Microsoft SC-900 Exam Practice Test Instant Access

Question 1

Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

AConfigure external access for partner organizations.

BExport risk detection to third-party utilities.

CAutomate the detection and remediation of identity based-risks.

DInvestigate risks that relate to user authentication.

ECreate and automatically assign sensitivity labels to data.

Answer : B, C, D

Question 2

What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

Aautomated remediation

Bautomated investigation

Cadvanced hunting

Dnetwork protection

Answer : D

Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability.

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

Question 3

You have an Azure subscription that contains multiple resources.

You need to assess compliance and enforce standards for the existing resources.

What should you use?

Athe Anomaly Detector service

BMicrosoft Sentinel

CAzure Blueprints

DAzure Policy

Answer : D

Question 4

What can you specify in Microsoft 365 sensitivity labels?

Ahow long files must be preserved

Bwhen to archive an email message

Cwhich watermark to add to files

Dwhere to store files

Answer : C

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

Question 5

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

AAzure Active Directory (Azure AD) Privileged Identity Management (PIM)

BAzure Multi-Factor Authentication (MFA)

CAzure Active Directory (Azure AD) Identity Protection

Dconditional access policies

Answer : D

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit Prevents removal of the last active Global Administrator role assignment

Question 6

What is an example of encryption at rest?

Aencrypting communications by using a site-to-site VPN

Bencrypting a virtual machine disk

Caccessing a website by using an encrypted HTTPS connection

Dsending an encrypted email

Answer : B

https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

Question 7

What do you use to provide real-time integration between Azure Sentinel and another security source?

AAzure AD Connect

Ba Log Analytics workspace

CAzure Information Protection

Da data connector

Answer : D

To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a number of connectors for Microsoft solutions, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity, and Microsoft Cloud App Security, etc.

https://docs.microsoft.com/en-us/azure/sentinel/overview

Microsoft Security, Compliance, and Identity Fundamentals SC-900 Exam Practice Test