Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC900 > WhizLabs 2 > Flashcards

WhizLabs 2 Flashcards

1
Q

Your company is planning on using Azure AD Identity Protection. Does Azure AD Identity Protection generate sign in risks after the user is authenticated?

A. Yes
B. No

A

B. No

Explanation:
The entire purpose of Azure AD Identity Protection is to detect risks during the sign in process
So the risk detection is done during the authentication process and not after the authentication process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company is planning on making use of conditional access policies within Azure.
You need to ensure that only users with a Windows device can access a specific application.
Can conditional access policies be used to accomplish this requirement?

A. Yes
B. No

A

A. Yes

Explanation;
Conditional Access i used to control the authentication process and it can assess various signals including the device a user is attempting to access the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company is planning on making use of conditional access.
Can you use conditional access to enable MFA for users that sign in via certain cloud based applications?

A. Yes
B. No

A

A. Yes

Explanation:
You can use conditional access to enable MFA for users that sign in via certain cloud based applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company wants to start hosting resources on Azure.
When using Azure cloud, would the company be responsible for maintaining the underlying identities that would be assigned access to Azure resources?

A. yes
B. no

A

A. Yes

Explanation:
Here the maintenance of the underlying identities in Azure would lie with the customer.
Azure provides an option of Azure AD for storing the identities, but the final responsibility of managing the identities lies with the customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure. Which of the following could be used for the following requirement?

Grant access to users for managing various aspects of the Azure AD tenant

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

A

C. Azure AD Roles

Explanation:
You can assign various roles in Azure AD for users to manage various aspects of Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure.
Which of the following could be used for the following requirement?

Enforce MFA based on the sign in risk

A. Azure AD Identity Protection
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

A

A. Azure AD Identity Protection

Explanation:
In Azure AD Identity Protection, you can configure the Sign in risk policy to allow access and enforce the use of MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have a set of resources in Azure. Can you add multiple delete locks for a resource in Azure?

A. Yes
B. No

A

A. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have a set of resources in Azure. Can you add a delete lock to a resource that already has a read only lock?

A. Yes
B. No

A

B. No

Explanation:
Yes this is possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have a set of resources in Azure. Are resource locks inherited by resources when a lock is present at the resource group level?

A. Yes
B. No

A

A. Yes

Explanation:
A Delete lock is placed at the resource group level. And here is has been inherited by the resources in the resource group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is a scalable, cloud native, security information event management and security orchestration automated response solution?

A. Microsoft Sentinel
B. Microsoft Defender for Cloud
C. Azure AD
D. Azure AD Identity Protection

A

A. Microsoft Sentinel

Explanation:
You can use Microsoft Sentienl as a scalabl, cloud native SIEM and security orchestration automated response solution. Sentinel has the capability to ingest data from a variety of sources and perform threat monitoring of that data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company is currently looking at using the Azure Policy service. Can the Azure Policy service be used to check the compliance of existing resources?

A. Yes
B. No

A

A. Yes

Explanation:
The entire idea of the Azure Policy service is to check whether the existing resource conform to the various policy defintions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your company is currently looking at using the Azure Policy service. Can the Azure Policy service be used to remediate issues that get detected via its compliance checks?

A. Yes
B. No

A

B. No

Explanation:
Some of the policies in Azure Policy has a Remediation section. This can be used to remediate issues if the resources are found to be not compliant with the policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company is planning on making use of Azure Blueprints.
Can Azure Blueprints be used to create role assignments for an Azure subscription?

A. Yes
B. No

A

A. Yes

Explanation:
When you create an Azure Blueprint, you can create multiple artifacts as part of the Blueprint.
One of them is role assignments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your company is planning on making use of Azure Blueprints. Can Blueprints be used to create Management groups?

A. Yes
B. No

A

A. Yes

Explanation:
When you create an Azure Blueprint, you can create multiple artifacts as part of the Blueprint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?

A. Microsoft Defender for Cloud
B. Azure Policies
C. Azure Blueprints
D. Azure AD

A

A. Microsoft Defender for Cloud

Explanation:
With Microsoft Defender, you can enable intelligent protection of your resources that are defined in Azure and also your on premises infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
D. Azure Identity Protection`

A

B. Azure Web Application Firewall

Explanation
The Azure WAF can be used along with the Azure Application Gateway resource to protect applications from common exploits and vulnerabilities
It can help protect against attacks such as SQL injection attacks or cross site scripting

17
Q

Your company is planning on making use of Azure AD Privileged Identity Management. Can Privileged Identity Management be used to provide time bound assignments for Azure AD roles?

