Professional Documents
Culture Documents
SC-900 Exam
SC-900 Exam
QUESTION 1
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 2
HOTSPOT
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/
QUESTION 3
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
D283ABFBEDB32CDCE3B3406B9C29DB2F
QUESTION 4
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 5
HOTSPOT
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
QUESTION 6
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: Yes
System updates reduces security vulnerabilities, and provide a more stable environment for end users. Not
applying updates leaves unpatched vulnerabilities and results in environments that are susceptible to attacks.
Box 2: Yes
Box 3: Yes
If you only use a password to authenticate a user, it leaves an attack vector open. With MFA enabled, your
accounts are more secure.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls
QUESTION 7
D283ABFBEDB32CDCE3B3406B9C29DB2F
Which score measures an organization's progress in completing actions that help reduce risks associated to
data protection and regulatory standards?
Correct Answer: D
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-
worldwide
QUESTION 8
What do you use to provide real-time integration between Azure Sentinel and another security source?
A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector
Correct Answer: D
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Explanation:
To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a
number of connectors for Microsoft solutions, including Microsoft 365 Defender solutions, and Microsoft 365
sources, including Office 365, Azure AD, Microsoft Defender for Identity, and Microsoft Cloud App Security, etc.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview
QUESTION 9
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory
standard, such as International Organization for Standardization (ISO)?
Correct Answer: C
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Explanation:
The Microsoft Service Trust Portal contains details about Microsoft's implementation of controls and processes
D283ABFBEDB32CDCE3B3406B9C29DB2F
that protect our cloud services and the customer data therein.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-
worldwide
QUESTION 10
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
Correct Answer: D
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
QUESTION 11
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: Yes
D283ABFBEDB32CDCE3B3406B9C29DB2F
Box 2: Yes
Box 3: No
The Zero Trust model does not assume that everything behind the corporate firewall is safe, the Zero Trust
model assumes breach and verifies each request as though it originated from an uncontrolled network.
Reference:
https://docs.microsoft.com/en-us/security/zero-trust/
QUESTION 12
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://privacy.microsoft.com/en-US/
QUESTION 13
HOTSPOT
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Explanation/Reference:
QUESTION 14
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Explanation/Reference:
Explanation:
Box 1: Yes
A certificate is required that provides a private and a public key.
Box 2: Yes
The public key is used to validate the private key that is associated with a digital signature.
Box 3: Yes
The private key, or rather the password to the private key, validates the identity of the signer.
Reference:
https://support.microsoft.com/en-us/office/obtain-a-digital-certificate-and-create-a-digital-signature-e3d9d813-
3305-4164-a820-2e063d86e512
https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/organization-administration/electronic-
signature-overview
QUESTION 15
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 16
HOTSPOT
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
QUESTION 17
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
QUESTION 18
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready
phase? Each correct answer presents a complete solution.
D283ABFBEDB32CDCE3B3406B9C29DB2F
A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy
Correct Answer: AE
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/overview
QUESTION 19
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 20
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
D283ABFBEDB32CDCE3B3406B9C29DB2F
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 21
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline
D283ABFBEDB32CDCE3B3406B9C29DB2F
QUESTION 22
What is an example of encryption at rest?
Correct Answer: B
Section: Describe the Concepts of Security, Compliance, and Identity
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
QUESTION 23
Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer
presents a complete solution.
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/security/zero-trust/
QUESTION 24
HOTSPOT
Which service should you use to view your Azure secure score? To answer, select the appropriate service in
the answer area.
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track
QUESTION 25
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
D283ABFBEDB32CDCE3B3406B9C29DB2F
D. conditional access policies
Correct Answer: D
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-
common
QUESTION 26
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD
DS) and Azure Active Directory (Azure AD)?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
QUESTION 27
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Box 1: Yes
Azure AD supports custom roles.
Box 2: Yes
Global Administrator has access to all administrative features in Azure Active Directory.
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
QUESTION 28
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Box 1: No
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Box 2: Yes
Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your
Microsoft 365 subscription.
