SC900 Kindle IP Specialist Flashcards

Question

Which Microsoft portal provides information about how Microsoft cloud services comply with the regulatory standard, such as International Organization for Standardization (ISO)? A. The Microsoft Endpoint Manager Admin Center B. Azure Cost Management + Billing C. Microsoft Service Trust Portal D. The Azure Active Directory Admin Center Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 21). Kindle Edition.

Answer 1

C. Microsoft Service Trust Portal Explanation: The Microsoft Service Trust Portal includes details about Microsoft implementation of controls and processes that defend our cloud services and the customer data therein

Answer 2

D. The management of the physical hardware Explanation: For all cloud deployment types, you have your data and identities. You are accountable for keeping the security of your data and identities, on premise resources and the cloud components you control.

Answer 3

A. Plan E. Define Strategy Explanation: The Microsoft Cloud Adoption Framework for Azure is a comprehensive lifecycle framework that helps business decision markers, IT experts and cloud architects realize their cloud adoption objectives. You may develop and implement business and technology strategies for the cloud with the support of the best practices, documentation and tools provided by this resource

Answer 4

A. Azure Defender Explanation: With Azure Defender, you can allow intelligent protection of your resources specified in Azure and your on premises infrastructure

Answer 5

B. Azure Web Application Firewall Explanation: The Azure Firewall service is a managed service that can be used to defend your Azure virtual network resources. But it cannot be used to encrypt the inbound traffic onto Azure virtual machines

Answer 6

A. Yes Explanation: When you make an Access Review in Azure Active Directory, you can check the access of users to teams and groups

Answer 7

B. Encryption at rest Explanation: Encryption at rest ensures that the data is encrypted when it is stored on disk, preventing the attacker from accessing the unencrypted data If an attacker gets their hands on a hard disc containing encrypted data but not the encryption keys, they will need to circumvent the encryption in order to access the data

Answer 8

A. Yes Explanation: You can give time-bound entry to Azure resources. Below is a screenshot of the page of Privileged Identity Management for Azure resources. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 100). Kindle Edition.

Answer 9

A. Yes Explanation: When you make an Azure Blueprint, you can generate multiple artifacts as part of the Blueprint. One of them is role assignments. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 101). Kindle Edition.

Answer 10

A. Yes Explanation: Some of the policies in Azure Policy have a Remediation portion, which can be used to remediate issues if the resources do not align with the policy. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 102). Kindle Edition.

Answer 11

A. Yes Explanation: Yes this is possible

Answer 12

D. Azure AD Connect Explanation: Azure AD Connect coordinates identities from the on-premises Active Directory onto Azure Active Directory. There are different techniques available for user identity synchronization. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 103). Kindle Edition.

Answer 13

C. Integration with Microsoft 365 Defender Explanation: An extended detection and response (XDR) tool called Microsoft 365 Defender automatically gathers, correlates, and assesses signal, threat, and alert data from all areas of your Microsoft 365 system, including endpoints, email, applications, and identities. To automatically thwart attacks and restore damaged assets to a secure state, it makes use of automation and artificial intelligence (AI). More than 70% of the time, remediation is totally automated by built-in self-healing technology, freeing up defenders to concentrate on other duties that make greater use of their knowledge and experience. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 103-104). Kindle Edition.

Answer 14

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) Explanation: Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources you care about. Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit Prevents removal of the last active Global Administrator role assignment Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 104). Kindle Edition.

Answer 15

D. Azure Virtual Networks Explanation: Network Watcher is a provincial help that empowers you to screen and analyze conditions at an organization’s situation level in, to, and from Azure. Situation-level observation empowers you to analyze issues at a start-to-finish network-level view. It is expected to have an organization watcher asset gathering to be made in each area where a virtual organization is available. An alarm is empowered in the event that an organization watcher asset bunch is not accessible in a specific locale. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 105). Kindle Edition.

Answer 16

C. Defense in Depth Explanation: Defense in depth is a layered approach to security, which does not allow you to relying on a single perimeter. A defense in depth strategy has a series of ongoing mechanisms to lessen the pace of the furtherance of an attack. Each layer provides a shield so that a succession layer will prevent an attacker from getting unauthorized access to data if one layer is violated. Example layers of security include: Physical Physical security means limiting access to a data center that only undergoes ingress by authorized personnel. Identity and Access It includes the security controls, such as multi-factor authentication or condition-based access, to control the admittance to infrastructure and change control. Perimeter This security includes Distributed Denial of Service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users. Network Network security means network segmentation and access controls so that communication between resources can be limited. Compute Compute layer security means securing access to virtual machines either on-premises or in the cloud by closing certain ports. Application Application layer security ensures that applications are secure and free of security weaknesses and vulnerabilities. Data Data layer security includes the controls to manage business and customer data access. The data is protected through encryption. For further details, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 105-107). Kindle Edition.

Answer 17

A. Microsoft Defender for Office 365 Explanation: Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization from advanced threats such as phishing, business email compromise, and malware attacks that target email and collaboration tools. Defender for Office 365 also includes investigation, hunting, and remediation tools to assist security teams in identifying, prioritizing, investigating, and responding to threats. Safe Attachments is an element in Microsoft Defender for Office 365 that involves a virtual environment to browse connections in inbound email messages after they have been examined by anti-malware protection in Exchange Online Protection (EOP), however before conveyance to beneficiaries Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 107). Kindle Edition.

Answer 18

C. Azure Defender Explanation: Advanced Threat Protection for an Azure SQL Managed Instance detects unexpected and potentially hazardous attempts to access or exploit databases by detecting abnormal behaviors. Potential SQL injection, access from an odd location or datacenter access from an unfamiliar principal or potentially hazardous application, and brute force SQL credentials are all things that Advanced Threat Protection can detect. Click the View ongoing SQL, which will connect the email to send the Azure entrance and show the Microsoft Defender for Cloud alarms page, which outlines dynamic dangers recognized on the information base. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 108). Kindle Edition.

Answer 19

C. Conditional Access Policies Explanation: Conditional Access brings signals together to make decisions and enforce organizational policies. Azure AD Conditional Access is the core of the new identity-driven control plane. Common decisions of Azure AD Conditional Access: Block access Most restrictive decisions of Azure AD Conditional Access: Grant access For the least restrictive decision, one or more of the following options would be needed: Require multi-factor authentication Require device to be marked as compliant Require Hybrid Azure AD joined device Require approved client app Require app protection policy Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 108-109). Kindle Edition.

Answer 20

C. Azure Virtual Machines Explanation: Azure Bastion allows you to access your virtual machines through RDP/SSH over TLS directly from the Azure site

Answer 21

C. To restrict Microsoft Exchange Online email between certain groups within an organization Explanation: You can set policies using Microsoft Purview Information Barriers to restrict certain users from communicating with each other or let specified segments speak only with specific other segments. You will use user account attributes, segments, 'block' and/or 'allow' policies, and policy application to construct policies for information barriers. In Azure Active Directory, user account attributes are defined (or Exchange Online). Department, job title, location, team name, and other job profile characteristics are examples of these features. Segments are groups of users in the Microsoft Purview compliance portal defined by a user account attribute. You have defined your barrier policies and are ready to implement them in your company. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 109-110). Kindle Edition. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 109). Kindle Edition.

Answer 22

D. Compliance Score Explanation: Microsoft Purview Compliance Manager is a function of the Microsoft Purview compliance portal that makes handling your organization's compliance obligations easier and more convenient. Compliance Manager can assist you with every step of the way, from assessing your data security threats to managing the intricacies of installing controls, remaining current with requirements and certifications, and reporting to auditors. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 110). Kindle Edition.

