Skip Navigation Links
 

Microsoft - SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Sample Questions

Question: 262
Measured Skill: Describe the capabilities of Microsoft Entra (25–30%)

You need to create a workflow that runs automatically when a user account is provisioned or its properties are updated.

Which Microsoft Entra feature should you use?

AEntitlement management
B Conditional Access policies
C Lifecycle workflows
D Access reviews

Correct answer: C

Explanation:

Microsoft Entra ID Identity Governance includes Lifecycle Workflows, which can automatically trigger workflows when users join, move, or leave an organization. These workflows can run actions when a user account is created, enabled, disabled, or otherwise changes lifecycle state.

References:

What are lifecycle workflows?

Lifecycle Workflow built-in tasks



Question: 263
Measured Skill: Describe the capabilities of Microsoft compliance solutions (20–25%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

AA data loss prevention (DLP) policy can be configured to mark an item as a regulatory record.
B A retention label can be configured to mark an item as a regulatory record.
C A sensitivity label can be configured to mark an item as a regulatory record.
D A trainable classifier can be configured to mark an item as a regulatory record.

Correct answer: B

Explanation:

To declare documents and emails as records, you use retention labels that mark the content as a record or a regulatory record.

When an item is declared a record by using a retention label:

  • Restrictions are placed on the item in terms of what actions are allowed or blocked.

  • Additional activities about the item are logged.

  • You have proof of disposition when the item is deleted at the end of their retention period.

Use the following table to identify what restrictions are placed on items as a result of applying a standard retention label, and retention labels that mark items as a record or regulatory record.

References:

Learn about records management

Declare records by using retention labels



Question: 264
Measured Skill: Describe the capabilities of Microsoft security solutions (35–40%)

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a virtual machine named VM1 that runs Windows Server and is publicly accessible.

You suspect that VM1 has been the target of a malicious network attack.

You need to monitor network traffic to VM1, collect attack metrics, such as the SYN packet count, and automatically generate alerts if another attack begins. The solution must minimize administrative effort.

What should you use?

AAzure Monitor metrics and alerts
B Azure Application Gateway diagnostics
C An Azure DDoS Protection plan
D Azure Network Watcher packet capture

Correct answer: C

Explanation:

Azure DDoS Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes.

Azure DDoS Protection protects at layer 3 and layer 4 network layers. For web applications protection at layer 7, you need to add protection at the application layer using a WAF offering.

Azure DDoS Protection provides built-in telemetry and attack analytics, including metrics such as:

  • Inbound SYN packets to trigger DDoS mitigation (DDoSTriggerSYNPackets)
  • TCP/UDP attack metrics
  • Attack status ("Under DDoS attack or not")
  • Integration with Azure Monitor alerts for automatic notification when attacks are detected.

References:

What is Azure DDoS Protection?

Monitor Azure DDoS Protection

Azure DDoS Protection monitoring data reference



Question: 265
Measured Skill: Describe the capabilities of Microsoft security solutions (35–40%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

AMicrosoft Sentinel uses analytics to correlate alerts into incidents automatically.
B Microsoft Sentinel uses hunting to correlate alerts into incidents automatically.
C Microsoft Sentinel uses notebooks to correlate alerts into incidents automatically.
D Microsoft Sentinel uses playbooks to correlate alerts into incidents automatically.

Correct answer: A

Explanation:

After setting up Microsoft Sentinel to collect data from all over your organization, you need to constantly dig through all that data to detect security threats to your environment. To accomplish this task, Microsoft Sentinel provides threat detection rules that run regularly, querying the collected data and analyzing it to discover threats. These rules come in a few different flavors and are collectively known as analytics rules.

These rules generate alerts when they find what they’re looking for. Alerts contain information about the events detected, such as the entities (users, devices, addresses, and other items) involved. Alerts are aggregated and correlated into incidents—case files—that you can assign and investigate to learn the full extent of the detected threat and respond accordingly. You can also build predetermined, automated responses into the rules' own configuration.

Reference: Threat detection in Microsoft Sentinel



Question: 266
Measured Skill: Describe the capabilities of Microsoft security solutions (35–40%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

AA security information and event management (SIEM) solution detects suspicious activities and attacks across hosts, networks, and users.
B A security information and event management (SIEM) solution provides the ability to collect security data from an entire estate, analyze the data, and deliver security insights.
C A security information and event management (SIEM) solution provides the ability to raise alerts and incidents and trigger automated workflows for the investigation and mitigation of detected threats.
D A security information and event management (SIEM) solution provides the ability to orchestrate, investigate, and mitigate security threats.

Correct answer: B

Explanation:

One essential component of effective cybersecurity is a security information and event management (SIEM) solution. These types of solutions collect, aggregate, and analyze large volumes of data from organization-wide applications, devices, servers, and users in real time. By consolidating this vast array of data into a single, unified platform, SIEM solutions provide a comprehensive view of an organization's security posture, empowering security operation centers (SOC) to detect, investigate, and respond to security incidents swiftly and effectively. SIEM solutions can help organizations of all sizes:

  • Gain visibility into their security posture by centralizing and analyzing data from disparate sources.
  • Detect and identify potential security breaches and threats in real time, minimizing the risk of compromise.
  • Investigate and triage security incidents efficiently, reducing the time and resources required for resolution.
  • Comply with regulatory and industry-specific security standards and frameworks.

References:

What is SIEM?

What is Microsoft Sentinel security information and event management (SIEM)?





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2026 by cert2brain.com