Box 3: Yes
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
QUESTION 29
HOTSPOT
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
D283ABFBEDB32CDCE3B3406B9C29DB2F
Explanation/Reference:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview
QUESTION 30
What is the purpose of Azure Active Directory (Azure AD) Password Protection?
Correct Answer: D
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also
block additional weak terms that are specific to your organization.
With Azure AD Password Protection, default global banned password lists are automatically applied to all users
in an Azure AD tenant. To support your own business and security needs, you can define entries in a custom
banned password list.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises
QUESTION 31
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically
remove users that no longer require membership in a group?
A. access reviews
B. managed identities
C. conditional access policies
D. Azure AD Identity Protection
Correct Answer: A
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group
memberships, access to enterprise applications, and role assignments.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
QUESTION 32
HOTSPOT
D283ABFBEDB32CDCE3B3406B9C29DB2F
Select the answer that correctly completes the sentence.
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional
form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
QUESTION 33
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Box 1: Yes
Box 2: No
Conditional Access policies are enforced after first-factor authentication is completed.
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
QUESTION 34
HOTSPOT
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
QUESTION 35
HOTSPOT
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active
Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious
insider actions directed at your organization.
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
QUESTION 36
HOTSPOT
D283ABFBEDB32CDCE3B3406B9C29DB2F
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
QUESTION 37
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage
Azure resources?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Azure AD Privileged Identity Management (PIM) provides just-in-time privileged access to Azure AD and Azure
resources
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 38
D283ABFBEDB32CDCE3B3406B9C29DB2F
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct
answer presents a complete solution.
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
QUESTION 39
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between
members of two departments at your organization?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers
QUESTION 40
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
QUESTION 41
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Box 1: Yes
Conditional access policies can be applied to all users
Box 2: No
Conditional access policies are applied after first-factor authentication is completed.
D283ABFBEDB32CDCE3B3406B9C29DB2F
Box 3: Yes
Users with devices of specific platforms or marked with a specific state can be used when enforcing
Conditional Access policies.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
QUESTION 42
HOTSPOT
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
When you register an application through the Azure portal, an application object and service principal are
automatically created in your home directory or tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
QUESTION 43
Which three authentication methods does Windows Hello for Business support? Each correct answer presents
a complete solution.
A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question
Explanation/Reference:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-
authentication
QUESTION 44
HOTSPOT
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
QUESTION 45
You have an Azure subscription.
D283ABFBEDB32CDCE3B3406B9C29DB2F
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Correct Answer: D
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 46
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
D283ABFBEDB32CDCE3B3406B9C29DB2F
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-
admin-mfa
QUESTION 47
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security
QUESTION 48
HOTSPOT
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
QUESTION 49
What should you use in the Microsoft 365 security center to view security trends and track the protection status
of identities?
A. Attack simulator
B. Reports
C. Hunting
D. Incidents
Correct Answer: B
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reports-and-insights-in-security-
and-compliance?view=o365-worldwide
QUESTION 50
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide
QUESTION 51
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete
solution.
D283ABFBEDB32CDCE3B3406B9C29DB2F
A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction
Correct Answer: AD
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?
view=o365-worldwide
QUESTION 52
DRAG DROP
To answer, drag the appropriate service from the column on the left to its description on the right. Each service
may be used once, more than once, or not at all.
Correct Answer:
Explanation/Reference:
Explanation:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Azure portal over TLS.
Reference:
https://docs.microsoft.com/en-us/azure/networking/fundamentals/networking-overview
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
https://docs.microsoft.com/en-us/azure/firewall/features
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
QUESTION 53
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and
security orchestration automated response (SOAR) solution.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview
QUESTION 54
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: Yes
Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases,
containers, web applications, your network, your storage, and more
Box 2: Yes
Cloud security posture management (CSPM) is available for free to all Azure users.
Box 3: Yes
Azure Security Center is a unified infrastructure security management system that strengthens the security
posture of your data centers, and provides advanced threat protection across your hybrid workloads in the
cloud - whether they're in Azure or not - as well as on premises.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/azure-defender
https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction
https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction
QUESTION 55
HOTSPOT
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide
QUESTION 56
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure
D283ABFBEDB32CDCE3B3406B9C29DB2F
virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or
outbound network traffic from, several types of Azure resources. For each rule, you can specify source and
destination, port, and protocol.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
QUESTION 57
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune
https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-device-management
QUESTION 58
D283ABFBEDB32CDCE3B3406B9C29DB2F
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal
QUESTION 59
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by
reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D283ABFBEDB32CDCE3B3406B9C29DB2F
D. network protection
Correct Answer: D
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Explanation:
Network protection helps protect devices from Internet-based events. Network protection is an attack surface
reduction capability.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-
worldwide
QUESTION 60
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview
QUESTION 61
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a
complete solution.
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer: DE
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
QUESTION 62
You plan to implement a security strategy and place multiple layers of defense throughout a network
infrastructure.
A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model
Correct Answer: C
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth
QUESTION 63
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
QUESTION 64
What can you use to scan email attachments and forward the attachments to recipients only if the attachments
are free from malware?
Correct Answer: A
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-
description
QUESTION 65
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide
QUESTION 66
What can you use to provide threat detection for Azure SQL Managed Instance?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
QUESTION 67
D283ABFBEDB32CDCE3B3406B9C29DB2F
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 68
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices
from accessing corporate resources?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Security Solutions
Explanation
Explanation/Reference:
QUESTION 69
Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each
correct answer presents a complete solution.
D283ABFBEDB32CDCE3B3406B9C29DB2F
A. Display policy tips to users who are about to violate your organization’s policies.
B. Enable disk encryption on endpoints.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
D. Apply security baselines to devices.
Correct Answer: AC
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
QUESTION 70
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-
worldwide#how-compliance-manager-continuously-assesses-controls
QUESTION 71
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
D283ABFBEDB32CDCE3B3406B9C29DB2F
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: Yes
You can use sensitivity labels to provide protection settings that include encryption of emails and documents to
prevent unauthorized people from accessing this data.
Box 2: Yes
You can use sensitivity labels to mark the content when you use Office apps, by adding watermarks, headers,
or footers to documents that have the label applied.
Box 3: Yes
You can use sensitivity labels to mark the content when you use Office apps, by adding headers, or footers to
email that have the label applied.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
QUESTION 72
D283ABFBEDB32CDCE3B3406B9C29DB2F
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific
conditions?
A. Content Search
B. sensitivity labels
C. retention policies
D. eDiscovery
Correct Answer: B
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide
QUESTION 73
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Explanation/Reference:
Explanation:
Box 1: No
Compliance Manager tracks Microsoft managed controls, customer-managed controls, and shared controls.
Box 2: Yes
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide
QUESTION 74
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
QUESTION 75
What is a use case for implementing information barrier policies in Microsoft 365?
Correct Answer: C
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policies?view=o365-worldwide
QUESTION 76
What can you use to provision Azure resources across multiple subscriptions in a consistent manner?
A. Azure Defender
B. Azure Blueprints
C. Azure Sentinel
D. Azure Policy
Correct Answer: B
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
QUESTION 77
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: Yes
The MailItemsAccessed event is a mailbox auditing action and is triggered when mail data is accessed by mail
protocols and mail clients.
Box 2: No
Basic Audit retains audit records for 90 days.
Advanced Audit retains all Exchange, SharePoint, and Azure Active Directory audit records for one year. This
is accomplished by a default audit log retention policy that retains any audit record that contains the value of
Exchange, SharePoint, or AzureActiveDirectory for the Workload property (which indicates the service in which
the activity occurred) for one year.
Box 3: yes
Advanced Audit in Microsoft 365 provides high-bandwidth access to the Office 365 Management Activity API.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
D283ABFBEDB32CDCE3B3406B9C29DB2F
https://docs.microsoft.com/en-us/microsoft-365/compliance/auditing-solutions-overview?view=o365-
worldwide#licensing-requirements
https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-
365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#advanced-
audit
QUESTION 78
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: No
Box 2: Yes
Leaked Credentials indicates that the user's valid credentials have been leaked.
D283ABFBEDB32CDCE3B3406B9C29DB2F
Box 3: Yes
Multi-Factor Authentication can be required based on conditions, one of which is user risk.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa
QUESTION 79
Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft
SharePoint Online site that contain a specific key word?
A. Audit
B. Compliance Manager
C. Content Search
D. Alerts
Correct Answer: C
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Explanation:
The Content Search tool in the Security & Compliance Center can be used to quickly find email in Exchange
mailboxes, documents in SharePoint sites and OneDrive locations, and instant messaging conversations in
Skype for Business.
The first step is to starting using the Content Search tool to choose content locations to search and configure a
keyword query to search for specific items.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide
QUESTION 80
HOTSPOT
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-
worldwide
QUESTION 81
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of
customers and their associated credit card numbers?
A. retention policies
B. data loss prevention (DLP) policies
C. conditional access policies
D. information barriers
Correct Answer: B
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
QUESTION 82
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
QUESTION 83
In a Core eDiscovery workflow, what should you do before you can search for content?
D283ABFBEDB32CDCE3B3406B9C29DB2F
A. Create an eDiscovery hold.
B. Run Express Analysis.
C. Configure attorney-client privilege detection.
D. Export and download results.
Correct Answer: A
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide
QUESTION 84
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
Correct Answer: A
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-
worldwide
QUESTION 85
What can you protect by using the information protection solution in the Microsoft 365 compliance center?
Correct Answer: D
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide
QUESTION 86
What can you specify in Microsoft 365 sensitivity labels?
Correct Answer: C
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
QUESTION 87
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: No
Advanced Audit helps organizations to conduct forensic and compliance investigations by increasing audit log
retention.
Box 2: No
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
QUESTION 88
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
D283ABFBEDB32CDCE3B3406B9C29DB2F
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
QUESTION 89
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-
worldwide
QUESTION 90
HOTSPOT
Hot Area:
Correct Answer:
Explanation/Reference:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
QUESTION 91
In a Core eDiscovery workflow, what should you do before you can search for content?
Correct Answer: A
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide
QUESTION 92
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Explanation:
Box 1: Yes
Azure AD supports custom roles.
Box 2: Yes
Global Administrator has access to all administrative features in Azure Active Directory.
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
QUESTION 93
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
Correct Answer: A
Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-
worldwide
QUESTION 94
HOTSPOT
Which service should you use to view your Azure secure score? To answer, select the appropriate service in
the answer area.
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track
QUESTION 95
HOTSPOT
Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
Correct Answer:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
D283ABFBEDB32CDCE3B3406B9C29DB2F
1.
You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the
following actions:
✑ Publish Sensitivity1.
✑ Create an auto-labeling policy for Sensitivity2.
You plan to create a file policy named Policy1 in Microsoft Cloud App Security.
Which sensitivity labels can you apply to Microsoft SharePoint Online in
Policy1?
• A. Sensitivity1 only
• B. Sensitivity1, Sensitivity2, and Sensitivity3
• C. Sensitivity2 only
• D. Sensitivity1 and Sensitivity2 only
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-wo
rldwide https://docs.microsoft.com/en-us/cloud-app-security/azip-integration
2.
You have a Microsoft OneDrive for Business folder that contains the files shown in the following table.
In Microsoft Cloud App Security, you create a file policy to automatically apply a classification.
What is the effect of applying the policy?
• A. The policy will apply to only the .docx and .txt files. The policy will classify the files within 24
hours.
• B. The policy will apply to all the files. The policy will classify only 100 files daily.
• C. The policy will apply to only the .docx files. The policy will classify only 100 files daily.
• D. The policy will apply to only the .docx and .txt files. The policy will classify the files
immediately.
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/azip-integration
3.
HOTSPOT -
You have a Microsoft 365 tenant named contoso.com that contains two users named User1 and User2. The
tenant uses Microsoft Office 365 Message Encryption
(OME).
User1 plans to send emails that contain attachments as shown in the following table.
User2 plans to send emails that contain attachments as shown in the following table.
For which emails will the attachments be protected? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference:
https://support.microsoft.com/en-gb/office/introduction-to-irm-for-email-messages-bb643d33-4a3f-4ac7-9770-fd
50d95f58dc?ui=en-us&rs=en- gb&ad=gb#FileTypesforIRM
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome?view=o365-worldwide
https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-
online-limits#message-limits-1
4.
HOTSPOT -
You use project codes that have a format of three alphabetical characters that represent the project type,
followed by three digits, for example Abc123.
You need to create a new sensitive info type for the project codes.
How should you configure the regular expression to detect the content? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference:
https://joannecklein.com/2018/08/07/build-and-use-custom-sensitive-information-types-in-office-365/
5.
HOTSPOT -
You have a Microsoft SharePoint Online site named Site1 and a sensitivity label named Sensitivity1.
Sensitivity1 adds a watermark and a header to content.
You create a policy to automatically apply Sensitivity1 to emails in Microsoft Exchange Online and Site1.
How will Sensitivity1 mark matching emails and Site1 documents? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
6.
HOTSPOT -
You need to implement an information compliance policy to meet the following requirements:
✑ Documents that contain passport numbers from the United States, Germany, Australia, and Japan must be
identified automatically.
✑ When a user attempts to send an email or an attachment that contains a passport number, the user must
receive a tooltip in Microsoft Outlook.
✑ Users must be blocked from using Microsoft SharePoint Online or OneDrive for Business to share a
document that contains a passport number.
What is the minimum number of sensitivity labels and auto-labeling policies you should create? To
answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-world
wide
7.
HOTSPOT -
You have a Microsoft 365 E5 tenant.
You create sensitivity labels as shown in the Sensitivity Labels exhibit.
The Confidential/External sensitivity label is configured to encrypt files and emails when applied to content.
The sensitivity labels are published as shown in the Published exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
8.
• A. Security administrator
• B. Security operator
• C. Global administrator
• D. Compliance administrator
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
10.
You need to automatically apply a sensitivity label to documents that contain information about your
company's network including computer names, IP addresses, and configuration information.
Which two objects should you use? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.
Each product group at your company must show a distinct product logo in encrypted emails instead of
the standard Microsoft Office 365 logo.
What should you do to create the branding templates?
You create a custom sensitive info type that uses Exact Data Match (EDM).
You plan to periodically update and upload the data used for EDM.
What is the maximum frequency with which the data can be uploaded?
Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-advanced-expiration?view=o365-worldwide
15.
A user reports that she can no longer access a Microsoft Excel file named Northwind Customer
Data.xlsx.
From the Cloud App Security portal, you discover the alert shown in the exhibit.
You restore the file from quarantine.
You need to prevent files that match the policy from being quarantined. Files that match the policy
must generate an alert.
What should you do?
HOTSPOT -
You create a sensitivity label as shown in the Sensitivity Label exhibit.
You create an auto-labeling policy as shown in the Auto Labeling Policy exhibit.
A user sends the following email:
From: user1@contoso.com -
To: user2@fabrikam.com -
Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-wo
rldwide
17.
You receive an email that contains a list of words that will be used for a sensitive information type.
You need to create a file that can be used as the source of a keyword dictionary.
In which format should you save the list?
• A. Recipient4 only
• B. Recipient1 only
You need to test Microsoft Office 365 Message Encryption (OME) capabilities for your company. The
test must verify the following information:
The acquired default template names
• A. Test-ClientAccessRule
• B. Test-Mailflow
• C. Test-OAuthConnectivity
• D. Test-IRMConfiguration
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=
o365-worldwide
20.