Answer 23

C. Microsoft Service Trust Portal Explanation: The Microsoft Services Trust Portal provides details on Microsoft's implementation of cloud services and the controls and processes that protect the customer data they contain. For further details, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 110). Kindle Edition.

Answer 24

D. The management of the physical hardware Explanation: It is vital to understand the shared responsibility model, which security activities are handled by the cloud provider, and which tasks you handle when you investigate and evaluate public cloud services. Depending on whether the workload is hosted in a Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or on-premises datacenter, the workload duties differ. Responsibility is shared. You own the entire stack in an on-premises data center. Some duties are transferred to Microsoft as you move to the cloud. According to the type of stack deployment, the following graphic depicts the regions of responsibility between you and Microsoft. You own your data and identities regardless of the cloud deployment method. You are responsible for the security of your data and identities and your on-premises resources and cloud components (which vary by service type). You are always responsible for the following obligations, regardless of the method of deployment: Account Access Management Data Endpoints Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 111). Kindle Edition.

Answer 25

B. Encrypting a virtual machine disk Explanation: Encryption at Rest is a typical security necessity. In Azure, associations can encrypt information at rest without the gamble or cost of a custom key administration solution. Associations have the choice of allowing Azure totally to manage Encryption at Rest. Also, associations have different choices to intently manage encryption or encryption keys. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 112). Kindle Edition.

Answer 26

D. To prevent users from using specific words in their passwords Explanation: Azure Active Directory Password Protection detects and blocks recognized weak passwords and their variants and new weak keywords unique to your business. Default global banned password lists are automatically applied to all users in an Azure AD tenant using Azure AD Password Protection. You can create a bespoke banned password list to meet your specific business and security needs. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 112). Kindle Edition.

Answer 27

A. Access Reviews Explanation: Azure Active Directory (Azure AD) access reviews empower associations to effectively manage group enrollments, admittance to big business applications, and job tasks. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 112). Kindle Edition.

Answer 28

C. Information Barriers Explanation: Microsoft Teams, SharePoint Online, and OneDrive for Business support data boundaries. Accepting your membership incorporates information barriers, a consistence executive, or data boundaries chairman can characterize approaches to permit or forestall interchanges between gatherings of clients in Microsoft Teams. Data information barriers can be utilized for circumstances like these: Client in the informal investor gathering should not impart or impart documents to the showcasing group Finance faculty chipping away at secret organization data should not convey or impart records to specific gatherings inside their association An inside group with proprietary advantage material should not call or talk online with individuals in specific gatherings inside their association An exploration group ought to just call or talk online with an item improvement group A site for informal investor gathering ought not to be shared to anybody outside the informal investor bunch Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 113). Kindle Edition.

Answer 29

D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) Explanation: Privileged Identity Management (PIM) is an Azure Active Directory (Azure AD) assistant that empowers you to make due, control, and screen admittance to significant assets in your association. These assets remember assets for Azure AD, Azure, and other Microsoft Online Services, for example, Microsoft 365 or Microsoft Intune Associations need to limit the number of individuals who approach secure data or assets since that lessens the opportunity of a vindictive entertainer gaining admittance to an approved client, unintentionally affecting a delicate asset. Notwithstanding, clients actually need to do special tasks in Azure AD, Azure, Microsoft 365, or SaaS applications. Associations can give clients in the nick of time-restricted admittance to Endlessly sky blue AD assets and supervise how those clients are doing their restricted admittance. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 113-114). Kindle Edition.

Answer 30

D. A service principal Explanation: Whenever you register an application through the Azure portal, an application item and administration principles are consequently made in your home registry or occupant. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 114). Kindle Edition.

Answer 31

D. Defense in Depth Explanation: Defense in depth uses a layered approach to security to reduce the chances of a successful attack

Answer 32

B. Google trusts Spotify’s Azure AD Explanation: Spotifys Azure AD trusts Google in the case above. However, this is the not the case. Unless the trust relationship is configure, Google does not trust Spotify

Answer 33

A. Azure AD Enterprise Apps B. SharePoint Online Sites D. Microsoft 365 Groups F. Azure AD Security Groups Explanation: In Azure AD entitlement management, you define access packages to automate access request workflows, access assignments, and access expiration. This is critical since many users (whether new employees or those with recent role changes) are unsure of what access they require or to whom they should request it. The following are the sorts of resources defined in an access package, as seen in the figure above: Azure AD security groups and Microsoft 365 groups membership Access to Azure Active Directory apps and SaaS apps SharePoint Online site access Although you cannot manage access to Microsoft 365 licenses or Azure resources directly, you can create an Azure AD security group and allow users who require Microsoft 365 licenses access (via group-based licensing). For that group, you are required to create an Azure role assignment. If you have trouble understanding, the graphic above will help. So, the right answers are 1, 2, 4, and 6. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 115-116). Kindle Edition.

Answer 34

C. Microsoft Defender for Cloud Explanation: Microsoft takes a multi-layered security approach. Only Microsoft Defender for Cloud is a base layer (free, basic level of protection) Microsoft Defender for Cloud is a more advanced layer (paid, advanced protection with just-in-time access, Adaptive application controls, vulnerability assessment, etc.) Workload protections is accessed through Microsoft Defender for Cloud. Only after updating do you get the screen below. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 116-117). Kindle Edition.

Answer 35

B. Security Information Event Management (SIEM), Security Orchestration Automated Response (SOAR) Explanation: Security Information Event Management (SIEM) is a consolidated repository for all log entries created by your infrastructure, resources, devices, firewall, and endpoints. It then uses these logs to create alerts and notify the administrator. SOAR (Security Orchestration Automated Response) automates your threat response by taking these signals (with playbooks). As a result, SOAR reduces incident reaction time. In a nutshell, if SIEM identifies suspicious behavior, it generates an alarm. SOAR processes alarms (including false positives) and generates an automatic reaction. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 117-118). Kindle Edition.

Answer 36

B. Advanced Hunting Explanation: Microsoft Defender for Endpoint has several capabilities that could be useful during an exam. Advanced Hunting is the best option because it allows you to construct queries that actively seek hazards. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 119). Kindle Edition.

Answer 37

B. Information protection & governance C. Insider risk management E. Discovery & response Explanation: The Microsoft 365 solutions catalog can help you find compliance and risk management solutions for your company. The compliance solution catalog is divided into three sections. Each solution area offers details on a variety of compliance options. The only three compliance solution categories are, as you might expect, insider risk management, information protection and governance, and discovery and response. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 119-120). Kindle Edition.

Answer 38

B. Use identity as the primary security boundary C. Always verify the permissions of a user explicitly D. Always assume that the user system can be breached Explanation: The concept of zero trust is a security strategy. It is an approach to defining and implementing the following set of security principles rather than a product or service: Explicitly verify Use the least privileged access method Assume breach Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 120). Kindle Edition.

Answer 39

D. Defense in Depth Explanation: Defense in Depth uses a layered approach to security to reduce the chances of a successful attack

Answer 40

A. Yes Explanation: The important privacy principles addressed by Microsoft are listed below. Control Transparency Security Strong legal safeguards No targeting by content Advantages for you When it comes to transparency, Microsoft claims to be transparent in its data collection practices. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 120-121). Kindle Edition.

Answer 41

C. Encryption Explanation: You can be certain that data is encrypted. The encryption key would then be available only to authorized users. The data can then be decrypted and read using the encryption key. Option B is improper because it is generally used to remove multiple copies of repeated data. Option A is wrong because it typically stores data that is not commonly used. Option D is inappropriate because it is typically used to lower data storage space. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 121). Kindle Edition.