A. Yes
B. No

A

A. Yes

Explanation:
You can manage the access of users to Azure AD roles. You can also give time bound access to Azure AD Roles

18
Q

You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the right tool that can be sued for desired requirement below:

Provide an end to end workflow to preserve, collect, analyze review and export content in Microsoft 365

Which of the following would you use for this requirement?

A. Core eDiscovery
B. Advanced eDiscovery
C. Sensitivity labels
D. Content Search

A

B. Advanced eDiscovery

Explanation:
Advanced eDiscovery tool provides and end to end workflow feature. This can be used to preserve, collect, analyze and review and export content that is pertinent to an organizations investigations

19
Q

Provide basic capabilities on searching and exporting of content in Microsoft 365

Which of the following would you use for this requirement?

A. Core eDiscovery
B. PIM
C. Sensitivity Labels
D. Content Search

A

A. Core eDiscovery

Explanation:
The Core eDiscovery tool helps you find and export content in Microsoft 365 and Office 365
You can also use the tool to place an eDiscovery hold on certain content locations

20
Q

You are planning on using the Azure Firewall service to manage cloud based network security service that protects your Azure Virtual Network (VNet) resources from attackers. You need to select the key features of the Azure Firewall.

A. High availability and availability zones
B. Multiple public IP addresses
C. Threat Intelligence
D. Network and application level filtering
E. No Public IP required on the Azure VM
F. Protection against port scanning

A

A. High availability and availability zones
D. Network and application level filtering
B. Multiple public IP addresses
C. Threat Intelligence

High availability is built in so theres nothing to configure. Also Azure Firewall can be configured to span multiple availability zones for increased availability

Use IP address, port, and protocol to support fully qualified domain name filtering for outbound traffic and network filtering controls

Threat intelligence can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains

21
Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to filter incoming traffic to Azure Virtual Machines?

A. Yes
B. No

A

A. Yes

Explanation:
The Azure Firewall service has network traffic filtering rules that can be defined to allow or deny traffic.
You can filter traffic based on the source, destination IP address, the port number and protocol

22
Q

You are planning on using the Azure Firewall service. Can you use the Azure Firewall service to authenticate users onto Azure virtual machines?

A. Yes
B. No

A

B. No

Explanation

23
Q

You have to work with Retention labels and policies in Microsoft 365. You have to understand what the outcome would be when it comes to applying labels and policies

An email message is subject to a retention policy via Exchange that is configured to delete items after three years. The message also has a retention label that is configured to retain items for five years.

Would the email message be retained for five years?

A. Yes
B. No

A

A. Yes

Explanation:
Here the retention action would take precedence over the deletion action when you have different settings applied for policies and labels

24
Q

You have to work with Retention labels and policies in Microsoft 365. You have to understand what the outcome would be when it comes to applying labels and policies.

A Sharepoint site has two retention policies. One is configured to retain items for five years and the other for ten years.

Would the documents in the Sharepoint Site be retained for ten years?

A. Yes
B. No

A

A. Yes

Explanation:

25
Q

You are looking at using Azure AD Access Reviews. Can you use Azure AD Access Reviews to review group memberships for users defined in Azure AD?

A. Yes
B. No

A

A. Yes

Explanation:
When you create an Access Review in Azure AD, you can review the access of users to teams and groups

26
Q

You are looking at using Azure AD Access Reviews. Can you use Azure AD Access reviews to review users assigned to eneterprise applications?

A. Yes
B. No

A

A. Yes

Explanation:
When you create an Access Review in Azure AD, you can review the access of users to applications

27
Q

As the Azure Administrator, you have a requirement to implement a process that would require users to review their current access to highly sensitive applications on a quarterly basis. If the users do not complete the review, their access permissions would be automatically removed.
Can you use Azure AD Access Reviews to meet this requirement?

