity infrastructure is responsible for processing the identity data and determining how much access to provide?

• Audit
• Authorization
• Authentication
• Administration

Question 85)
Which of the following is a control used in Microsoft Purview Compliance Manager?

• Shared controls
• Identity control
• Scope control
• Central Controls

Question 86)
Which service is a compliance score typically associated with?

• Microsoft Defender
• Microsoft Purview
• Microsoft Azure
• Microsoft Sentinel

Question 87)
Which of the following tools would you use to identify where in an organization the content is, which content is inappropriate, and which employee activities were carried out?

• Content Explorer
  Content Explorer is a tool designed to track and explore user activities within an organization. It allows you to investigate and understand the actions taken by users, providing insights into their behavior and the context surrounding content usage. Content Explorer and Sensitivity labels focus more on exploring content and categorizing the nature of the information, respectively. Machine learning is a broad term relating to how some of these tools learned how to perform these tasks.
• Activity Explorer
• Machine learning
• Sensitivity labels

Question 88)
When Azure policy is applied to existing resources and non-compliant resources are flagged, what action is taken?

• The resource is deactivated until the issue is resolved.
• The resource is already running efficiently so it is ignored, changes are only made to new resources.
• The policy is updated to reflect existing standards.
• The resource is flagged for manual review.

Question 89)
True or False: An administrator looking to enforce templated standardized approach to policies and configurations would choose an Azure Resource Manager (ARM) template over an Azure Blueprint.

• True
• False

Question 90)
Given a selection of rules, namely, allowAllinboundpriority 1000, DenyAllInbound priority 2000, and AllowHttpInbound priority 3000, what would the processing order be for a request attempting to access a service using port 2020?

• AllowAllInbound (Priority: 1000) -> DenyAllInbound (Priority: 2000) -> AllowHttpInbound (Priority: 3000)
• DenyAllInbound (Priority: 2000) -> AllowAllInbound (Priority: 1000) -> AllowHttpInbound (Priority: 3000)
• AllowHttpInbound (Priority: 3000) -> DenyAllInbound (Priority: 2000) -> AllowAllInbound (Priority: 1000)

Question 91)
Which service uses Azure Security Benchmark as input for their standard of controls and best practices?

• Microsoft Identity Management
• Key Vault
• Microsoft Defender
• Azure Bastion

Question 92)
Which of the following would be considered a core Zero Trust guiding principle? Select all that apply.

• Higher privilege wins
• Encryption is key
• Least privileged access
• Verify Explicitly

Question 93)
What is the role of Azure Active Directory?

• To store usernames
• To raise alerts when identities attempt to access resources.
• To manage identity and access of an organization’s network.
• To ensure that applications have a secure score and are safe to go online.

Question 94)
Which of the following are concerns of Insider risk management?

• Regulatory Compliance Violations
• Malware
• Poor Authentication procedure
• Insider Trading

Question 95)
Which of the following could cause you to be flagged as a high-risk sign-in?

• You often log into work late.
• You have been flagged for inappropriate comments in Microsoft Teams messages.
• You often work from home.
• You log in from an unusual location.

Question 96)
When logging onto a system, a user already provides a password, but what is an appropriate second factor that could be used in a system configured with multi-factor authentication (MFA)? Select all that apply.

• Security question
• PIN
• Fingerprint
• Key fob

Question 97)
True or False: Microsoft uses email, chat, files, or other personal content to target advertising.

• True
• False

Question 98)
You are a data compliance officer at a multinational corporation. Recently, there’s been an emphasis on understanding data distribution and setting up triggers for anomalies. Which tool from Microsoft would best serve this purpose?

• Microsoft Purview Data Map.
• Microsoft data classification dashboard.
• Microsoft 365 Data Management.

Question 99)
Which of the following would you use to avoid unintentionally sharing company data with external parties?

• Classification labels
• Blueprint Policies
• Information Barriers
• Data Loss Protection (DLP)

Question 100)
In the shared security model, which of the following is the customer responsible for when accessing a platform as a service (PaaS) package? Select all that apply.

• Network controls
• User accounts
• Operating systems
• Physical hosts

---

 

Question 101)
Which pillar in the identity infrastructure is responsible for generating alerts and reports on the governance of identities?

• Administration
• Authorization
• Audit
• Authentication

Question 102)
Which of the following is a goal of the Microsoft Purview Data Lifecycle?

• Group data
• Store your data
• Govern data
• Exploit data

Question 103)
Which of the following is designed to protect applications in the cloud?

• Azure Key Vault
• Microsoft Defender
• Azure Active Directory
• Privileged Identity Management (PIM)

Question 104)
Which of the following definitions explains what data lineage in Microsoft Purview means?

• The term that specifically denotes tracking and visualizing the movement of a document throughout its lifecycle within an organization.
• The overall view of an organization’s data ecosystem, including types, sources, storage, and usage.
• The practice of categorizing and labeling data based on its sensitivity, importance, or regulatory requirements.
• Identifying, locating, and retrieving relevant data within an organization’s datasets.

Question 105)
Which of the following best represents the four components of Defender for Endpoint?

• Blocking, tracking, analysis, resolution.
• Shielding, monitoring, assessment, mitigation.
• Hindrance, identification, scrutiny, rectification.
• Prevention, detection, investigation, responding.

Question 106)
Which industry standards can be found in the Microsoft Cloud Security Benchmark (MCSB)?

• CIS (Center for Internet Security)
• DNS (Domain Name System)
• RBAC (Role-Based Access Control)
• GDPR (General Data Protection Regulation)

Question 107)
Which of the following are sources of information for Microsoft Threat Intelligence? Select all that apply.

• Google accounts
• Xbox logs
• Microsoft accounts
• Email accounts

Question 108)
Imagine you’re the Chief Information Officer (CIO) of a company planning to use Microsoft services. Your board members are concerned about data privacy and ask if Microsoft will use the company’s emails and chats for advertising purposes. Which of the following options would you use to respond to the board?

• Microsoft pledges not to use email, chat, or any personal content for targeted advertising.
• Microsoft might use our emails for targeted ads but will seek our consent first.
• Microsoft uses all personal content, including emails and chats, for its advertising strategies.

Question 109)
You are the lead architect for a company’s shipment tracking portal. Your team is concerned about regional vulnerabilities and wants to replace a component bound to a single region. It must have a service that can handle traffic from multiple app services and manage failover from one Azure region to another. Based on this scenario, which Azure service would you recommend?

• Azure Application Gateway
• Azure Front Door
• Azure Traffic Manager

Question 110)
Which of the following are acceptable means of validating in Microsoft Authentication Application? Select all that apply.

• Pin
• Retina Scan
• Fingerprint
• Password

Question 111)
Which of the following are actions that can be taken by a Conditional Access policy? Select all that apply.

• Block access.
• Requesting the user complete a captcha.
• Rerouting the user to another log-in request.
• Request multi-factor authentication (MFA).

Question 112)
Which of the following is a specific Azure Active Directory (AD) Role?

• User Administrator
• SQL Server Administrator
• Farm Administrator
• Exchange Server Administrator

Question 113)
Which Microsoft Defender service is best suited to secure SaaS applications?

• Microsoft Defender for Endpoint
• Microsoft Defender for Storage
• Microsoft Defender for Office 365
• Microsoft Defender for cloud apps

Question 114)
In Microsoft’s Purview, what would you use to identify credit cards in customer data?

• Content explorer
• Classification labels
• Retention labels
• Sensitive information types

Question 115)
Which feature of Azure Active Directory allows you create a role with set permissions that align with common tasks?

• Multi-factor authentication (MFA)
• Role-based access control (RBAC)
• Templated roles
• Conditional Access

Question 116)
Complete the following sentence. The capacity to plot all the locations that a document has been in an organization is known as __________________?

• Data classification
• Data discovery
• Data lineage
• Data landscape

Question 117)
What service would you use to enforce communication compliance in messages sent on Microsoft Teams?

• Microsoft Sentinel
• Microsoft Defender
• Microsoft Purview
• Microsoft Exchange online

Question 118)
Which of the following can be accessed when Network Security Groups are used to encapsulate rules?

• Roles
• Resource Groups
• Virtual Networks
• Azure Bastion

Question 119)
Which of the following aligns with the Zero Trust security model?

• That an intruder has already breached the system.
• That the responsibility of protecting a network should be shared.
• That authentication and authorization are a means of protecting a network.
• That an organization’s internal systems should be open and accessible to all only upon verification.

Question 120)
How many keys are used in asymmetric encryption to encrypt and decrypt messages?

• 1
• 4
• 3
• 2

Question 121)
Which license is required to access comprehensive Identity Protection?

• Premium P2
• Office 365 Apps
• Azure AD Free Edition
• Premium P1

Question 122)
True or False: It is possible to configure a system so that a user can reset their password without any administrator intervening.

• True
• False

Question 123)
Which of the following is a Distributed Denial of Service Attack? Select all that apply.

• Dictionary Attack
• Protocol Attack
• Man in the middle Attack.
• Volumetric Attack

Question 124)
Which services can be integrated with Microsoft Playbook for automated responses?

• Microsoft Defender
• Microsoft Sentinel
• Microsoft Bastion
• Azure Monitor

Question 125)
Which of the following components are protected by Microsoft Defender? Select all that apply.

• Firewalls
• Key Vault
• Endpoints
• Emails

Question 126)
Which of the following authentication methods is used solely for self-service password reset (SSPR) to establish an entity’s identity?

• One-time password (OTP)
• Biometric features
• Security questions
• Password

Question 127)
Which service hardens resources, identifies threats, and secures endpoints?

• Defender for Cloud
• Azure AD Connect
• Azure Active Directory
• Active Directory Federated Services (AD FS)

Question 128)
With regards to Azure Policy, what does real-time enforcement mean?

• Policy permissions will supersede existing blueprint requirements.
• Immediate penalties will be applied when company rules are broken.
• That appropriate validation will be applied to any request for data.
• The blocking of non-compliant resources being created.

Question 129)
Which of the following services provides a secure score to identify how secure a resource is?

• Microsoft Defender
• Microsoft Sentinel
• Azure Bastion
• Security Operations Center

Question 130)
When logging onto a system a user has already provided face recognition as a means of validating. The system is configured with multi-factor authentication (MFA). Which of the following will be a valid second form of identification? Select all that apply.

• Iris scan
• Registered device
• PIN
• Fingerprint

Question 131)
In the shared security model, which responsibilities are retained by the customer accessing an Infrastructure as a service (IaaS) package? Select all that apply.

• Operating system
• Physical servers
• Virtual machines (VM)
• Data center

Question 132)
Which of the following signals will impact conditional access? Select all that apply.

• The complexity of the user’s password
• Where the user is attempting authentication from
• The time of day
• The health of the device being used

Question 133)
Which of the following reflects the goals of a blueprint? Select all that apply.

• Highest privilege wins
• Role assignment
• Application scope definition
• Resource locking

Question 134)
Which of the following is commonly associated with the combination of something you know, something you are, and something you have?

• Multi-factor authentication (MFA)
• Single sign-on
• Biometric keys
• Federation

Question 135)
Which services can be integrated with Microsoft Playbook for automated responses?

• Microsoft Bastion
• Microsoft Defender
• Azure Monitor
• Microsoft Sentinel

Question 136)
What function does attack surface reduction (ASR) in Microsoft Defender for Endpoint perform?

• Provides an additional layer of protection on DNS.
• Brings threat detection of applications.
• Adds protection to storage accounts.
• Regulates access to malicious IP Addresses, domains, and URLs.

Question 137)
Which of the following is a service that reduces the risk of employees setting poor passwords by vetting passwords based on length, organization-specific terms, and other factors?

• Azure Password Protection Proxy
• A globally banned password list
• Azure AD Password Protection
• Sensitivity labels

Question 138)
To verify explicitly and to perform repeat checks for breaches are an example most closely associated with which mindset?

• Defense in depth
• Encryption
• Zero Trust
• Network Configuration

Question 139)
Which of the following Microsoft Purview services will detect the intentional leaking of company information?

• Data governance
• Insider risk management
• Data catalog
• eDiscovery

Question 140)
Imagine you are a records manager at a large corporation. You are training a new employee on Microsoft Purview who asks you, “If we label a document as a regulatory record, can we later decide to shorten its retention period?” Using the following options, how would you answer?

• Yes, but only if done within the first 24 hours of labeling.
• No, once an item has been marked as a regulatory record, its retention periods can’t be shortened after the label has been applied.
• Yes, you can change the retention period as often.

Question 141)
Which of the following is an approach for ensuring that sensitive information cannot be sent and read within an organization?

• Information protection
• Content Explorer
• Sensitivity labels
• Information barriers

Question 142)
Which of the following services will an organization use if they want to monitor communication compliance internally?

• Microsoft Cloud Security Benchmark (MCSB)
• Microsoft Service Trust portal
• Microsoft Defender
• Microsoft Purview

Question 143)
Which of the following services would be used to ensure passwords are kept the same in an on-premises and cloud based active directory?

• Federated Access
• Azure AD Connect
• Azure AD Pass-through Authentication
• Azure AD Password Hash Synchronization

Question 144)
Which of the following elements feature in Microsoft’s six privacy principles? Select all that apply.

• Transparency
• Freedom of speech
• Control
• Right to be forgotten

Question 145)
Which of the following is a control used in Microsoft Purview Compliance Manager?

• Customer-managed controls
• Local control
• System controls
• Network controls

Question 146)
True or False: eDiscovery is a service that is used when compliance requires legal focus.

• True
• False

Question 147)
Which pillar in the identity infrastructure is responsible for creating and managing user identities on a system?

• Audit
• Authentication
• Administration
• Authorization