Professional Documents
Culture Documents
Sorting by
Question 1 Correct
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it
comes to Microsoft privacy. Is Control a key Microsoft privacy principal?
A. Yes A
B.No
Explanation:
Correct Answer : A
Control
Transparency
Security
No content-based targeting
Bene ts to you
When it comes to control, this gives control to the customer when it comes to privacy
For more information on Microsoft Privacy control , please refer to the below URL
https://privacy.microsoft.com/en-US/
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it
comes to Microsoft privacy. Is Transparency a key Microsoft privacy principal?
A. Yes A
B.No
Explanation:
Correct Answer: A
Control
Transparency
Security
No content-based targeting
Bene ts to you
When it comes to Transparency, Microsoft tells us that they are transparent when it comes to data collection.
For more information on Microsoft Privacy control , please refer to the below URL
https://privacy.microsoft.com/en-US/
View Queries
open
Question 3 Correct
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes
to Microsoft privacy. Is the Shared Responsibility Model a key Microsoft privacy principal?
A. Yes
B.No A
Explanation:
Correct Answer: B
Control
Transparency
Security
No content-based targeting
Bene ts to you
For more information on Microsoft Privacy control , please refer to the below URL
https://privacy.microsoft.com/en-US/
Question 4 Correct
A. Yes A
B.No
Explanation:
Correct Answer : A
Yes . Here you have to ensure that not everyone is provided access to a system. Here you should always authenticate
and authorize users.
Verify explicitly
Assume breach
For more information on the Zero Trust Principle , please refer to the below URL
https://www.microsoft.com/en-us/security/business/zero-trust
Question 5 Correct
Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is
assume breach a Zero Trust principle?
A. Yes A
B.No
Explanation:
Correct Answer : A
Yes . here you need to ensure that you implement the required network controls , have threat detection in place to
reduce breaches into your system
Verify explicitly
Assume breach
For more information on the Zero Trust Principle , please refer to the below URL
https://www.microsoft.com/en-us/security/business/zero-trust
Question 6 Correct
Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be
read only by authorized users?
A. Encryption A
B. Deduplication
C.Archiving
D. Compression
Explanation:
Correct Answer : A
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can
then be used to decrypt and read the data.
Option B is incorrect since this is normally used to eliminate duplicate copies of repeating data
Option C is incorrect since this is normally used to store data that is not used that frequently
Option D is incorrect since this is normally used to reduce the storage size of data
For more information on encryption in Microsoft Cloud , please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/o ce-365-encryption-in-themicrosoft-cloud-
overview?view=o365-worldwide
Question 7 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Which of the following is the process of checking if a signed-in user has access to a particular resource in Azure?
A. Authentication
Authorization
B. A
C. Conditional Access
D. Resource locks
Explanation:
Correct Answer : B
After a user has signed in, the user is checked to see if they have access to resources. If a user tries to access a resource ,
it would be checked on whether they first have the right to access the resource.
This process is known as authorization.
Option A is incorrect since this is used to check if a person is really who they say they are
Option C is incorrect since this is used to provide a conditional way to authenticate to Azure
For more information on Authentication and Authorization , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vsauthorization
Question 8 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
A company is planning on using Azure Active Directory. Which of the following is used to describe the exact term for
Azure Active Directory?
A. Federation server
B.Identity Provider A
C.Proxy server
D. Firewall
Explanation:
Correct Answer : B
Azure Active Directory is Microsoft’s identity provider. This is used for storage of identities and for access management.
Both Azure and Microsoft Office 365 can use Azure Active Directory for identity and access management
All of the other options are incorrect since Azure Active Directory is used for identity and access management.
For more information on Azure Active Directory , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
Question 9 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following
are the authentication techniques available for Windows Hello for business? Choose 3 answers from the options given
below
A. PIN A
B. Facial Recognition A
C. Email message
D. Password
E. Fingerprint recognition A
Explanation:
The entire purpose of Windows Hello for business is to ensure passwords are not used in the authentication process.
Here uses can use other techniques for authentication via the usage of PIN’s and biometric recognition.
Options C and D are incorrect since Windows Hello for Business tries to ensure that secure measures are used for
the authentication process.
For more information on Windows Hello for business , please refer to the below URL
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-forbusiness/hello-overview
Question 10 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on using Azure Active Directory for the storage of identities. They want to make use of the
self-service password reset feature. Which of the following authentication methods are available for self-service
password reset? Choose 3 answers from the options given below
A. Email A
C. A picture message
Explanation:
Correct Answers: A, D and E
Below are the authentication methods available for self-service password reset
Mobile phone
O ce phone
Security questions
Since the authentication methods are clearly mentioned, all other options are incorrect
For more information on self-service password reset , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-ssprhowitworks
Question 11 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on using Azure Active Directory. They already have user identities stored in their on-premises
Active Directory. They want to sync the user identities from their on-premises Active Directory onto Azure Active
Directory. Which of the following could be used for this purpose?
A. Azure Blueprints
B.Azure AD Connect A
Correct Answer : B
Azure AD Connect is used to synchronize identities from the on-premises Active Directory onto Azure Active Directory.
There are different methods available for user identity synchronization.
Option D is incorrect since this is used for providing just-in-time access to resources in Azure AD
For more information on Azure AD Connect , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Question 12 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on making use of Azure Active Directory. Do all versions of Azure Active Directory provide the
same set of features?
A. Yes
B.No A
Explanation:
Correct Answer : B
There are different pricing models available for Azure Active Directory. The most basic version is the
Free model. Here there is a limitation in terms of features. For example, you will not get features such as
For more information on Azure AD Pricing , please refer to the below URL
https://azure.microsoft.com/en-us/pricing/details/active-directory/
Question 13 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on making use of Azure Active Directory. Does the company need to create a virtual machine
in Azure for hosting Active Directory?
A. Yes
B.No A
Explanation:
Correct Answer : B
Azure Active Directory is a completely managed service. Here the underlying infrastructure is managed by Azure. You
don’t need to create any virtual machines for hosting Active Directory.
For more information on Azure Active Directory , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
Ask our Experts
Question 14 Correct
Your company is planning on making use of Network Security Groups. Can you make use of network security groups to
deny all inbound traffic from the Internet?
A. Yes A
B.No
Explanation:
Correct Answer : A
By default, there is a rule in the Network security group that blocks all network traffic except for that within the Azure
virtual network. This rule will block all traffic from the Internet.
For more information on Azure network security groups , please refer to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Ask our Experts
Question 15 Correct
Your company is planning on making use of Network Security Groups. Can you make use of network security groups to
deny all outbound traffic from the Internet?
A. Yes A
B.No
Explanation:
Correct Answer : A
In the network security group, you can create a rule that would deny all outbound traffic to the Internet. An example is
shown below
For more information on Azure network security groups , please refer to the below URL
Ask our Experts
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Question 16 Correct
Your company is planning on making use of Network Security Groups. Can you make use of network security groups to
filter traffic based on the IP address, protocol and port number?
A. Yes A
B.No
Explanation:
Correct Answer : A
For a network security group rule, you can create a rule that is based on the IP address, the protocol and the port
number. An example screenshot is given below which shows the IP address, the protocol and the port number.
For more information on Azure network security groups , please refer to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Ask our Experts
Question 17 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
D. Azure Blueprints
Explanation:
Correct Answer : B
Azure AD Privileged Identity Management can be used to provide just-in-time access to your resources.
In Azure AD Privileged Identity Management, you can add assignments to resources to users in Azure.
An example screenshot is given below
Option A is incorrect since this is used for securing identities in Azure AD
Option C is incorrect since this is used as an extra level of authentication during the entire authentication process
For more information on Azure AD Privileged Identity Management , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pimcon gure
Question 18 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to provide
access to resources in Azure?
A. Yes
B. No A
Explanation:
Correct Answer : B
Azure AD Identity protection is used to identify risks based on the user sign-in process. It is not used to provide access to
resources in Azure.
For more information on Azure AD Identity Protection , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identityprotection
Question 19 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to enforce
multi-factor authentication for users based on a sign-risk policy?
A. Yes A
B.No
Explanation:
Correct Answer : A
In Azure AD Identity Protection, you can configure the Sign-in risk policy to allow access and enforce the use of Multi-
Factor Authentication.
For more information on Azure AD Identity Protection , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identityprotection
Question 20 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Your company is planning on using Azure AD Identity Protection. Does Azure AD Identity protection categorize events
into Low, Medium and High?
A. Yes A
B.No
Explanation:
Correct Answer : A
When you configure a risk policy in Azure AD Identity Protection, you can decide on the category of risks. This is because
all of the identified risks are categorized into High, Medium or Low risks.
For more information on Azure AD Identity Protection , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identityprotection
Question 21 Correct
Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?
Explanation:
Correct Answer : A
You can accomplish this with the help of Azure Security Center
If you go to Azure Security Center, in the Overview you can see the secure score.
Since this is clearly shown in Azure Security Center, all other options are incorrect
For more information on Azure Security Center , please refer to the below URL
https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction
Question 22 Correct
You have to decide on the right service to use based on the requirement. Which of the following would you use
for the below requirement? “Provide Network address translation”
A. Azure Bastion
Azure Firewall
B. A
C.Network Security Groups
Explanation:
Correct Answer : B
The Azure Firewall service has the facility to translate traffic via its public IP address to private IP addresses to virtual
networks
Option A is incorrect since this provides a service to RDP/SSH into your Azure virtual machines
Option C is incorrect since this is used to lter the tra c to your Azure virtual machines
Option D is incorrect since this is used to protect your Azure resources against large scale attacks from the Internet
For more information on the Azure Firewall feature , please refer to the below URL
https://docs.microsoft.com/en-us/azure/ rewall/features#inbound-dnat-support
Question 23 Correct
You have to decide on the right service to use based on the requirement. Which of the following would you use for the
below requirement?
“Provide protection against large scale internet attacks”
A. Azure Bastion
B.Azure Firewall
C.Network Security Groups
Explanation:
Correct Answer : D
You can use the Azure DDoS service to protect against large scale Internet-based attacks.
Option A is incorrect since this provides a service to RDP/SSH into your Azure virtual machines
Option C is incorrect since this is used to lter the tra c to your Azure virtual machines
For more information on the Azure DDoS service , please refer to the below URL
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
Question 24 Incorrect
You have to decide on the right service to use based on the requirement. Which of the following would you use
for the below requirement? “Filter traffic to Azure virtual machines”
A. Azure Bastion
Azure Firewall
B. B
Correct Answer : C
You can use Azure Network Security groups to filter traffic to and from resources that are located in an Azure virtual
network.
Option A is incorrect since this provides a service to RDP/SSH into your Azure virtual machines
Option D is incorrect since this is used to protect your Azure resources against large scale attacks from the Internet
For more information on the Azure Network Security groups , please refer to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Question 25 Correct
You have to decide on the right service to use based on the requirement. Which of the following would you use for the
below requirement?
“Provide a secure way to RDP/SSH into Azure virtual machines”
Azure Bastion
A. A
B.Azure Firewall
Correct Answer : A
The Azure Bastion service is a managed service that allows you to connect to an Azure virtual machine via the browser
and the Azure portal.
Option C is incorrect since this is used to lter the tra c to your Azure virtual machines
Option D is incorrect since this is used to protect your Azure resources against large scale attacks from the Internet
For more information on the Azure Bastion service , please refer to the below URL
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
Question 26 Correct
Which of the following provides XDR capabilities that helps to protect multi-cloud and hybrid workloads?
A. Azure Policy
B.Azure Defender A
C.Azure Blueprints
Explanation:
Correct Answer : B
Azure Defender now has the capabilities to deliver XDR-based capabilities that helps to protect both multi-cloud and
hybrid workloads. Azure Defender comes as part of the Azure Security suite of features.
Option A is incorrect since this is a governance-based service for your Azure account
Option C is incorrect since this is used to deploy various artifacts to your Azure subscriptions
Option D is incorrect since this is used to protect your identities in Azure Active Directory
For more information on the Azure Defender XDR-based capabilities , please refer to the below URL
https://www.microsoft.com/security/blog/2020/09/22/microsoft-uni ed-siem-xdr-modernizesecurity-
operations/
Question 27 Correct
You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for
Endpoint to protect Windows 2016-based Azure virtual machines?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can on-board servers such as Windows Server 2012 and 2016 to the Microsoft Defender for Endpoint service.
For more information on the on-boarding devices for Microsoft Defender for endpoint, please refer to the below URL
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defenderatp/onboard-con gure
Ask our Experts
Question 28 Correct
You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for
Endpoint to protect Windows 10 machines?
A. Yes A
B.No
Explanation:
Correct Answer : A
Yes, Windows 10 devices are also supported for Microsoft Defender for Endpoint service
For more information on the on-boarding devices for Microsoft Defender for endpoint, please refer to the below URL
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defenderatp/onboard-con
gure
Question 29 Incorrect
A. Yes A
B.No B
Explanation:
Correct Answer: A
You can’t use Microsoft Defender for Endpoint to protect Sharepoint sites
For more information on the on-boarding devices for Microsoft Defender for endpoint, please refer to the below URL
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defenderatp/onboard-con
gure
Question 30 Correct
You have to enrol devices into Microsoft Intune. Can you enrol your Window 10 devices into Microsoft Intune?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you enrol your Windows 10 devices into Microsoft Intune, you then get mobile access to your work and school
applications, email and Wi-Fi.
For more information on enrolling Windows 10 devices into Microsoft Intune, please refer to the below
URL
https://docs.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device
Question 31 Correct
You have to enrol devices into Microsoft Intune. Can you enrol your Android devices into Microsoft Intune?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you enrol your Android devices into Microsoft Intune, you then get mobile access to your work and school
applications, email and Wi-Fi.
For more information on enrolling Android devices into Microsoft Intune, please refer to the below
URL
https://docs.microsoft.com/en-us/mem/intune/user-help/enroll-device-android-company-portal
You have to enrol devices into Microsoft Intune. Can you enrol both your organization-provided and personal devices?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can enrol both organization-provided devices and personal dev ices into Microsoft Intune.
For more information on enrolling devices into Microsoft Intune, please refer to the below URL
https://docs.microsoft.com/en-us/mem/intune/user-help/use-managed-devices-to-get-workdone
Question 33 Correct
Your company is planning on using Microsoft 365 security center to review the security for their
Microsoft Office 365 deployments. Which of the following categories are available for the cards in Microsoft office 365
security center? Choose 3 answers from the options given below
A. Identities A
B. Devices A
C. Groups
D. Apps A
Explanation:
When it comes to the categories for Microsoft office 365 security center, the following are available
Identities – This helps to monitor the identities in the organization. It helps to keep track of suspicious or risky
behaviours when it comes to the de ned identities
Data – Here user activity can be tracked that could lead to unauthorized data disclosure
Apps – This helps to gain better insight into the applications used in the organization
For more information on Microsoft 365 security center, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/overview-security-center? view=o365-worldwide
Question 34 Correct
What is the maximum time frame for which you can retain audit logs in Microsoft 365?
A. 1 month
B.1 year
C.5 years
D. 10 years A
Explanation:
Correct Answer: D
With long-term retention in audit logs, you can retain logs for up-to 10 years. This can allow your security team to
perform long running investigations if required on the data.
Since Microsoft 365 Advanced auditing supports auditing of up to 10 years, all other options are incorrect
For more information on Microsoft 365 Advanced auditing, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365worldwide
Question 35 Correct
Your company has just setup an Azure subscription. They have the following requirements
“Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”
“Be able to ensure no one can delete resources de ned in a resource group named whizlabs -staging”
“Ensure that all Windows Servers de ned as Azure virtual machines should have the Microsoft IaaS Antimalware
extension installed”
“Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”
A. Azure Policy
B.Azure Blueprints A
Explanation:
Correct Answer: B
You can use Azure Blueprints to deploy a set of artifacts. The artifacts can be resources as ARM templates, resource
groups and role assignments.
Below is a screenshot of the artifacts that can be deployed via Azure Blueprints
Option A is incorrect since this is used as a governance for your resources de ned as part of your Azure account
Option D is incorrect since this is used to prevent the accidental deletion and modi cation of resources in Azure
For more information on Azure Blueprints, please refer to the below URL
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
Your company has just setup an Azure subscription. They have the following requirements
“Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”
“Be able to ensure no one can delete resources de ned in a resource group named whizlabs-staging”
“Ensure that all Windows Servers de ned as Azure virtual machines should have the Microsoft IaaS Antimalware
extension installed”
A. Azure Policy
B.Azure Blueprints
Explanation:
Correct Answer: D
Here you can define resource locks. This would ensure that no one accidentally deletes resources in a resource group.