A. Yes
B. No

A

A. Yes

Explanation:
Yes, Access Reviews can be created to allow users to review their access on a quarterly basis and if any user does not review their access, permissions would be automatically revoked

28
Q

You want to use the security policies from the Endpoint security of intune to configure device security.
Which of the following would you use for below requirement?

Configure the settings for BitLocker on a Windows Machines

A. Antivirus
B. Disk Encryption
C. Account protection
D. Firewall

A

B. Disk Encryption

Explanation:
With the Disk Encryption policy, you can configure the settings for the devices built in encryption methods like BitLocker

29
Q

You want to use the security policies from the Endpoint security of Intune to configure device security.
Which of the following would you use for the below requirement?

Configure the built in firewall settings on the macOS device

A. Antivirus
B. Disk Encryption
C. Account Protection
D. Firewall

A

D. Firewall

Explanation:
With the firewall policy, you can configure the settings the in built firewalls on both your Windows and macOS devices

30
Q

You are exploring the capabilities of Microsoft Defender for Cloud. Can you use Microsoft Defender to Cloud to get recommendations on how to improve the security posture of your Azure environment?

A. Yes
B. No

A

A. Yes

Explanation:
There is a recommendations section in Microsoft Defender for Cloud that gives you various recommendations on how to improve the security posture of your Azure environment

31
Q

You are exploring the capabilities of Microsoft Defender for Cloud. Can you use Microsoft Defender for Cloud to monitor the various security aspects related to servers defined in your Azure subscription

A. Yes
B. No

A

A. Yes

Explanation:
You can actually use the in built Microsoft Defender for Cloud service to monitor the security aspects of servers defined as part of your Azure subscription

32
Q

You are exploring the capabilities of Microsoft Defender for Cloud. Can you use Microsoft Defender for Cloud to get notifications if there are any threats detected?

A. Yes
B. No

A

A. Yes

Explanation:
You can actually setup email notifications in Microsoft Defender for Cloud

33
Q

You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Privileged Identity Managed service?

A. Filter traffic to Azure virtual machines
B. Enable MFA for users based on detected sign in risks
C. Provide just in time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

A

C. Provide just in time access to resource roles in Azure

Explanation:
With Azure Privileged Identity Management, you can provide just in time access to Azure AD roles and resource roles. Here users can request access whenever required. And the access can be granted or denied accordingly

34
Q

You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure AD Identity Protection service?

A. Filter traffic to Azure virtual machines
B. Enable MFA for users based on detected sign in risks
C. Provide just in time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

A

B. Enable MFA for users based on detected sign in risks

Explanation:
With Azure Identity Protection, you can actually enable the use of MFA if there is a detected sign in risk. This can be done via a Sign In risk policy

35
Q

You are evaluating the different services in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Network Security Group?

A. Filter traffic to Azure Virtual machines
B. Enable MFA for users based on detected sign in risks
C. Provide just in time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

A

A. Filter traffic to Azure Virtual machines

Explanation:
With the use of Azure Network Security Groups, you can filter the traffic that flows in and out of Azure virtual machines
Here you can filter the traffic based on various aspects such as the IP address, the port number and protocol

36
Q

You are evaluating the different services in available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Security Center?

A. Filter traffic to Azure virtual machines
B. Enable MFA for users based on detected sign in risks
C. Provide just in time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

A

D. Measure the security posture of resources defined in an Azure environment

Explanation:
With the use of Azure Security Center, you can see various security aspects for resources defined as part of Azure environment. You also get recommendations on how to improve the various aspects of security in your Azure environment

37
Q

You are reviewing Microsofts Privacy policy. Does Microsoft collect data related to your web browsing and online searches?

A. Yes
B. No

A

A. Yes

Explanation:
Microsoft uses the search results of users to give better search results for future searches. This is based on the data that gets collected via browsing and online searches

38
Q

You want to enable safe attachments for SharePoint and OneDrive. Which of the following can be used for this requirement?

A. Microsoft Defender for Endpoint
B. Microsoft Defender for Identity
C. Microsoft defender for Office 365
D. Azure AD Identity Protection

A

C. Microsoft defender for Office 365

Explanation:
There is a plan in Microsoft Defender for Office 365 that you can use to enable safe attachments. This service will ensure that if it detects an unsafe attachment, it will lock the attachment so that it cant be opened

SC900 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions