Microsoft - SC-900: Microsoft Security, Compliance, and Identity Fundamentals
Sample Questions
Question: 209
Measured Skill: Describe the capabilities of Microsoft compliance solutions (25-30%)
Which Microsoft Purview solution can be used to identify data leakage?| A | Insider risk management |
| B | Compliance Manager |
| C | Communication compliance |
| D | eDiscovery |
Correct answer: AExplanation:
Microsoft Purview keeps your organization’s data safe with a range of solutions for unified data security, data governance, and risk and compliance management.
The Microsoft Purview product family includes the following solutions:
Audit - Support forensic investigations and meet regulatory requirements with critical audit log events, and customized retention policies.
Communication Compliance - Foster a safe and compliant workplace by detecting sensitive or inappropriate content shared across your organization’s communication channels.
Compliance Manager - Reduce risk by translating complex regulatory requirements into specific improvement actions that help you raise your score and track progress.
Data Lifecycle Management - Classify and govern data at scale to meet your legal, business, privacy, and regulatory content obligations.
Data Loss Prevention - Automatically protect sensitive information from risky and unauthorized access across apps, services, endpoints, and on-premises files.
Adaptive Protection - Discover how Adaptive Protection Preview can dynamically adjust the strength of your data security controls.
eDiscovery - Discover and manage your data in place with end-to-end workflows for internal or legal investigations.
Information Protection - Discover, identify, classify, and protect sensitive data that’s business critical, and then manage and protect it across your environment.
Insider Risk Management - Detect, investigate, and act on critical risks in your organization, including data theft, data leaks, and security policy violations.
Unified Data Governance - Gain visibility into all data across your multicloud and hybrid data estate with Unified Data Map. Maximize business value through easy discoverability and access to data with Data Catalog. Gain a comprehensive understanding of your entire data estate with Data Estate Insights.
Reference: Microsoft Purview
Question: 210
Measured Skill: Describe the capabilities of Microsoft identity and access management solutions (25-30%)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Conditional Access is implemented by using policies in Microsoft Entra ID: Yes
A Conditional Access policy can block or allow Microsoft Entra ID connections based upon the specific platform of a user's device: Yes
A Conditional Access policy can be applied to a Microsoft 365 group: Yes |
| B | Conditional Access is implemented by using policies in Microsoft Entra ID: Yes
A Conditional Access policy can block or allow Microsoft Entra ID connections based upon the specific platform of a user's device: No
A Conditional Access policy can be applied to a Microsoft 365 group: No |
| C | Conditional Access is implemented by using policies in Microsoft Entra ID: Yes
A Conditional Access policy can block or allow Microsoft Entra ID connections based upon the specific platform of a user's device: No
A Conditional Access policy can be applied to a Microsoft 365 group: Yes |
| D | Conditional Access is implemented by using policies in Microsoft Entra ID: No
A Conditional Access policy can block or allow Microsoft Entra ID connections based upon the specific platform of a user's device: Yes
A Conditional Access policy can be applied to a Microsoft 365 group: No |
| E | Conditional Access is implemented by using policies in Microsoft Entra ID: No
A Conditional Access policy can block or allow Microsoft Entra ID connections based upon the specific platform of a user's device: Yes
A Conditional Access policy can be applied to a Microsoft 365 group: Yes |
| F | Conditional Access is implemented by using policies in Microsoft Entra ID: No
A Conditional Access policy can block or allow Microsoft Entra ID connections based upon the specific platform of a user's device: No
A Conditional Access policy can be applied to a Microsoft 365 group: No |
Correct answer: AExplanation:
Conditional Access policies are implemented in Microsoft Entra ID.
Conditional Access policies at their simplest are if-then statements; if a user wants to access a resource, then they must complete an action. For example: If a user wants to access an application or service like Microsoft 365, then they must perform multifactor authentication to gain access.
Conditional Access takes signals from various sources into account when making access decisions.
Reference: What is Conditional Access?
Question: 211
Measured Skill: Describe the capabilities of Microsoft compliance solutions (25-30%)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Communication compliance is configured by using the Microsoft 365 admin center: Yes
Microsoft SharePoint Online supports communication compliance: Yes
Communication compliance can remediate compliance issues: Yes |
| B | Communication compliance is configured by using the Microsoft 365 admin center: Yes
Microsoft SharePoint Online supports communication compliance: Yes
Communication compliance can remediate compliance issues: No |
| C | Communication compliance is configured by using the Microsoft 365 admin center: No
Microsoft SharePoint Online supports communication compliance: Yes
Communication compliance can remediate compliance issues: No |
| D | Communication compliance is configured by using the Microsoft 365 admin center: No
Microsoft SharePoint Online supports communication compliance: Yes
Communication compliance can remediate compliance issues: Yes |
| E | Communication compliance is configured by using the Microsoft 365 admin center: No
Microsoft SharePoint Online supports communication compliance: No
Communication compliance can remediate compliance issues: Yes |
| F | Communication compliance is configured by using the Microsoft 365 admin center: No
Microsoft SharePoint Online supports communication compliance: No
Communication compliance can remediate compliance issues: No |
Correct answer: FExplanation:
Communication compliance is configured by using the Microsoft Purview compliance portal.
Communication compliance policies check, detect, and capture messages across several communication channels to help you quickly review and remediate compliance issues:
Microsoft Teams: Chat communications for public and private Microsoft Teams channels and individual chats are supported in communication compliance as a standalone channel source or with other Microsoft 365 services. You can also detect communications included in meetings transcripts (preview). You'll need to manually add individual users, distribution groups, or specific Microsoft Teams channels when you select users and groups to apply a communication compliance policy to. Teams users can also self-report potentially inappropriate messages in private and group channels and chats for review and remediation.
Exchange Online: All mailboxes hosted on Exchange Online in your Microsoft 365 organization are eligible for analyses. Emails and attachments matching communication compliance policy conditions are instantly available for investigation and in compliance reports. Exchange Online is now an optional source channel and is no longer required in communication compliance policies.
Microsoft Copilot for Microsoft 365: Interactions (prompts and responses) entered by users into Copilot are detected by communication compliance policies.
Viva Engage: Private messages and public community conversations in Viva Engage are supported in communication compliance policies. Viva Engage is an optional channel and must be in native mode to support checking of messages and attachments.
Third-party sources: You can check messages from third-party sources for data imported into mailboxes in your Microsoft 365 organization. Communication compliance supports connections to several popular platforms, including Instant Bloomberg and others.
Communication compliance cannot automatically remediate compliance issues but they can alert an reviewer to take actions.
References:
Communication compliance
Learn about communication compliance
Question: 212
Measured Skill: Describe the capabilities of Microsoft identity and access management solutions (25-30%)
Select the answer that correctly completes the sentence.
| A | You can use dynamic groups in Microsoft Entra ID to automate the access> lifecycle process. |
| B | You can use dynamic groups in Microsoft Entra ID to automate the object> lifecycle process. |
| C | You can use dynamic groups in Microsoft Entra ID to automate the privileged access> lifecycle process. |
Correct answer: AExplanation:
Microsoft Entra ID provides several ways to manage access to resources, applications, and tasks. With Microsoft Entra groups, you can grant access and permissions to a group of users instead of for each individual user.
Microsoft Entra ID lets you use groups to manage access to applications, data, and resources. Resources can be:
- Part of the Microsoft Entra organization, such as permissions to manage objects through roles in Microsoft Entra ID
- External to the organization, such as for Software as a Service (SaaS) apps
- Azure services
- SharePoint sites
- On-premises resources
Dynamic group membership is supported for security groups and Microsoft 365 Groups. When a group membership rule is applied, user and device attributes are evaluated for matches with the membership rule. When an attribute changes for a user or device, all dynamic group rules in the organization are processed for membership changes. Users and devices are added or removed if they meet the conditions for a group.
References:
Learn about groups and access rights in Microsoft Entra ID
Create or update a dynamic group in Microsoft Entra ID
Question: 213
Measured Skill: Describe the capabilities of Microsoft compliance solutions (25-30%)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Retention policies assign the same retention settings to all the files in a Microsoft SharePoint Online library: Yes
Retention labels can be assigned to individual files and email messages: Yes
You can assign multiple retention labels to an email message or a document: Yes |
| B | Retention policies assign the same retention settings to all the files in a Microsoft SharePoint Online library: Yes
Retention labels can be assigned to individual files and email messages: Yes
You can assign multiple retention labels to an email message or a document: No |
| C | Retention policies assign the same retention settings to all the files in a Microsoft SharePoint Online library: Yes
Retention labels can be assigned to individual files and email messages: No
You can assign multiple retention labels to an email message or a document: Yes |
| D | Retention policies assign the same retention settings to all the files in a Microsoft SharePoint Online library: No
Retention labels can be assigned to individual files and email messages: Yes
You can assign multiple retention labels to an email message or a document: No |
| E | Retention policies assign the same retention settings to all the files in a Microsoft SharePoint Online library: No
Retention labels can be assigned to individual files and email messages: Yes
You can assign multiple retention labels to an email message or a document: Yes |
| F | Retention policies assign the same retention settings to all the files in a Microsoft SharePoint Online library: No
Retention labels can be assigned to individual files and email messages: No
You can assign multiple retention labels to an email message or a document: No |
Correct answer: BExplanation:
A retention policy is used to assign the same retention settings for content at a site or mailbox level. Retention labels are used to assign retention settings at an item level (folder, document, email).
For example, if all documents in a SharePoint site should be retained for 5 years, it's more efficient to do this with a retention policy than apply the same retention label to all documents in that site. However, if some documents in that site should be retained for 5 years and others retained for 10 years, a retention policy wouldn't be able to do this. When you need to specify retention settings at the item level, use retention labels.
Unlike retention policies, retention settings from retention labels travel with the content if it's moved to a different location within your Microsoft 365 tenant.
Unlike sensitivity labels, you can't configure priorities for retention labels.
As with sensitivity labels, an item such as an email or document can have only a single retention label applied to it at a time. A retention label can be applied manually by an end user or admin, or automatically.
Reference: Learn about retention policies and retention labels