Microsoft - SC-900: Microsoft Security, Compliance, and Identity Fundamentals
Sample Questions
Question: 232
Measured Skill: Describe the concepts of security, compliance, and identity (10–15%)
What feature supports email as a method of authenticating users?| A | Microsoft Entra ID Protection |
| B | Microsoft Entra Multi-Factor Authentication (MFA) |
| C | Self-Service Password Reset (SSPR) |
| D | Microsoft Entra Password Protection |
Correct answer: CExplanation:
Microsoft Entra self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If Microsoft Entra ID locks a user's account or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.
The following authentication methods are available for SSPR:
- Mobile app notification
- Mobile app code
- Email
- Mobile phone
- Office phone (available only for tenants with paid subscriptions)
- Security questions
Users can only reset their password if they register an authentication method that the administrator has enabled.
Reference: How it works: Microsoft Entra self-service password reset
Question: 233
Measured Skill: Describe the capabilities of Microsoft Entra (25–30%)
Which feature is included in Microsoft Entra ID Governance?| A | Identity Protection |
| B | Privileged Identity Management |
| C | Permissions Management |
| D | Verifiable credentials |
Correct answer: BExplanation:
Microsoft Entra ID Governance is an identity governance solution that enables organizations to improve productivity, strengthen security and more easily meet compliance and regulatory requirements. You can use Microsoft Entra ID Governance to automatically ensure that the right people have the right access to the right resources, with identity and access process automation, delegation to business groups, and increased visibility. With the features included in Microsoft Entra ID Governance, along with those in related Microsoft Entra, Microsoft Security and Microsoft Azure products, you can mitigate identity and access risks by protecting, monitoring, and auditing access to critical assets.
Specifically, Microsoft Entra ID Governance helps organizations address these four key questions, for access across services and applications both on-premises and in clouds:
- Which users should have access to which resources?
- What are those users doing with that access?
- Are there organizational controls in place for managing access?
- Can auditors verify that the controls are working effectively?
With Microsoft Entra ID Governance you can implement the following scenarios for employees, business partners and vendors:
- Govern the identity lifecycle
- Govern the access lifecycle
- Secure privileged access for administration
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about.
References:
What is Microsoft Entra ID Governance?
What is Microsoft Entra Privileged Identity Management?
Question: 234
Measured Skill: Describe the capabilities of Microsoft compliance solutions (20–25%)
Which Microsoft Purview data classification type supports the use of regular expressions?| A | Exact data match (EDM) |
| B | Fingerprint classifier |
| C | Sensitive information types (SITs) |
| D | Trainable classifier |
Correct answer: CExplanation:
A regular expression, commonly referred to as a regex, is a sequence of characters that defines a search pattern. Regular expressions are primarily used for pattern matching with strings and in string matching; for example, in "find and replace" operations. You can use a regex in Microsoft Purview Data Loss Prevention (DLP) to define patterns that help you identify and classify sensitive data, or to help detect patterns in content. The most common regex uses in Microsoft Purview DLP are:
- Defining a custom sensitive information types.
- Leveraging the
SubjectOrBodyMatchesPatterns condition in a DLP rule.
If the preconfigured sensitive information types don't meet your needs, you can create your own custom sensitive information types that you fully define or you can copy one of the built-in ones and modify it.
Every sensitive information type (SIT) entity consists of the following fields:
- Name: Indicates how the sensitive information type is referred to.
- Description: Explanation of what the sensitive information type is looking for.
- Pattern: Defines what a SIT detects. It consists of the following components: primary element, supporting elements, confidence level, and proximity.
The following table describes each component of the patterns used in defining sensitive information types.
References:
Learn about using regular expressions (regex) in data loss prevention policies
Learn about sensitive information types
Question: 235
Measured Skill: Describe the capabilities of Microsoft compliance solutions (20–25%)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | eDiscovery (Standard) search results can be exported: Yes
eDiscovery (Standard) can be integrated with insider risk management: Yes
eDiscovery (Standard) can be used to search Microsoft Exchange Online public folders: Yes |
| B | eDiscovery (Standard) search results can be exported: Yes
eDiscovery (Standard) can be integrated with insider risk management: Yes
eDiscovery (Standard) can be used to search Microsoft Exchange Online public folders: No |
| C | eDiscovery (Standard) search results can be exported: Yes
eDiscovery (Standard) can be integrated with insider risk management: No
eDiscovery (Standard) can be used to search Microsoft Exchange Online public folders: Yes |
| D | eDiscovery (Standard) search results can be exported: No
eDiscovery (Standard) can be integrated with insider risk management: Yes
eDiscovery (Standard) can be used to search Microsoft Exchange Online public folders: No |
| E | eDiscovery (Standard) search results can be exported: No
eDiscovery (Standard) can be integrated with insider risk management: Yes
eDiscovery (Standard) can be used to search Microsoft Exchange Online public folders: Yes |
| F | eDiscovery (Standard) search results can be exported: No
eDiscovery (Standard) can be integrated with insider risk management: No
eDiscovery (Standard) can be used to search Microsoft Exchange Online public folders: No |
Correct answer: CExplanation:
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery tools in Microsoft Purview to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Viva Engage teams. You can search mailboxes and sites in the same eDiscovery search, and then export the search results. You can use Microsoft Purview eDiscovery (Standard) cases to identify, hold, and export content found in mailboxes and sites. If your organization has an Office 365 E5 or Microsoft 365 E5 subscription (or related E5 add-on subscriptions), you can further manage custodians and analyze content by using the feature-rich Microsoft Purview eDiscovery (Premium) solution in Microsoft 365.
Microsoft Purview provides three eDiscovery solutions: Content search, eDiscovery (Standard), and eDiscovery (Premium).
Case integration with Microsoft Purview Insider Risk Management cases requires eDiscovery (Premium).
References:
Microsoft Purview eDiscovery solutions
Get started with eDiscovery (Standard)
Question: 236
Measured Skill: Describe the concepts of security, compliance, and identity (10–15%)
Select the answer that correctly completes the sentence.
| A | How to create a virtual network is part of the Azure Guidance information in the Microsoft cloud security benachmark (MCSB). |
| B | How to create a virtual network is part of the mapping to industry frameworks information in the Microsoft cloud security benachmark (MCSB). |
| C | How to create a virtual network is part of the recommendation information in the Microsoft cloud security benachmark (MCSB). |
| D | How to create a virtual network is part of the Security Principle information in the Microsoft cloud security benachmark (MCSB). |
Correct answer: AExplanation:
The Microsoft cloud security benchmark (MCSB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure and your multi-cloud environment. This benchmark focuses on cloud-centric control areas with input from a set of holistic Microsoft and industry security guidance that includes:
- Cloud Adoption Framework: Guidance on security, including strategy, roles and responsibilities, Azure Top 10 Security Best Practices, and reference implementation.
- Azure Well-Architected Framework: Guidance on securing your workloads on Azure.
- The Chief Information Security Officer (CISO) Workshop: Program guidance and reference strategies to accelerate security modernization using Zero Trust principles.
- Other industry and cloud service providers security best practice standards and framework: Examples include the Amazon Web Services (AWS) Well-Architected Framework, Center for Internet Security (CIS) Controls, National Institute of Standards and Technology (NIST), and Payment Card Industry Data Security Standard (PCI-DSS).
References:
Overview of Microsoft cloud security benchmark (v1)
Security Control: Network security