SC-900 Microsoft Security Compliance and Identity Fundamentals Dumps
If you are looking for free SC-900 dumps than here we have some sample question answers available. You can prepare from our Microsoft SC-900 exam questions notes and prepare exam with this practice test. Check below our updated SC-900 exam dumps.
DumpsGroup are top class study material providers and our inclusive range of SC-900 Real exam questions would be your key to success in Microsoft Microsoft Certified: Security Compliance and Identity Fundamentals Certification Exam in just first attempt. We have an excellent material covering almost all the topics of Microsoft SC-900 exam. You can get this material in Microsoft SC-900 PDF and SC-900 practice test engine formats designed similar to the Real Exam Questions. Free SC-900 questions answers and free Microsoft SC-900 study material is available here to get an idea about the quality and accuracy of our study material.
Sample Question 4
Which feature provides the extended detection and response (XDR) capability of Azure
Sentinel?
A. integration with the Microsoft 365 compliance center B. support for threat hunting C. integration with Microsoft 365 Defender D. support for Azure Monitor Workbooks
Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which
operating systems?
A. Windows 10 and iOS only B. Windows 10 and Android only C. Windows 10, Android, and iOS D. Windows 10 only
Answer: A
Sample Question 6
Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity
Protection? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Configure external access for partner organizations. B. Export risk detection to third-party utilities. C. Automate the detection and remediation of identity based-risks. D. Investigate risks that relate to user authentication. E. Create and automatically assign sensitivity labels to data.
Answer: C,D,E
Sample Question 7
What feature in Microsoft Defender for Endpoint provides the first line of defense against
cyberthreats by reducing the attack surface?
A. automated remediation B. automated investigation C. advanced hunting D. network protection
What can you use to provide a user with a two-hour window to complete an administrative
task in Azure?
A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) B. Azure Multi-Factor Authentication (MFA) C. Azure Active Directory (Azure AD) Identity Protection D. conditional access policies
Answer: A Explanation: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identitymanagement/pim-configure Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit Prevents removal of the last active Global Administrator role assignment
Sample Question 9
Which two Azure resources can a network security group (NSG) be associated with? Each
correct answer presents a complete solution. NOTE: Each correct selection is worth one
point.
A. a network interface B. an Azure App Service web app C. a virtual network D. a virtual network subnet E. E. a resource group
Answer: C,E Explanation: You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Sample Question 10
Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Define the perimeter by physical locations. B. Use identity as the primary security boundary. C. Always verity the permissions of a user explicitly. D. Always assume that the user system can be breached. E. Use the network as the primary security boundary.
Which service includes the Attack simul-ation training feature?
A. Microsoft Defender for Cloud Apps B. Microsoft Defender for Office 365 C. Microsoft Defender for Identity D. Microsoft Defender for SQL
Answer: B
Sample Question 12
You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if
users delete the files from the site. What should you apply to the site?
A. a data loss prevention (DLP) policy B. a retention policy C. an insider risk policy D. a sensitivity label policy
Answer: B
Sample Question 13
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed
before the Ready phase? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Plan B. Manage C. Adopt D. Govern E. Define Strategy
Which two tasks can you implement by using data loss prevention (DLP) policies in
Microsoft 365? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Display policy tips to users who are about to violate your organization’s policies. B. Enable disk encryption on endpoints. C. Protect documents in Microsoft OneDrive that contain sensitive information. D. Apply security baselines to devices.
Which two cards are available in the Microsoft 365 Defender portal? Each correct answer
presents a complete solution. NOTE: Each correct selection is worth one point.
A. Users at risk B. Compliance Score C. Devices at risk D. Service Health E. User Management
Answer: B,C
Sample Question 16
You plan to implement a security strategy and place multiple layers of defense throughout
a network infrastructure.
Which security methodology does this represent?
A. threat modeling B. identity as the security perimeter C. defense in depth D. the shared responsibility model
Which three authentication methods does Windows Hello for Business support? Each
correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. fingerprint B. facial recognition C. PIN D. email verification E. security question
Which Microsoft 365 feature can you use to restrict users from sending email messages
that contain lists of customers and their associated credit card numbers?
A. retention policies B. data loss prevention (DLP) policies C. conditional access policies D. information barriers
What is the purpose of Azure Active Directory (Azure AD) Password Protection?
A. to control how often users must change their passwords B. to identify devices to which users can sign in without using multi-factor authentication (MFA) C. to encrypt a password by using globally recognized encryption standards D. to prevent users from using specific words in their passwords
Answer: D Explanation: Explanation Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization.
With Azure AD Password Protection, default global banned password lists are
automatically applied to all users in an Azure AD tenant. To support your own business and
security needs, you can define entries in a custom banned password list.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-passwordban-bad-on-p...
Sample Question 20
To which type of resource can Azure Bastion provide secure access?
A. Azure Files B. Azure SQL Managed Instances C. Azure virtual machines D. Azure App Service
What can you protect by using the information protection solution in the Microsoft 365
compliance center?
A. computers from zero-day exploits B. users from phishing attempts C. files from malware and viruses D. sensitive data from being exposed to unauthorized users
You need to create a data loss prevention (DLP) policy. What should you use?
A. the Microsoft 365 admin center B. the Microsoft Endpoint Manager admin center C. the Microsoft 365 Defender portal D. the Microsoft 365 Compliance center
Answer: A
Sample Question 25
What should you use to ensure that the members of an Azure Active Directory group use
multi-factor authentication (MFA) when they sign in?
A. Azure Active Directory (Azure AD) Identity Protection B. a conditional access policy C. Azure role-based access control (Azure RBAC) D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Answer: B Explanation: The recommended way to enable and use Azure AD Multi-Factor Authentication is with Conditional Access policies. Conditional Access lets you create and define policies that react to sign-in events and that request additional actions before a user is granted access to an application or service.
Sample Question 26
What is a characteristic of a sensitivity label in Microsoft 365?
A. persistent B. encrypted C. restricted to predefined categories
Answer: B
Sample Question 27
What can you specify in Microsoft 365 sensitivity labels?
A. how long files must be preserved B. when to archive an email message C. which watermark to add to files D. where to store files
Which two types of resources can be protected by using Azure Firewall? Each correct
answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure virtual machines B. Azure Active Directory (Azure AD) users C. Microsoft Exchange Online inboxes D. Azure virtual networks E. Microsoft SharePoint Online sites
Answer: A,D Explanation: Firewall is really not directly protecting the Virtual Networks though DDOS would have been ideal for VNETS
Sample Question 30
What are three uses of Microsoft Cloud App Security? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
A. to discover and control the use of shadow IT B. to provide secure connections to Azure virtual machines C. to protect sensitive information hosted anywhere in the cloud D. to provide pass-through authentication to on-premises applications E. to prevent data leaks to noncompliant apps and limit access to regulated data