Skip Navigation Links
 

Microsoft - SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Sample Questions

Question: 108
Measured Skill: Describe the concepts of security, compliance, and identity (5-10%)

Which three statements accurately describe the guiding principles of Zero Trust?

(Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.)

ADefine the perimeter by physical locations.
B Use identity as the primary security boundary.
C Always verify the permissions of a user explicitly.
D Always assume that the user system can be breached.
E Use the network as the primary security boundary.

Correct answer: B, C, D

Explanation:

Today, organizations need a new security model that effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located.

This is the core of Zero Trust. Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify."

Guiding principles of Zero Trust

  • Verify explicitly - Always authenticate and authorize based on all available data points.
  • Use least privilege access - Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
  • Assume breach - Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

Reference: Zero Trust Guidance Center



Question: 109
Measured Skill: Describe the capabilities of Microsoft security solutions (30-35%)

Which service should you use to view your Azure secure score?

(To answer, select the appropriate service in the answer area.)

www.cert2brain.com

AMicrosoft Defender for Cloud
B Virtual machines
C Azure Active Directory
D Azure AD Privileged Identity
E Microsoft Sentinel
F Storage accounts

Correct answer: A

Explanation:

Defender for Cloud displays your Azure secure score prominently in the portal: it's the first main tile the Defender for Cloud overview page. Selecting this tile, takes you to the dedicated secure score page, where you'll see the score broken down by subscription. Select a single subscription to see the detailed list of prioritized recommendations and the potential impact that remediating them will have on the subscription's score.

Reference: Access and track your secure score



Question: 110
Measured Skill: Describe the capabilities of Microsoft identity and access management solutions (25-30%)

You have an Azure subscription.

You need to implement approval-based, time-bound role activation.

What should you use?

AWindows Hello for Business
B Azure Active Directory (Azure AD) Identity Protection
C Access reviews in Azure Active Directory (Azure AD)
D Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

Correct answer: D

Explanation:

Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.

Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:

  • Provide just-in-time privileged access to Azure AD and Azure resources
  • Assign time-bound access to resources using start and end dates
  • Require approval to activate privileged roles
  • Enforce multi-factor authentication to activate any role
  • Use justification to understand why users activate
  • Get notifications when privileged roles are activated
  • Conduct access reviews to ensure users still need roles
  • Download audit history for internal or external audit

Reference: What is Azure AD Privileged Identity Management?



Question: 111
Measured Skill: Describe the capabilities of Microsoft identity and access management solutions (25-30%)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AGlobal administrators are exempt from conditional access policies: Yes
A conditional access poicy can add users to Azure Active Directory roles: Yes
Conditional access policies can force the use of MFA to access cloud apps: Yes
B Global administrators are exempt from conditional access policies: Yes
A conditional access poicy can add users to Azure Active Directory roles: No
Conditional access policies can force the use of MFA to access cloud apps: Yes
C Global administrators are exempt from conditional access policies: No
A conditional access poicy can add users to Azure Active Directory roles: Yes
Conditional access policies can force the use of MFA to access cloud apps: Yes
D Global administrators are exempt from conditional access policies: No
A conditional access poicy can add users to Azure Active Directory roles: Yes
Conditional access policies can force the use of MFA to access cloud apps: No
E Global administrators are exempt from conditional access policies: No
A conditional access poicy can add users to Azure Active Directory roles: No
Conditional access policies can force the use of MFA to access cloud apps: Yes
F Global administrators are exempt from conditional access policies: No
A conditional access poicy can add users to Azure Active Directory roles: No
Conditional access policies can force the use of MFA to access cloud apps: No

Correct answer: E

Explanation:

Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.

Administrators are faced with two primary goals:

  • Empower users to be productive wherever and whenever
  • Protect the organization's assets

Use Conditional Access policies to apply the right access controls when needed to keep your organization secure.

Reference: What is Conditional Access?



Question: 112
Measured Skill: Describe the capabilities of Microsoft compliance solutions (25-30%)

You have a Microsoft 365 E3 subscription.

You plan to audit user activity by using the unified audit log and Basic Audit.

For how long will the audit records be retained?

A15 days
B 30 days
C 90 days
D 180 days

Correct answer: C

Explanation:

Basic Audit in Microsoft 365 lets you search for audit records for activities performed in the different Microsoft 365 services by users and admins.

When an audited activity is performed by a user or admin, an audit record is generated and stored in the audit log for your organization. In Basic Audit, audit records are retained and searchable in the audit log for 90 days.

Reference: Set up Basic Audit in Microsoft 365





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com