Answer 42

D. Identity Provider Explanation: Microsoft's identity supplier is Azure Active Directory. This is used for identity storage and access management. Azure Active Directory may handle identity and access in both Azure and Microsoft Office 365. Since Azure Active Directory is used for identity and access management, all other options are invalid. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 122). Kindle Edition.

Answer 43

B. No Explanation: Azure Active Directory comes with a variety of price options. The Free model is the most basic version. There is a feature limitation in this case. For example, you will not be able to use services like: Service Level Agreements (SLAs) Cloud users can reset their passwords themselves Management of group access Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 122). Kindle Edition.

Answer 44

A. Yes Explanation: You can construct a rule based on the network security group rule's IP address, protocol, and port number. The sample screenshot below shows the IP address, protocol, and port number. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 122). Kindle Edition.

Answer 45

C. Azure Firewall Explanation: The Azure Firewall service can convert traffic from public IP addresses to private IP addresses and virtual networks. Option A is inappropriate since it enables access to your Azure virtual machines through RDP/SSH. Option B is wrong because it is used to filter traffic to your Azure virtual machine. Option D is inappropriate since it is used to safeguard your Azure resources from large-scale Internet threats. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 124). Kindle Edition.

Answer 46

A. Azure Bastion Explanation: The Azure Bastion service is a managed service that lets you connect to an Azure virtual machine through a browser or the Azure portal. Since this is a managed firewall service, Option B is inappropriate. Option C is wrong since it is used to filter traffic to and from your Azure virtual machines. Option D is inappropriate since it is used to safeguard your Azure resources from large-scale Internet threats. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 124). Kindle Edition.

Answer 47

A. Yes Explanation: Microsoft Defender for Endpoint service is compatible with Windows 10 devices. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 124). Kindle Edition.

Answer 48

B. Azure Blueprint Explanation: Azure Blueprints can be sued to deliver a group of artifacts. Resources such as ARM templates, resource groups, and role assignments are examples of artifacts The artifacts can be deployed using Azure Blueprints Option A is inappropriate because this is utilized as a governance mechanism for your Azure account's resources. Option C is inappropriate because it is used to safeguard your Azure AD IDs. Option D is inappropriate because it prevents inadvertent resource loss and modification in Azure. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 125). Kindle Edition.

Answer 49

C. Customer Lockbox Explanation: Explanation: Microsoft Engineers occasionally require user data access to identify a problem. The Customer Lockbox functionality can be used to accomplish this. Option A is inappropriate since it is utilized to prevent a conflict of interest in the organization by restricting communication and collaboration between two groups. Option B is erroneous because it is used to look for material in Exchange emails, SharePoint sites, and OneDrive folders. Option D is wrong because it is utilized to provide just-in-time access to Microsoft 365 services. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 126). Kindle Edition.

Answer 50

D. Azure AD Connect Explanation: Identity synchronization from on-premises Active Directory to Azure Active Directory is done via Azure AD Connect. User identity synchronization can be accomplished using a variety of approaches. Option A is inappropriate because it is used to secure Azure identities. Option B is inappropriate because it is used to grant Azure conditional access. Option C is inappropriate because it provides users with rights in Azure Active Directory to control various elements. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 126). Kindle Edition.

Answer 51

A. Yes Explanation: Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Readonly lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, which ensures that the user is not allowed to delete the resource. In the given situation, the user can stop the virtual machine, create a new resource within this group, and change any resource created within “Ips” except to delete. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 126-127). Kindle Edition.

Answer 52

A. Azure Sentinel Explanation: Azure Sentinel can be used as a scalable, cloud-native solution for security information event management and security orchestration automatic response. Azure Sentinel may ingest data from various sources and monitor performance threats based on that data. Option B is inaccurate because, while Microsoft Defender for Cloud can provide various security metrics and recommendations for your environment, it cannot deliver a full orchestration and response-based solution. Option C is inappropriate because you are using Azure's identity-based solution. Option D is inappropriate because it is used to secure your Azure identities. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 127-128). Kindle Edition.

Answer 53

A. Yes Explanation: Explanation: When constructing an Azure Blueprint, you can include several artifacts. Role assignment is one of them. Below is a screenshot of this. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 128). Kindle Edition.

Answer 54

C. Azure Defender Explanation: You can use Azure Defender to enable intelligent security of your Azure resources and your on-premises infrastructure. As illustrated below, this is an extra security capability included with Microsoft Defender for Cloud. Option D is inappropriate because it is utilized for Azure account resource governance. Option B is inappropriate because it is used to deploy various assets to your Azure account. Option A is wrong because this is a repository for personal information. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 128-129). Kindle Edition.

Answer 55

D. Azure Web Application Firewall Explanation: To secure web applications from common exploits and vulnerabilities, utilize the Azure Web Application Firewall in conjunction with the Azure Application Gateway resource. For example, it can assist defend against SQL injection and cross-site scripting attacks. Option C is wrong because this is a managed firewall service for the Azure virtual network resources. Option A is wrong because it is utilized for Azure resource governance. Option B is inappropriate because it is used to secure your Azure AD accounts. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 129-130). Kindle Edition.

Answer 56

B. Encryption at Rest Explanation: This concept is matched to the idea of encrypting data while it is in transit. The data on the physical media is encrypted in this case. All other possibilities are erroneous since the phrase "rest" refers to data stored on the physical device. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 130). Kindle Edition.

Answer 57

B. No Explanation: Azure Firewall is a managed service for securing your Azure virtual network resources. However, it cannot encrypt incoming traffic to Azure virtual machines. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 130). Kindle Edition.

Answer 58

A. Active Directory - Password Explanation: Use Active Directory password authentication when connecting with an Azure AD principal name using the Azure AD managed domain

Answer 59

C. Active Directory – Integrated Explanation: When using a federated solution with your on premise AD, you should use the authentication type as Active Directory - Integrated into Microsoft SQL Server Management Studio

Answer 60

B. Medium Explanation: This event is associated with the Medium risk level. This is also given in the Microsoft documentation. Since this is clearly given in the Microsoft documentation, all other options are incorrect

Answer 61

B. This specifies the type of service you can use in Azure Explanation: There are multiple ways of identity management in Azure. One and most implemented secure method is Multi-Factor Authentication (MFA). MFA can be implemented using fraud alerts, blocking/unblocking users, phone call settings, notification verification, etc. Such an authentication method is termed a conditional access policy that can be achieved by Azure Active Directory (AAD). Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 132). Kindle Edition.

Answer 62

C. Locks Explanation: Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Readonly lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, to ensure that the user is not allowed to delete the resource. Option A is invalid because it defines the security features for the protection of resources. Option B is invalid because it provides access rights to an authorized user. Option D is invalid because it shows the configuration of the selected resource. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 133). Kindle Edition.

Answer 63

D. Network Security Group Explanation: Explanation: Network Security Group (NSG) has a set of security rules that enable some special VMs to allow or not allow the inbound and outbound traffic load from other resources. The given figure shows the step to make the validity of the correct port for inbound traffic flow. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 133). Kindle Edition.

Answer 64

A. Azure DDoS Protection Explanation: Azure DDoS Protection Services protect the applications against targeted DDoS attacks. With DDoS Protection, the traffic always remains within the Azure data center. It also helps in the performance because as Azure DDoS protection does the attack mitigation, that’s how traffic does not leave the data center. Option B is invalid because the Azure Key Vault provides the protection of application secrets in encrypted form. Option C is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. Option D is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 134-135). Kindle Edition.