A screenshot shown below shows that you can add a delete lock to a resource group for this requirement
Option A is incorrect since this is used as a governance for your resources de ned as part of your Azure account
Option B is incorrect since this is used to deploy artifacts such as ARM templates, resource groups , role
assignments
For more information on Azure Resource locks, please refer to the below URL
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Question 37 Correct
Your company has just setup an Azure subscription. They have the following requirements
“Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”
“Be able to ensure no one can delete resources de ned in a resource group named whizlabs -staging”
“Ensure that all Windows Servers de ned as Azure virtual machines should have the Microsoft IaaS
Antimalware extension installed”
Azure Policy
A. A
B.Azure Blueprints
Correct Answer: A
Here you can define an Azure policy. The policy can ensure that all Windows server based Azure virtual machines have
the Microsoft IaaS Antimalware extension installed
The below screenshot shows the policy that you can use for this requirement
Option B is incorrect since this is used to deploy artifacts such as ARM templates, resource groups , role
assignments
Option D is incorrect since this is used to prevent the accidental deletion and modi cation of resources in Azure
For more information on Azure policies, please refer to the below URL
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Domain :Describe the capabilities of Microsoft identity and access management solutions
Which of the following allows you to invite guest users and provide them access to Azure resources within your
organization?
D. Azure AD Connect
Explanation:
Correct Answer: C
With Azure Active Directory B2B , you can actually invite users from external partners. You can then securely give them
access to Azure resources within your organization.
Option B is incorrect since this is used to give just-in-time access to resources in Azure
Option D is incorrect since this is used to sync your on-premises identities to Azure Active Directory
For more information on Azure Active Directory B2B, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels can be used to encrypt the
contents in documents?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you apply a “Confidential” label to a document, the label will encrypt the content in the document.
For more information on Sensitivity labels for Microsoft 365, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365worldwide
Question 40 Correct
You are considering the use of sensitivity labels in Microsoft 365. Do sensitivity labels add a header and footer to the
underlying Office 365 document for which the label is applied?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you apply a sensitivity label to a document, it will also add a header and footer to the document.
For more information on Sensitivity labels for Microsoft 365, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365worldwide
Question 41 Correct
You are considering the use of sensitivity labels in Microsoft 365. Do sensitivity labels add a watermark to the underlying
Office 365 document for which the label is applied?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you apply a sensitivity label to a document, it will also add a watermark to the document.
For more information on Sensitivity labels for Microsoft 365, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365worldwide
Your company is looking at the different options available when it comes to security solutions for
Microsoft 365. Below are the key requirements
Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a con ict of interest in the organization
A. Information Barriers
C.Customer Lockbox
Explanation:
Correct Answer: B
With the Content Search tool, you can quickly find email in Exchange mailboxes, documents in SharePoint sites and
OneDrive locations. You can also search for instant messaging conversations in Microsoft teams as well.
Option A is incorrect because this is used to restrict communication and collaboration between two groups to
avoid a con ict of interest in the organization
Option C is incorrect because this is used to give Microsoft support engineers access to user’s data if they need to
debug an issue
Option D is incorrect because this is used to give just-in-time access to services in Microsoft 365
For more information on the Content Search tool, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365worldwide
Ask our Experts
Question 43 Correct
Your company is looking at the different options available when it comes to security solutions for
Microsoft 365. Below are the key requirements
Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a con ict of interest in the organization
A. Information Barriers A
C.Customer Lockbox
Explanation:
Correct Answer: A
Sometimes it might be required to ensure communication is not possible between two groups of people. This could be
because of a potential conflict of interest between both parties. In this case , you can make use of Information Barriers.
Option B is incorrect because this is used to search for content in Exchange mailboxes, documents in SharePoint
sites and OneDrive locations
Option C is incorrect because this is used to give Microsoft support engineers access to user’s data if they need to
debug an issue
Option D is incorrect because this is used to give just-in-time access to services in Microsoft 365
For more information on “Information barriers”, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-solutionoverview?view=o365-
worldwide
Question 44 Correct
Your company is looking at the different options available when it comes to security solutions for
Microsoft 365. Below are the key requirements
Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a con ict of interest in the organization
A. Information Barriers
C.Customer Lockbox A
Explanation:
Correct Answer: C
Sometimes Microsoft Engineers need access to user’s data to diagnose an issue. This can be done with the help of the
Customer Lockbox feature.
