Skip Navigation Links
 

Microsoft - SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Sample Questions

Question: 137
Measured Skill: Describe the capabilities of Microsoft security solutions (30-35%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

AAzure Active Directory (Azure AD) Privileged Identity Management (PIM) can use conditional access policies to control sessions in real time.
B Microsoft Defender for Cloud can use conditional access policies to control sessions in real time.
C Microsoft Sentinel can use conditional access policies to control sessions in real time.
D Microsoft Defender for Cloud Apps can use conditional access policies to control sessions in real time.

Correct answer: D

Explanation:

In today's workplace, it's often not enough to know what's happening in your cloud environment after the fact. You want to stop breaches and leaks in real time, before employees intentionally or inadvertently put your data and your organization at risk. It's important to enable users in your organization to make the most of the services and tools available to them in cloud apps and let them bring their own devices to work. At the same time, you need tools to help protect your organization from data leaks, and data theft, in real time. Microsoft Defender for Cloud Apps integrates with any identity provider (IdP) to deliver these capabilities with access and session controls. If you're using Azure Active Directory (Azure AD) as your IdP, these controls are integrated and streamlined for a simpler and more tailored deployment built on Azure AD's .

How it works

Conditional Access App Control uses a reverse proxy architecture and integrates with your IdP. When integrating with Azure AD Conditional Access, you can configure apps to work with Conditional Access App Control with just a few clicks, allowing you to easily and selectively enforce access and session controls on your organization's apps based on any condition in Conditional Access. The conditions define who (user or group of users) and what (which cloud apps) and where (which locations and networks) a Conditional Access policy is applied to. After you've determined the conditions, you can route users to Defender for Cloud Apps where you can protect data with Conditional Access App Control by applying access and session controls.

Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Access and session policies are used within the Defender for Cloud Apps portal to further refine filters and set actions to be taken on a user. With the access and session policies, you can:

  • Prevent data exfiltration: You can block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices.

  • Require authentication context: You can reevaluate Azure AD Conditional Access policies when a sensitive action occurs in the session. For example, require multi-factor authentication on download of a highly confidential file.

  • Protect on download: Instead of blocking the download of sensitive documents, you can require documents to be labeled and encrypted when you integrate with Microsoft Purview Information Protection. This action ensures the document is protected and user access is restricted in a potentially risky session.

  • Prevent upload of unlabeled files: Before a sensitive file is uploaded, distributed, and used by others, it's important to make sure that the sensitive file has the label defined by your organization's policy. You can ensure that unlabeled files with sensitive content are blocked from being uploaded until the user classifies the content.

  • Block potential malware: You can protect your environment from malware by blocking the upload of potentially malicious files. Any file that is uploaded or downloaded can be scanned against Microsoft threat intelligence and blocked instantaneously.

  • Monitor user sessions for compliance: Risky users are monitored when they sign into apps and their actions are logged from within the session. You can investigate and analyze user behavior to understand where, and under what conditions, session policies should be applied in the future.

  • Block access: You can granularly block access for specific apps and users depending on several risk factors. For example, you can block them if they're using client certificates as a form of device management.

  • Block custom activities: Some apps have unique scenarios that carry risk, for example, sending messages with sensitive content in apps like Microsoft Teams or Slack. In these kinds of scenarios, you can scan messages for sensitive content and block them in real time.

Reference: Protect apps with Microsoft Defender for Cloud Apps Conditional Access App Control



Question: 138
Measured Skill: Describe the capabilities of Microsoft compliance solutions (25-30%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

ACompliance Manager can be directly accessed from the Microsoft 365 admin center.
B Compliance Manager can be directly accessed from the Microsoft 365 Defender portal.
C Compliance Manager can be directly accessed from the Microsoft 365 Purview compliance portal.
D Compliance Manager can be directly accessed from the Microsoft Support portal.

Correct answer: C

Explanation:

Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal that helps you manage your organization’s compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.

Compliance Manager helps simplify compliance and reduce risk by providing:

  • Pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet your unique compliance needs (available assessments depend on your licensing agreement).

  • Workflow capabilities to help you efficiently complete your risk assessments through a single tool.

  • Detailed step-by-step guidance on suggested improvement actions to help you comply with the standards and regulations that are most relevant for your organization. For actions that are managed by Microsoft, you’ll see implementation details and audit results.

  • A risk-based compliance score to help you understand your compliance posture by measuring your progress in completing improvement actions.

Reference: Microsoft Purview Compliance Manager



Question: 139
Measured Skill: Describe the concepts of security, compliance, and identity (5-10%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

AWhen using multi-factor authentication (MFA), a password is considered something you are.
B When using multi-factor authentication (MFA), a password is considered something you have.
C When using multi-factor authentication (MFA), a password is considered something you know.
D When using multi-factor authentication (MFA), a password is considered something you share.

Correct answer: C

Explanation:

Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.

If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.

Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:

  • Something you know, typically a password.
  • Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.
  • Something you are - biometrics like a fingerprint or face scan.

Reference: How it works: Azure AD Multi-Factor Authentication



Question: 140
Measured Skill: Describe the capabilities of Microsoft security solutions (30-35%)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AMicrosoft Sentinel data connectors support only Microsoft services: Yes
You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel: Yes
Hunting provides you with the ability to identify security threats before an alert is triggered: Yes
B Microsoft Sentinel data connectors support only Microsoft services: Yes
You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel: Yes
Hunting provides you with the ability to identify security threats before an alert is triggered: No
C Microsoft Sentinel data connectors support only Microsoft services: Yes
You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel: No
Hunting provides you with the ability to identify security threats before an alert is triggered: Yes
D Microsoft Sentinel data connectors support only Microsoft services: No
You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel: Yes
Hunting provides you with the ability to identify security threats before an alert is triggered: No
E Microsoft Sentinel data connectors support only Microsoft services: No
You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel: Yes
Hunting provides you with the ability to identify security threats before an alert is triggered: Yes
F Microsoft Sentinel data connectors support only Microsoft services: No
You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel: No
Hunting provides you with the ability to identify security threats before an alert is triggered: No

Correct answer: E

Explanation:

Microsoft Sentinel comes with many connectors for Microsoft products, available out of the box and providing real-time integration. For example, service-to-service connectors include Microsoft 365 Defender connectors and Microsoft 365 sources, such as Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. You can also enable out-of-the-box connectors to the broader security ecosystem for non-Microsoft products. For example, you can use Syslog, Common Event Format (CEF), or REST APIs to connect your data sources with Microsoft Sentinel.

Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences. Workbooks let you combine multiple kinds of visualizations and analyses, making them great for free-form exploration. Workbooks combine text,?log queries, metrics, and parameters into rich interactive reports.

Microsoft Sentinel has powerful hunting search and query tools to hunt for security threats across your organization's data sources. To help security analysts look proactively for new anomalies that weren't detected by your security apps or even by your scheduled analytics rules, Microsoft Sentinel's built-in hunting queries guide you into asking the right questions to find issues in the data you already have on your network. For example, one built-in query provides data about the most uncommon processes running on your infrastructure. You wouldn't want an alert about each time they are run - they could be entirely innocent - but you might want to take a look at the query on occasion to see if there's anything unusual.

References:

Microsoft Sentinel data connectors

Azure Workbooks

Hunt for threats with Microsoft Sentinel



Question: 141
Measured Skill: Describe the capabilities of Microsoft security solutions (30-35%)

Select the answer that correctly completes the sentence.

www.cert2brain.com

AIn the Microsoft 365 Defender portal, an incident is a collection of correlated alerts.
B In the Microsoft 365 Defender portal, an incident is a collection of correlated events.
C In the Microsoft 365 Defender portal, an incident is a collection of correlated vulnerabilities.
D In the Microsoft 365 Defender portal, an incident is a collection of correlated Microsoft Secure Score improvement actions.

Correct answer: A

Explanation:

An incident in Microsoft 365 Defender is a collection of correlated alerts and associated data that make up the story of an attack.

Microsoft 365 services and apps create alerts when they detect a suspicious or malicious event or activity. Individual alerts provide valuable clues about a completed or ongoing attack. However, attacks typically employ various techniques against different types of entities, such as devices, users, and mailboxes. The result is multiple alerts for multiple entities in your tenant.

Because piecing the individual alerts together to gain insight into an attack can be challenging and time-consuming, Microsoft 365 Defender automatically aggregates the alerts and their associated information into an incident.

Reference: Incident response with Microsoft 365 Defender





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com