Answer 65

C. Azure Key Vault Explanation: Azure Key Vault store the secret and password. It allows sharing passwords and secrets with others in a hidden form so that no one can view the actual secret. Option A is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Option B is invalid because the DDoS Protection service protects an application against DDoS attacks. Option D is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 135). Kindle Edition.

Answer 66

B. No Explanation: Azure Firewall defines the rules for the incoming and outgoing traffic in the network to ensure the security of resources in the network. It does not create a blockage between Azure and the internet. It provides the secure protection layer between Azure and the internet to provide throughput without any unwanted incident or blockage. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 135-136). Kindle Edition.

Answer 67

D. Azure Multi-Factor Authentication Explanation: Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. MFA is based on “Something you know (id and password), something you have (phone or other hardware), and something you are (face recognition or biometric).” Option A is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Option B is invalid because the DDoS Protection service protects an application against DDoS attacks. Option C is invalid because the Azure Key Vault provides the protection of application secrets in encrypted form. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 136). Kindle Edition.

Answer 68

B. No Explanation: Azure Active Directory service provides a combination of application access management and identity protection services. This service allows access to specific services to a specific user who has a license for access to this type of service. There are multiple licenses assigned to one user depending upon their service demand. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 136). Kindle Edition.

Answer 69

B. No Explanation: Network Security Group (NSG) is required in the configuration of a Virtual Network (VNet) where different Virtual Machines (VM) within the subnet are connecting with each other. NSG uses Access Control List (ACL) rules to allow or deny network traffic access to subnet or VM. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 137). Kindle Edition.

Answer 70

B. No Explanation: Network Security Group (NSG) is required in the configuration of a Virtual Network (VNet) where different Virtual Machines (VM) within the subnet are connecting with each other. NSG uses Access Control List (ACL) rules to allow or deny network traffic access to subnet or VM. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 137). Kindle Edition.

Answer 71

A. Yes Explanation: Azure AD service is a management service that combines identity protection service and access management. Many users can securely access the Azure service by just entering the user name and password

Answer 72

D. Azure Locks Explanation: Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Read-only lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, to ensure that the user is not allowed to delete the resource. Option A is invalid because Azure Identity protection monitors every user's identity in different phases. Option B is invalid because Azure Role-Based Access Control (RBAC) provides the access management of Azure resources. Option C is invalid because Azure Policies defines the rules and plans an organization can apply for better provision of services and resources. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 138). Kindle Edition.

Answer 73

D. Azure Key Vault Explanation: Azure Key Vault stores the secret and password. It allows sharing passwords and secrets with others in a hidden form so that no one can view the actual secret. Azure Key Vault has two main purposes: centralization and protection of application secrets, certificates, encryption keys, and secrets backed by the Hardware Security Module (HSM). Option A is invalid because Azure Storage Account allows the storage of data objects, files, and messages. Option B is invalid because Azure Identity Protection monitors every user's identity in different phases. Option C is invalid because Microsoft Defender for Cloud allows users to monitor the security features for the Azure resources and on-premises. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 138). Kindle Edition.

Answer 74

B. Dynamic Scalability Explanation: Scalability is managing the traffic load and providing service without affecting network performance. This feature automatically allocates resources to meet the performance requirement defined in Service Level Agreement (SLA). Option A is invalid because Disaster Recovery is a mandatory plan adopted by each IT organization to protect its IT majors. It keeps the running applications available during recovery and does not harm any other service, whether on-premises or Azure. Option C is invalid because fault tolerance refers to the ability to provide guaranteed services during downtime. Option D is invalid because it ensures the quick access of resources by the user over the internet. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 139). Kindle Edition.

Answer 75

B. Azure AD B2C is a Customer Identity Access Management (CIAM) solution Explanation: Azure AD B2C is a Customer Identity Access Management (CIAM) solution. Azure AD B2C allows external users to sign in with their social or local account identities to get single sign-on to applications. Azure AD B2C supports millions of users and billions of authentications per day. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 139). Kindle Edition.

Answer 76

A. B2B collaboration allows sharing of an organization’s applications and services with guest users from other organizations while maintaining control over their own data. Explanation: B2B collaboration allows sharing of an organization’s applications and services with guest users from other organizations while maintaining control over their data. B2B collaboration uses an invitation and redemption process, allowing external users to access organizations’ resources with their credentials. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 139-140). Kindle Edition.

Answer 77

A. 2 Explanation: There are two Azure AD External Identities: B2B B2C

Answer 78

C. Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can "bring their own identities" to sign in Explanation: Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can "bring their own identities" to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 79

C. A and B Explanation: Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can "bring their own identities" to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 80

C. 4 Explanation: Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can "bring their own identities" to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 81

C. When system-assigned identity is enabled, an identity is created in Azure AD that is linked to the lifecycle and stages of that service instance Explanation: Azure AD External Identities is a set of capabilities that enables an organization to permit access to external users, such as customers or partners who can "bring their own identities" to sign in. This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 140). Kindle Edition.

Answer 82

A. A user-assigned managed identity is assigned to one or more than one instance of an Azure service Explanation: A managed identity is managed by Azure AD. Managed identities are used to manage the credentials for the authentication of a cloud application with Azure service. There are benefits if we use managed identities; among them, some are listed below: Application developers can use the services that support managed identities for Azure resources Any Azure service supporting Azure AD authentication can get its hands on the managed identities to authenticate to another Azure service. We can take the example of accessing Azure Key Vault here. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 140-141). Kindle Edition.

Answer 83

B. Used to access particular Azure resources Explanation: This service principal is used to access particular Azure resources. The service principal defines what an application would do to the tenant, such as who can access the application and what resources the application is allowed to access. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 142). Kindle Edition.

Answer 84

C. A piece of hardware, such as mobile devices, laptops, servers, or printers Explanation: A device is said to be a piece of hardware, such as mobile devices, laptops, servers, or printers. Device identities are set up in different ways in Azure AD so that the device owner can determine properties. An organization's assets can be protected if devices are managed properly by using tools such as Microsoft Intune to maintain security standards. Azure AD also lets the devices have a single sign-on. This property can be enabled on applications too. There are many options for devices to get access to Azure AD: Azure AD registered devices: These can be Windows 10, iOS, Android, or macOS devices Azure AD joined: These devices exist only in the cloud. Azure AD joined devices are owned by an organization and are signed in with their account. Windows 10 devices (except Windows 10 Home) can be configured in Azure AD Hybrid Azure AD joined devices: These are Windows 7, 8.1, or 10, Windows Server 2008, or newer ones Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 142-143). Kindle Edition.

Answer 85

B. Representation of everything that is managed by Azure AD Explanation: User identity is the representation of everything that is managed by Azure AD. Employees and guests are the users of Azure AD. A group can be created if several users have the same need for access. A group permits access to all the group members in place of assigning rights individually. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 143). Kindle Edition.

Answer 86

A. Microsoft’s cloud-based identity and access management service Explanation: Azure Active Directory, also known as Azure AD, is Microsoft’s cloud-based identity and access management service. When an organization’s employees, guests, and other people want to achieve access to the resources they majorly need, Azure AD is used. These resources include: Internal resources External services Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 143). Kindle Edition.

Answer 87

B. 2 Explanation: There are two types of Azure Active Directory resources: Internal resources: These internal resources include the applications on an organization’s corporate network and on intranet and cloud apps that the organization itself develops External services: External services include Microsoft Office 365, the Azure portal, and SaaS applications that an organization uses Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 143-144). Kindle Edition.

Answer 88

C. Windows 10, iOS, Android, or macOS Explanation: These can be Windows 10, iOS, Android or macOS devices

Answer 89

A. Multi-Factor Authentication Explanation: MFA stands for Multifactor authentication. With the increasing modifications and advancements, people realized that passwords are still in danger. Hence, this thought brought multifactor authentication into origination. Multi-factor authentications require more than one verification form, like a fingerprint scan, which eliminates questions about compromised password security. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 144). Kindle Edition.

Answer 90

B. Includes the employer call or location Explanation: Custom banned password lists admins also can create customer banned password lists to assist unique enterprise safety needs. The custom banned password listing prohibits passwords that include the employer call or local

Answer 91

C. Six Explanation: Mobile app notification Mobile app code Email Mobile phone Office phone Security questions Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 145). Kindle Edition.

Answer 92

A. SSPR Explanation: Self-Service Password Reset (SSPR) is a feature of Azure AD that allows users to change or reset their password without an administrator or the help of desk involvement. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 145). Kindle Edition.

Answer 93

A. Two Explanation: There are two configurations available for Windows Hello: Windows Hello convenience PIN Windows Hello for Business Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 145). Kindle Edition.

Answer 94

B. Mobile Device Management Explanation: Windows Hello for Business is configured by Group Policy or Mobile Device Management (MDM) policy, such as Microsoft Intune. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 146). Kindle Edition.

Answer 95

A. PIN or a biometric Explanation: Windows Hello is an authentication feature built into Windows 10. It replaces two-factor authentication on mobiles and PCs. A user credential is connected to a device that uses a PIN or a biometric. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 146). Kindle Edition.

Answer 96

A. OATH Explanation: Open Authentication is the full form of OATH. An open standard tells how time-based, one-time password (TOTP) codes are brought about. OATH TOTP is implemented using software or hardware to initiate the codes. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 146). Kindle Edition.

Answer 97

D. All the above Explanation: Three things are required by the Azure Active Directory Multi-Factor Authentication to work: Something you know: a password or PIN Something you have: a trusted device that's not easily duplicated, like a phone or hardware key Something you are: biometrics which includes a fingerprint or face scan. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 146-147). Kindle Edition.

Answer 98

A. Four Explanation: In multi-factor authentication, extra forms of verification are used with Azure Active Directory Multi-Factor Authentication, which are: the Microsoft Authenticator app, SMS, Voice call, and OATH Hardware token. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 147). Kindle Edition.

Answer 99

A. More than one verification Explanation: Multifactor authentications require more than one verification form, like a fingerprint scan, which eliminates the questions about password security being compromised. Fingerprint scan has made identities very authentic and secure. This new advancement has undeniably improved security and protection and is very simple for users. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 147). Kindle Edition.

Answer 100

B. A set of basic identity security mechanisms Explanation: Microsoft recommends security defaults, a set of basic identity security mechanisms that start working on an organization as soon as they are enabled. The goal of these mechanisms is to provide security without any extra cost. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 147). Kindle Edition.

Answer 101

C. Fast Identity Online Explanation: FIDO stands for Fast Identity Online, an alliance that promotes open authentication standards and aims to minimize the reliance on passwords as a form of authentication. FIDO2 allows users to sign in using an external security key. The external key can be a USB device, lightning connector, Bluetooth, or NFC. The user never has to enter a password in whichever form it has implemented FIDO2. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 148). Kindle Edition.

Answer 102

C. TOTP Explanation: Open Authentication is the full form of OATH. An open standard tells how Time-Based, One-Time Password (TOTP) codes are brought about. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 148). Kindle Edition.

Answer 103

B. A feature of Azure AD Explanation: Conditional access is an Azure AD feature that adds another degree of security before authorized users can access data and other assets. Azure AD creates and manages policies that implement conditional access. Conditional access rules automate the choice to grant access to resources by analyzing signals such as people, locations, devices, applications, and dangers (apps and data). Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 148). Kindle Edition.

Answer 104

A. QnA Explanation: Conditional Access App Control for cloud apps leverages signals from Microsoft Defender to prevent sensitive document downloads, cuts, copies, and prints or to request that sensitive files be marked. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 149). Kindle Edition.

Answer 105

B. Seven Explanation: There are seven signals: Membership of users or groups Named Location Information Terminal Application Real-time sign-in risk detection Cloud apps and actions User risk Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 149). Kindle Edition.

Answer 106

A. Three Explanation: Azure AD-specific roles: These roles only provide access to Azure AD resources. For example, user admins, application admins, and group admins all provide permissions to handle Azure AD resources. Service-specific roles: Roles relevant to the service: Azure AD provides built-in service-specific roles for major Microsoft 365 services that grant access to manage features within the service. For example, you may manage functionality in each service using Azure AD's built-in roles for Exchange admin, Intune admin, SharePoint admin, and Teams admin. Cross-service roles: Roles that transcend services: Azure AD includes several roles spanning services. Security-related roles, such as a security administrator who allows access to some security services in Microsoft 365, are available in Azure AD. The Compliance Administrator role can also administer compliance-related settings like Microsoft 365 Compliance Center and Exchange. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 150). Kindle Edition.

Answer 107

Three Explanation: Many Azure ADIN roles have a set of permissions that they roll out. The following are some of the most popular integration roles: Global Administrator - Users with this role have full access to all Azure Active Directory administration functions. The user who created the Azure Active Directory tenant becomes a global administrator by default. User Administrator - Users with the user administrator position can create and manage all elements of users and groups. This position also requires managing support tickets and tracking service status. Billing Administrator – Users with the Billing Administrator role make purchases, manage subscriptions and support tickets, and keep track of service status. All built-in roles are permission packages that have been pre-configured for specific purposes. A built-in role's permissions are set in stone and cannot be changed. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 150-151). Kindle Edition.

Answer 108

C. 3 Explanation: Identity Protection is a tool that enables organizations to perform three main tasks, which are as follows: Automate identity-based risk detection and remediation Investigate the risks to the data in the portal Export the risk detection data to a third-party utility for further analysis Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 151). Kindle Edition.

Answer 109

D. Privileged Identity Management is a service in Azure Active Directory (Azure AD) that allows you to manage, control, and monitor access to critical resources in your organization Explanation: Privileged Identity Management (PIM) is an Azure Active Directory (Azure AD) service that allows you to manage, control, and monitor access to critical resources in your organization. This includes resources for Azure AD, Azure, and other Microsoft online services such as Microsoft 365 and Microsoft Intune. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 151-152). Kindle Edition.

Answer 110

A. This type of risk detection identifies two logins originating from geographically separated locations Explanation: This type of risk detection identifies two logins originating from geographically separated locations. In this case, at least one location may not be common to the user based on past behavior. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 152). Kindle Edition.

Answer 111

B. Provides privileged access only when needed Explanation: Just-in-time provides privileged access only when needed, not previously. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 152). Kindle Edition.

Answer 112

A. An identity governance feature allows organizations to manage their identities and gain extensive access to their lifecycle Explanation: Permissions management is an identity governance feature that allows organizations to manage their identities and gain extensive access to their lifecycle. Permission management automates access request workflows, access assignments, reviews, and expiration dates. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 152). Kindle Edition.

Answer 113

B. 3 Explanation: Azure AD Identity Governance allows organizations to perform the following tasks: Govern the identity lifecycle Govern access lifecycle Secure privileged access for administration Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 153). Kindle Edition.

Answer 114

A. Management of ID lifecycle users Explanation: Management of ID lifeycle users is the focus of identity management

Answer 115

A. Manage Permissions Explanation: If a user not already in the directory requests and approves access, the user is automatically invited to the directory and granted access. If your access has expired and no other access packages have been assigned, your B2B account may be automatically removed from the directory. A feature of Azure AD Premium P2, Manage Permissions, uses access packages to manage access to resources. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 153). Kindle Edition.

Answer 116

C. Trust no one, verify everything Explanation: “Trust no one, verify everything.” This is a principle upon which Zero Trust Methodology operates. It believes that nothing is worth our trust, even the resources behind the firewalls of a corporate network. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 153-154). Kindle Edition.

Answer 117

B. Salting Passwords Explanation: To avoid such risks, a fixed-length random value is added to the input of the hash function to create a new hash for all the given inputs. This process is called ‘salting’ the passwords. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 154). Kindle Edition.

Answer 118

A. First Explanation: The first and initial stage of the life cycle of the cloud adoption framework is defining strategies so that all the other stages can proceed without any hurdles. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 154). Kindle Edition.

Answer 119

A. PaaS serves for building, testing, and deploying software applications Explanation: PaaS serves for building, testing, and deploying software applications. PaaS aims to help you create an application quickly without dealing with any problem that comes in the way of proficiently managing the infrastructure. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 154). Kindle Edition.

Answer 120

A. Azure Active Directory Explanation: Azure Active Directory will be the next evolution of identity and access management solutions

Answer 121

A. The central component in organizations with an on-premises IT foundation Explanation: AD DS is the central component in organizations with on-premises IT foundations. Through AD DS, organizations can manage multiple on-premises infrastructure components and systems that use a single identity for each user. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 155). Kindle Edition.

Answer 122

B. Single Sign-on Explanation: Single sign-on is the full form of SSO. It is an authentication solution that allows users to safely log in to numerous apps and websites with just one set of credentials. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 155). Kindle Edition.

Answer 123

A. Client and Server Explanation: Modern authentication is a term used for authentication and authorization methods between a client and server

Answer 124

B. Identity Provider Explanation: Identity provider plays the main role in modern authentication. An identity provider creates, maintains, and manages all identity information while offering authentication, authorization, and auditing services. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 156). Kindle Edition. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 155). Kindle Edition.

Answer 125

B. Create a new network security rule that allows RDP traffic and that has a higher priority than the default rule Explanation: You can create a new rule to allow RDP with a higher priority than the default rule

Answer 126

B. Standard Explanation: The Standard service tier offers additional mitigation capabilities tuned specifically to Microsoft Azure Virtual Network resources. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 156). Kindle Edition.

Answer 127

A. Azure Bastion is deployed per virtual network, with support for virtual network peering Explanation: Azure Bastion deployment is per virtual network with support for virtual network peering, not per subscription/account or virtual machine. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 156). Kindle Edition.

Answer 128

C. Azure Key Vault Explanation: Azure Key Vault is a unified cloud service for storing your application secrets

Answer 129

A. Azure Security Benchmark Explanation: The Azure Security Benchmark offers prescriptive best practices and recommendations to help enhance the security of workloads, data, and services on Azure. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 157). Kindle Edition.

Answer 130

B. Remediate security recommendations Explanation: Remediate security recommendations from the recommendations list to enhance a secure score. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 157). Kindle Edition.

Answer 131

B. Network Map Explanation: The network map offers a map of the topology of your network workloads, which allows you to block unwanted connections. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 157). Kindle Edition.

Answer 132

B. Collect, Detect, Investigate, and Respond Explanation: A SIEM/SOAR solution uses to collect, identify, investigate, and respond to identify and protect your organization's network perimeter. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 133

A. Azure Monitor Workbooks Explanation: Explanation: The Microsoft Sentinel integration with Azure Monitor Workbooks lets you monitor data and offers versatility in creating custom workbooks. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 134

A. Microsoft Defender for Office 365 Explanation: Microsoft Defender for Office 365 protects against malicious threats posted by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 135

C. Data Security Explanation: An admin can detect and control sensitive information and react to classification labels on content through the Data Security pillar. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 158). Kindle Edition.

Answer 136

B. Microsoft Defender for Identity Explanation: Microsoft Defender for Identity is a cloud-based security solution that recognizes, detects, and facilitates investigating advanced threats, compromised identities, and malicious insider actions directed at your organization. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 137

B. Secure Score Explanation: In the M365 Defender portal, Secure Score will give a snapshot of an organization’s security posture and offer details on how to improve it. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 138

A. Group by topic Explanation: Use this filter to view security cards arranged by risk, detection trends, configuration, and health. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 139

C. Incidents Explanation: An incident is a set of correlated alerts that make up the story of an attack. For further detail, you can visit the given URL. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 159). Kindle Edition.

Answer 140

A. Mobile Application Management (MAM) Explanation: This service will allow you to manage apps on your employee’s mobile devices without needing full control. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 141

C. Windows devices Explanation: Security baseline settings are used only on Windows 10 version 1809 or later tools. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 142

B. 100 Explanation: The DDoS Standard Protection service has a fixed monthly charge that includes protection for 100 resources, and protection for additional resources is charged monthly per resource. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 143

C. Both of the above Explanation: Bastion provides a secure RDP and SSH connectivity to all VMs in the virtual and peered virtual networks in which it is provisioned. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 160). Kindle Edition.

Answer 144

A. SIEM Explanation: A SIEM system is a tool that an organization uses to gather data from across the whole estate, including infrastructure, software, and resources. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 161). Kindle Edition.

Answer 145

B. SOAR Explanation: The SOAR system triggers action-driven automated workflows and processes to run security tasks that lessen the issue. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 161). Kindle Edition.

Answer 146

A. CSPM Eplanation: CSPM uses tools and services to monitor and prioritize security enhancements and features in your cloud environment

Answer 147

A. CSPM Explanation: CSPM uses tools and services to monitor and prioritize security enhancements and features in your cloud environment

Answer 148

A. Customer control, transparency, and security Explanation: The foundation of Microsoft's approach to privacy is created on the following six principles: customer control, transparency, and security, strong legal protections for privacy, no content-based targeting, and advantages to customers. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 162). Kindle Edition.

Answer 149

A. Compliance Administrator Role Explanation: Compliance Administrator Role is one of the multiple roles you can use to get into the Compliance Center

Answer 150

C. Controls that both your organization and Microsoft share responsibility for executing Explanation: Both your organization and microsoft work together to execute these controls

Answer 151

A. Compliance Manager is an end-to-end Microsoft 365 Compliance Center solution that allows admins to manage and track compliance activities Explanation: Compliance Manager offers admins the capabilities to understand and improve their compliance score to understand and improve their compliance score to enhance the organizations compliance posture and help it stay in line with its compliance requirements

Answer 152

C. Govern your data Explanation: Capabilities like retention policies, retention labels and records management allows organizations to govern their data

Answer 153

C. Use sensitive information types Explanation: Microsoft provides built in sensitive information types that you can use to detect data such as credit card numbers

Answer 154

B. Use sensitivity labels Explanation: Sensitivity labels help ensure that emails can only be decrypted by users authorized by the label's encryption settings. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 163). Kindle Edition.

Answer 155

A. Use data loss prevention policies Explanation: With data loss prevention policies administrators can now define policies that stop users from sharing sensitive information in a Microsoft Teams chat session or Teams channel

Answer 156

C. Use retention policies Explanation: You can use retention policies to describe data retention for all documents on a SharePoint site

Answer 157

A. To detect and defend against risks like an employee sharing confidential information Explanation: Use risk management to help safe guard your organization against these risks

Answer 158

B. Use Communication Compliance Explanation: Communication compliance helps reduce communication risks by allowing you to detect, capture and take remediation actions for inappropriate messages in the organization

Answer 159

C. Use information barriers Explanation: With information barriers, you can restrict communications among specific groups of users when necessary

Answer 160

A. Add them as a member of the eDiscovery Manager role group Explanation: Members of this role group can make and manage Core eDiscovery cases

Answer 161

C. Advanced eDiscovery Explanation: Advanced eDiscvoery allows you to collect and copy data into review sets, where you can filter, search and tag content to identify and focus on the most relevant content

Answer 162

A. Advanced Auditing Explanation: Advanced Auditing helps organizations organize forensic and compliance investigations by offering access to these crucial events. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 165). Kindle Edition.

Answer 163

C. Azure Blueprints Explanation: Azure Blueprint will allow your development teams to define a repeatable set of Azure resources and achieve shorter development time and faster delivery

Answer 164

B. Use Azure Policy Explanation: Azure Policy ensures that your Azure resources comply with your organizations business rules

Answer 165

B. Data Map Explanation: Azure Purview Data Map can capture metadata about enterprise data to identify and classify sensitive data

Answer 166

C. Both of the above Explanation: Admins can customize the card section by moving cards around or adding/removing cards displayed on the home screen

Answer 167

A. Controls Explanation: It defines how to assess and manage system configuration, organizational process, and people responsible for meeting a specific regulation requirement, standard or policy

Answer 168

A. Manager Explanation: Compliance Manager is an end to end solution in Microsoft 365 compliance center to allow admins to manage and track compliance activities

Answer 169

B. Score Explanation: A compliance score is a calculation of the overall compliance posture across the organization and the compliance score is available through the Compliance Manager

Answer 170

A. Protection Explanation: MIcrosoft Information Protection (MIP) discovers, classifies, and keeps sensitive and business critical content throughout its lifecycle across your organization

Answer 171

B. Governance Explanation: MIcrosoft Information Governance (MIG) manages your content lifecycle using solutions to import, store and classify business critical data so you can keep what you need and delete what you do not

Answer 172

B. Activity Explanation: Activity explorer offers visibility into what content has been discovered and labeled and where that content is

Answer 173

A. Active Directory - Password Explanation: Use Active Directory password authentication when connecting with an Azure AD principal using the Azure AD managed domain

Answer 174

B. An Azure Active Directory (Azure AD) role assignment Explanation: Azure also creates a service principal to support cluster operability with other Azure resources when you create an AKS cluster. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you must create an Azure AD role assignment that grants the cluster's service principal access to the container registry. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 169). Kindle Edition.

Answer 175

A. From Azure Monitor, create an action group. Explanation: An alert is sent out when Azure Monitor data suggests that your infrastructure or application may be experiencing a problem. Action groups are then used by Azure Monitor, Azure Service Health, and Azure Advisor to inform users of the alert and initiate a response. The owner of an Azure subscription can specify a group of notification preferences known as an action group. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 170). Kindle Edition.

Answer 176

D. Pass-through authentication with seamless single sign-on Explanation: The Microsoft documentation has a clear decision tree regarding which method to use if you want to use both your on-premises Active Directory and Azure AD. This shows a clear path if you want to enforce user-level Active directory policies. Options A and B are incorrect since you would need to implement additional servers for Active Directory Federation Services. And there is a key requirement to reduce the “number of servers required for the entire implementation”. Option C is incorrect since this would not allow for the enforcement of Active Directory rules. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 170-171). Kindle Edition.

Answer 177

B. From Microsoft Defender for Cloud, configure adaptive application controls. Explanation: Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Microsoft Defender for Cloud. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 171-172). Kindle Edition.

Answer 178

B. Self-Service Password Reset for cloud users Explanation: SSPR feature is available in Azure Active Directory and is also used for help desk professionals. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 172). Kindle Edition.

Answer 179

B. No Explanation: Azure Key Vault is a useful service that hides the actual passwords and keys from other parties. It secures the network by defining the access policy that allows secure access to secrets and passwords. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 172). Kindle Edition.

Answer 180

D. Azure Multi-Factor Authentication Explanation: Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. MFA is based on “Something you know (id and password), something you have (phone or other hardware), and something you are (face recognization or biometric)”. Option A is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Option B is invalid because the DDoS Protection service protects an application against DDoS attacks. Option C is invalid because the Azure Key Vault provides the protection of application secrets in encrypted form. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 172-173). Kindle Edition.

Answer 181

C. Azure Network Security Group Explanation: Network Security Group (NSG) is required in the configuration of a Virtual Network (VNet) where different virtual machines (VM) within the subnet are connecting with each other. NSG uses Access Control List (ACL) rules to allow or deny network traffic access to the subnet or VM. Option A is invalid because the DDoS Protection service protects applications against DDoS attacks. Option B is invalid because the Azure Key Vault provides the protect application secrets in encrypted form. Option D is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 173). Kindle Edition.

Answer 182

A. Yes Explanation: Azure Active Directory service is a management service that combines identity protection service and access management. Many users can securely access the Azure service by entering their username and password. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 173). Kindle Edition.

Answer 183

B. No Explanation: Azure Active Directory holds users and groups in Azure. To reduce the cost overhead, the elimination of users from Azure Active Directory (AD) is not a solution. Azure AD offers to create 500,00 objects for free which include both users and groups. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 174). Kindle Edition.

Answer 184

B. No Explanation: Azure AD service is used for better and more secure access to resources. It is a mandatory service when users create an Azure account. There is no need to implement any domain controller service in Azure. Azure is a Platform as a Service (PaaS) where all the infrastructural work is managed by Microsoft. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 174). Kindle Edition.

Answer 185

B. No Explanation: Azure Active Directory holds users and groups in Azure. Eliminating users from Azure Active Directory (AD) is not a solution to reduce the cost overhead. Azure AD offers to create 500,00 objects for free, including users and groups. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 174). Kindle Edition.

Answer 186

C. Azure AD Identity Protection Explanation: Multi-Factor Authentication (MFA) is a multi-layer authentication process that checks the user's identity at different levels, such as username and password detection, Biometric verification, sending code on the given device, etc. Azure AD Identity protection monitors every user's identity in different phases. It helps MFA to create an authentication level using different key requirements. Option A is invalid because it provides protection services against DDoS attacks. Option B is not used because Azure privileged identity management is responsible for managing and monitoring important resources for a limited period. Option D is invalid because Microsoft Defender for Cloud allows users to monitor the security features for the Azure resources and on-premises. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 175). Kindle Edition.

Answer 187

B. No Explanation: There are multiple ways of identity management in Azure. One and most implemented secure method is Multi-Factor Authentication (MFA). MFA can be implemented using fraud alerts, blocking/unblocking users, phone call settings, notification verification, etc. Such an authentication method is termed a conditional access policy that can be achieved by Azure Active Directory (AAD). Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 175). Kindle Edition.

Answer 188

A. True Explanation: Azure AD is the first service created when users sign in. It provides multiple ways of protection features when users log in to Azure. For authorization, access management policies are used in Azure. Azure AD is the directory service that stores information and provides secured and authorized user access to the resources. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 176). Kindle Edition.

Answer 189

B. No Explanation: Azure Management Groups manage resources in the Resource Group. It managed resources in a hierarchy so the resources could be easily scaled up and down. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 176). Kindle Edition.

Answer 190

A. Microsoft Office 365 Explanation: Microsoft Office 365, a Software as a Service (SaaS) platform that allows users to access the application without managing and controlling the underlying cloud infrastructure. Options B and C are invalid because they are PaaS that gives users access to software development resources to create their own applications using programming languages, services, and libraries. Option D is invalid because Virtual Machine is an Infrastructure as a Service (IaaS) platform that allows users to access resources in a virtual environment. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 176). Kindle Edition.

Answer 191

B. No Explanation: Content Delivery Network (CDN) is a distributed network of servers that can deliver web content close to users. Within Azure, CDN places the duplicates of data at the data center closer to the user side, and users can easily log into the application they want. The data center present closer to the users is called edge nodes/edge servers containing a cache of files that provide the edge of the internet close to the users. It is not responsible for directing traffic load to the backend. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 177). Kindle Edition.

Answer 192

B. False Explanation: Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. MFA is based on “Something you know (id and password), something you have (phone or other hardware), and something you are (face recognization or biometric)”. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 177). Kindle Edition.

Answer 193

B. No Explanation: Azure Firewall defines rules for the incoming and outgoing traffic in the network to ensure the security of resources in the network. It does not create a blockage between Azure and the internet. It provides a secure protection layer between Azure and the internet to provide throughput without any unwanted incident or blockage. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 177-178). Kindle Edition.

Answer 194

B. Operating Expenditure Explanation: In cloud computing, the software, cloud applications, storage, IT operations, and rented hardware are Operation Expenditures. The usage of the azure resources, services, deployment of the networks, and building of applications all come in operational expenditure. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 178). Kindle Edition.

Answer 195

C. In the Azure Marketplace Explanation: Azure Marketplace is an online store with thousands of VMs, developer services, and applications. Cloud-based solutions can easily sell to others using Azure Marketplace. It also enables to development of the applications by seeking help and using tools available in Azure Marketplace. It is clear from the explanation that all the remaining options are invalid. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 178). Kindle Edition.

Answer 196

A. Yes Explanation: Azure Blueprint enables us to design and package the entire Azure environment, including preferred policy, ARM template, and role-based access assignment. These blueprints assign to multiple subscriptions, which can help us to scale up the use of Azure. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 178). Kindle Edition.

Answer 197

A. Yes Explanation: Azure provides the following authentication methods for both Multi-Factor authentication and self-service password reset. In this, SMS is an authentication method available. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 179). Kindle Edition.

Answer 198

D. Enable Conditional Access Explanation: To secure user sign-in events in Azure AD, you can require Multi-Factor Authentication (MFA). Enabling Azure AD Multi-Factor Authentication using Conditional Access policies is the recommended approach to protect users. Conditional Access is an Azure AD Premium P1 or P2 feature that lets you apply rules to require MFA as needed in certain scenarios. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 180). Kindle Edition.

Answer 199

A. Yes Explanation: Yes, this is the correct service to fulfill this condition. With the aid of the Azure Key Vault service, the company can store secrets, encryption keys, and certificates. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 180). Kindle Edition.

Answer 200

B. Azure Policies Explanation: This requirement can be fulfilled by the use of Azure Policies. With Azure policies, we can apply an in-built policy to define the SKU size that can be used to launch an Azure virtual machine. As shown in the figure below, an in-built policy can already be utilized for this purpose. Option A is invalid because this is used for shielding resources from accidental deletion. Option C is invalid because this is applied to orchestrate the deployment of resources. Option D is invalid because this is adopted to organize resources logically. Hence Option B is the correct answer. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 180-181). Kindle Edition.

Answer 201

C. Azure Blueprints Explanation: Azure Blueprints can be adopted to orchestrate the deployment of multiple resource templates and artifacts that include. Role Assignments Policy Assignments Azure Resource Manager templates (ARM templates) Resource Groups Option B is invalid because this is used as a governance service for our resources. Option D is invalid because this is adopted to organize resources logically. Option A is invalid because this is used to shield resources from accidental deletion. Hence Option C is the correct answer. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 181-182). Kindle Edition.

Answer 202

D. Azure Active Directory Explanation: Explanation: Azure Multi-Factor Authentication can be enabled in a couple of ways. This can be done from Azure Active Directory. As shown in the figure below, if we go to the Users section, we can enable Multi-Factor Authentication. The other options are invalid because we cannot enable Multi-Factor Authentication in the other services. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 182). Kindle Edition.

Answer 203

C. A user-defined route Explanation: Although the use of system routes facilitates traffic automatically for your deployment, there are cases in which you want to control the routing of packets through a virtual appliance. You can do so by creating user-defined routes that specify the next hop for packets flowing to a specific subnet to go to your virtual appliance instead enabling IP forwarding for the VM running as the virtual appliance. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 183). Kindle Edition.

Answer 204

A. Yes Explanation: For VM, you have to create an Inbound port in the Networking Security group to check whether the RDP port is set or not. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 183). Kindle Edition.

Answer 205

D. az keyvault create Explanation: Azure Key Vault is a useful service that hides the actual passwords and keys from other parties. It secures the network by defining the access policy that allows secure access to secrets and passwords. You can use the following command to create a Key Vault using Azure CLI. az keyvault create --name "" --resource-group "ips-rg" --location "EastUS" This command will output the newly created key vault properties in JSON format. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 183-184). Kindle Edition.

Answer 206

A. Outbound Explanation: With the outbound policy, you can easily remove the formatting text from the responses. To remove the formatting text, you will require to add “find and replace” command with certain detail as shown below.

\n "; str += context.Request.Method; str += " \""; str += context.Variables.GetValueOrDefault("requestPath"); str += "\""; return str; }" />

From the above explanation, all the remaining options are invalid for the given situation. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 184-185). Kindle Edition.

Answer 207

B. Inbound Explanation: You can apply inbound policy at the API level to provide additional context information to the backend service. The following set of commands with certain detail can be used in this case. @(context.User.Id) @(context.Deployment.Region) From the above explanation, all the remaining options are invalid for the given situation. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 185). Kindle Edition.

Answer 208

D. deployIfNOtExist Explanation: Since the effect of “DeployIfNotExist”, looks at deployment, it would need managed service identity. This is also mentioned in the Microsoft documentation. Since this is clear from the Microsoft documentation, all other options are incorrect. For more information on remediating resources, Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 187). Kindle Edition.

Answer 209

A. Azure DDoS Protection Explanation: Azure DDoS Protection services protect the applications against targeted DDoS attacks. With DDoS Protection, the traffic always remains within the Azure data center. It also helps in the performance because Azure DDoS protection does the attack mitigation; that’s how traffic does not leave the data center. Option B is invalid because the Azure Key Vault protects application secrets in encrypted form. Option C is invalid because Multi-Factor Authentication (MFA) provides a high level of secure access by acquiring different types of authentication methods. Option D is invalid because the Network Security Group (NSG) acts as a resource firewall to prevent network resources from unwanted traffic loads. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 187). Kindle Edition.

Answer 210

A. This is the act of providing legitimate credentials Explanation: The eligibility and identity of the users are called authentication. It is the way of checking whether the user is valid to access the resource or not. The validation is done by checking the user’s credentials in the company database. All the remaining options are invalid as they belong to the authorization process. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (pp. 187-188). Kindle Edition.

Answer 211

C. Locks Explanation: Azure Lock is the resource that protects the Resource group from any unwanted incident. Azure has two types of locks. Readonly lock, which allows authorized users to read the resources only. They are unable to make changes in the resources. The second type of lock is Delete, to ensure that the user is not allowed to delete the resource. Option A is invalid because it defines the security features for the protection of resources. Option B is invalid because it provides access rights to an authorized user. Option D is invalid because it shows the configuration of the selected resource. Specialist, IP. SC-900: Microsoft Security, Compliance, and Identity Fundamentals: +250 Exam Practice Questions with Detail Explanations and Reference Links : Second Edition - 2023 (p. 188). Kindle Edition.

SC900 Kindle IP Specialist Flashcards

(246 cards)