Option A is incorrect because this is used to restrict communication and collaboration between two groups to
avoid a con ict of interest in the organization
Option B is incorrect because this is used to search for content in Exchange mailboxes, documents in SharePoint
sites and OneDrive locations
Option D is incorrect because this is used to give just-in-time access to services in Microsoft 365
For more information on Customer Lockbox, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-lockbox-requests? view=o365-worldwide
Question 45 Correct
Your company is looking at the different options available when it comes to security solutions for
Microsoft 365. Below are the key requirements
Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a con ict of interest in the organization
A. Information Barriers
C.Customer Lockbox
Explanation:
Correct Answer: D
You can make use of privileged access management to provide just-in-time access to services in Microsoft 365. So
instead of giving prior access, here you can ensure that access is only provided whenever it is required.
Option A is incorrect because this is used to restrict communication and collaboration between two groups to
avoid a con ict of interest in the organization
Option B is incorrect because this is used to search for content in Exchange mailboxes, documents in SharePoint
sites and OneDrive locations
Option C is incorrect because this is used to give Microsoft support engineers access to user’s data if they need to
debug an issue
For more information on the privileged access management feature, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-managementsolution-
overview?view=o365-worldwide
Question 46 Correct
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely RDP into
an Azure Windows virtual machine via the browser and the Azure portal?
A. Yes A
B.No
Explanation:
Correct Answer: A
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines.
Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a
Windows Azure virtual machine or SSH into a Linux Azure virtual machine.
For more information on the Azure Bastion service, please refer to the below URL
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely SSH into
an Azure Linux virtual machine via the browser and the Azure portal?
A. Yes A
B.No
Explanation:
Correct Answer: A
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines.
Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a
Windows Azure virtual machine or SSH into a Linux Azure virtual machine.
For more information on the Azure Bastion service, please refer to the below URL
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic
from the Internet onto an Azure virtual machine?
A. Yes A
B.No B
Explanation:
Correct Answer: A
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine. For this you will need to use
Network Security groups. The Azure Bastion service is used to RDP/SSH into an Azure virtual machine via the Azure portal
and the browser.
For more information on the Azure Bastion service, please refer to the below URL
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
Question 49 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can
you ensure a lockout of the user’s account occurs after five login simultaneous attempts?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can define the lockout threshold for the user in the password protection policy as shown below.
For more information on the smart lockout feature, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smartlockout
Domain :Describe the capabilities of Microsoft identity and access management solutions
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can
you ensure a user does not have the product’s name as part of the password defined by the user?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can define your own custom word list when it comes to banned passwords that users can set. A screenshot of
where this can be defined is shown below
For more information on password protection in Azure AD, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-banbad
Question 51 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can
you enable password protection for Windows Server Active directory from Azure AD password protection?
A. Yes A
B.No
Explanation:
Correct Answer: A
Yes, if you go to Password protection in Azure AD , you can also enable password protection for
Windows Server Active Directory as shown below
For more information on password protection for Active Directory Domain services, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-banbad-on-premises
Question 52 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to provide a user access
to manage an Azure virtual machine?
A. Yes
B.No A
Explanation:
Correct Answer: B
To manage access to resources in Azure, you need to use Role-based access control. You will define the user identities in
Azure AD, but then provide access using Role-based access control.
For more information on Role-based access control, please refer to the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Question 53 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to provide a user access
to create application registrations in Azure Active directory?
A. Yes A
B.No
Explanation:
Correct Answer: A
In Azure Active Directory , you will go ahead and assign roles to users. Here you can assign the Application administrator
role to the user to manage various aspects when it comes to managing applications in Azure Active Directory.
For more information on Azure Active Directory roles, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
Question 54 Correct Domain :Describe the capabilities of Microsoft identity and access management solutions
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to manage device
registrations in Azure Active Directory?
A. Yes A
B.No
Explanation:
Correct Answer: A
Yes, you can go to All devices and manage devices in Azure Active Directory
The screenshot below shows the devices page in Azure Active Directory
For more information on device entities in Azure Active Directory, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
A. Yes A
B.No
Explanation:
Correct Answer: A
In the regulatory compliance dashboard, you have the ability to download the various compliance reports as shown
below.
For more information on Azure Security Center regulatory compliance, please refer to the below URL
https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard