Microsoft Microsoft Certifications SC-900 Questions & Answers

• Question 111:

  DRAG DROP

  Match the pillars of Zero Trust to the appropriate requirements.

  To answer, drag the appropriate pillar from the column on the left to its requirement on the right. Each pillar may be used once, more than once, or not at all.

  NOTE: Each correct match is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: Networks Network Ensure devices and users aren't trusted just because they're on an internal network. Encrypt all internal communications, limit access by policy, and employ microsegmentation and real-time threat detection.

  Box 2: Identities Identities Verify and secure each identity with strong authentication across your entire digital estate.

  Box 3: Data Data Move from perimeter-based data protection to data-driven protection. Use intelligence to classify and label data. Encrypt and restrict access based on organizational policies.

  Reference: https://www.microsoft.com/en-us/security/business/zero-trust

• Question 112:

  DRAG DROP

  Match the Microsoft 365 insider risk management workflow step to the appropriate task.

  To answer, drag the appropriate step from the column on the left to its task on the right. Each step may be used once, more than once, or not at all.

  NOTE: Each correct match is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide

• Question 113:

  DRAG DROP

  Match the Azure networking service to the appropriate description.

  To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all.

  NOTE: Each correct match is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: Azure Firewall

  Azure Firewall provide Source Network Address Translation and Destination Network Address Translation.

  Box 2: Azure Bastion

  Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS.

  Box 3: Network security group (NSG)

  You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.

  Reference:

  https://docs.microsoft.com/en-us/azure/networking/fundamentals/networking-overview

  https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

  https://docs.microsoft.com/en-us/azure/firewall/features

  https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

• Question 114:

  DRAG DROP

  You are evaluating the compliance score in Compliance Manager.

  Match the compliance score action subcategories to the appropriate actions.

  To answer, drag the appropriate action subcategory from the column on the left to its action on the right. Each action subcategory may be used once, more than once, or not at all.

  NOTE: Each correct match is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: Preventative

  Preventative actions address specific risks. For example, protecting information at rest using encryption is a preventative action against attacks and breaches. Separation of duties is a preventative action to manage conflict of interest and

  guard against fraud.

  Box 2: Detective

  Detective actions actively monitor systems to identify irregular conditions or behaviors that represent risk, or that can be used to detect intrusions or breaches. Examples include system access auditing and privileged administrative actions.

  Regulatory compliance audits are a type of detective action used to find process issues.

  Box 3: Corrective

  Corrective actions try to keep the adverse effects of a security incident to a minimum, take corrective action to reduce the immediate effect, and reverse the damage if possible. Privacy incident response is a corrective action to limit damage

  and restore systems to an operational state after a breach.

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation

• Question 115:

  DRAG DROP

  Match the Microsoft Defender for Office 365 feature to the correct description.

  To answer, drag the appropriate feature from the column on the left to its description on the right. Each feature may be used once, more than once, or not at all.

  NOTE: Each correct match is worth one point.

  Select and Place:

  

  Correct Answer:

  

• Question 116:

  Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  A. Configure external access for partner organizations.

  B. Export risk detection to third-party utilities.

  C. Automate the detection and remediation of identity based-risks.

  D. Investigate risks that relate to user authentication.

  E. Create and automatically assign sensitivity labels to data.

  Correct Answer: BCD

• Question 117:

  Which two Azure resources can a network security group (NSG) be associated with? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  A. a network interface

  B. an Azure App Service web app

  C. a virtual network

  D. a virtual network subnet

  E. E. a resource group

  Correct Answer: AD

  Association of network security groups

  You can associate a network security group with virtual machines, NICs, and subnets, depending on the deployment model you use.

  Reference:

  https://aviatrix.com/learn-center/cloud-security/create-network-security-groups-in-azure/

• Question 118:

  What is an assessment in Compliance Manager?

  A. A grouping of controls from a specific regulation, standard or policy.

  B. Recommended guidance to help organizations align with their corporate standards.

  C. A dictionary of words that are not allowed in company documents.

  D. A policy initiative that includes multiple policies.

  Correct Answer: A

  https://learn.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide#assessments An assessment is grouping of controls from a specific regulation, standard, or policy.

• Question 119:

  What should you use to ensure that the members of an Azure Active Directory group use multi-factor authentication (MFA) when they sign in?

  A. Azure Active Directory (Azure AD) Identity Protection

  B. a conditional access policy

  C. Azure role-based access control (Azure RBAC)

  D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

  Correct Answer: B

  The recommended way to enable and use Azure AD Multi-Factor Authentication is with Conditional Access policies. Conditional Access lets you create and define policies that react to sign-in events and that request additional actions before a user is granted access to an application or service.

• Question 120:

  You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete the files from the site. What should you apply to the site?

  A. a data loss prevention (DLP) policy

  B. a retention policy

  C. an insider risk policy

  D. a sensitivity label policy

  Correct Answer: B

  In order to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete the files from the site, you should enable the Recycle Bin feature in SharePoint and set the retention period to one year.