Correct: Sorting by

Review the Answers
Sorting by
Question 1 Correct
Domain :Describe the concepts of security, compliance, and identity
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it
comes to Microsoft privacy. Is Control a key Microsoft privacy principal?
A. Yes A
B.No
Explanation:
Correct Answer : A
Below are the key privacy principals as addressed by Microsoft
Control
Transparency
Security
Strong legal protections
No content-based targeting
Bene ts to you
When it comes to control, this gives control to the customer when it comes to privacy
For more information on Microsoft Privacy control , please refer to the below URL
https://privacy.microsoft.com/en-US/
View Queries open

Question 2 Correct
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it
comes to Microsoft privacy. Is Transparency a key Microsoft privacy principal?
A. Yes A
B.No
Explanation:
Correct Answer: A
Control
Transparency
Security
Bene ts to you
When it comes to Transparency, Microsoft tells us that they are transparent when it comes to data collection.
Ask our Experts
Rate this Question? vu
View Queries
open
Question 3 Correct
Your company is planning on using Azure Cloud services. They are looking at the different security aspects when it comes
to Microsoft privacy. Is the Shared Responsibility Model a key Microsoft privacy principal?
A. Yes
B.No A
Explanation:
Correct Answer: B
Shared Responsibility is not a key Microsoft Privacy principal
Control
Transparency
Security
Bene ts to you
Ask our Experts
Question 4 Correct

Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is
Verify explicitly a Zero Trust principle?
A. Yes A
B.No
Explanation:
Correct Answer : A
Yes . Here you have to ensure that not everyone is provided access to a system. Here you should always authenticate
and authorize users.
The principles when it comes to Zero trust are
Verify explicitly
Use least privileged access
Assume breach
For more information on the Zero Trust Principle , please refer to the below URL
https://www.microsoft.com/en-us/security/business/zero-trust
Ask our Experts
Question 5 Correct
Your company is planning on using Azure Cloud services. They are looking at the concept of the Zero Trust principle. Is
assume breach a Zero Trust principle?
A. Yes A
B.No
Explanation:
Correct Answer : A
Yes . here you need to ensure that you implement the required network controls , have threat detection in place to
reduce breaches into your system
The principles when it comes to Zero trust are
Verify explicitly
Use least privileged access
Assume breach
For more information on the Zero Trust Principle , please refer to the below URL
https://www.microsoft.com/en-us/security/business/zero-trust
Ask our Experts
Question 6 Correct
Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be
read only by authorized users?
A. Encryption A
B. Deduplication
C.Archiving
D. Compression
Explanation:
Correct Answer : A
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can
then be used to decrypt and read the data.
Option B is incorrect since this is normally used to eliminate duplicate copies of repeating data
Option C is incorrect since this is normally used to store data that is not used that frequently
Option D is incorrect since this is normally used to reduce the storage size of data
For more information on encryption in Microsoft Cloud , please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/o ce-365-encryption-in-themicrosoft-cloud-
overview?view=o365-worldwide
Ask our Experts
Question 7 Correct
Domain :Describe the capabilities of Microsoft identity and access management solutions
Which of the following is the process of checking if a signed-in user has access to a particular resource in Azure?
A. Authentication
Authorization
B. A
C. Conditional Access
D. Resource locks
Explanation:
Correct Answer : B
After a user has signed in, the user is checked to see if they have access to resources. If a user tries to access a resource ,
it would be checked on whether they first have the right to access the resource.
This process is known as authorization.
Option A is incorrect since this is used to check if a person is really who they say they are
Option C is incorrect since this is used to provide a conditional way to authenticate to Azure
Option D is incorrect since this is used to lock resources in Azure
For more information on Authentication and Authorization , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vsauthorization
Ask our Experts
Question 8 Correct
A company is planning on using Azure Active Directory. Which of the following is used to describe the exact term for
Azure Active Directory?
A. Federation server
B.Identity Provider A
C.Proxy server
D. Firewall
Explanation:
Correct Answer : B
Azure Active Directory is Microsoft’s identity provider. This is used for storage of identities and for access management.
Both Azure and Microsoft Office 365 can use Azure Active Directory for identity and access management
All of the other options are incorrect since Azure Active Directory is used for identity and access management.
For more information on Azure Active Directory , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
Ask our Experts
Question 9 Correct
A company wants to make use of Windows Hello for business when it comes to authentication. Which of the following
are the authentication techniques available for Windows Hello for business? Choose 3 answers from the options given
below
A. PIN A
B. Facial Recognition A
C. Email message
D. Password
E. Fingerprint recognition A
Explanation:
Correct Answers : A, B and E
The entire purpose of Windows Hello for business is to ensure passwords are not used in the authentication process.
Here uses can use other techniques for authentication via the usage of PIN’s and biometric recognition.
Options C and D are incorrect since Windows Hello for Business tries to ensure that secure measures are used for
the authentication process.
For more information on Windows Hello for business , please refer to the below URL
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-forbusiness/hello-overview
Ask our Experts
Question 10 Correct
Your company is planning on using Azure Active Directory for the storage of identities. They want to make use of the
self-service password reset feature. Which of the following authentication methods are available for self-service
password reset? Choose 3 answers from the options given below
A. Email A
B. A passport identification number
C. A picture message
D. Mobile app notification A
E. Mobile app code A
Explanation:
Correct Answers: A, D and E
Below are the authentication methods available for self-service password reset
Mobile app noti cation
Mobile app code Email
Mobile phone
O ce phone
Security questions
Since the authentication methods are clearly mentioned, all other options are incorrect
For more information on self-service password reset , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-ssprhowitworks
Ask our Experts
Question 11 Correct
Your company is planning on using Azure Active Directory. They already have user identities stored in their on-premises
Active Directory. They want to sync the user identities from their on-premises Active Directory onto Azure Active
Directory. Which of the following could be used for this purpose?
A. Azure Blueprints
B.Azure AD Connect A
C.Azure Identity Protection
D. Azure Privileged Identity Management

Explanation:
Correct Answer : B
Azure AD Connect is used to synchronize identities from the on-premises Active Directory onto Azure Active Directory.
There are different methods available for user identity synchronization.
Option A is incorrect since this is used to de ne a repeatable set of Azure resources
Option C is incorrect since this is used for securing identities in Azure AD
Option D is incorrect since this is used for providing just-in-time access to resources in Azure AD
For more information on Azure AD Connect , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Ask our Experts
Question 12 Correct
Your company is planning on making use of Azure Active Directory. Do all versions of Azure Active Directory provide the
same set of features?
A. Yes
B.No A
Explanation:
Correct Answer : B
There are different pricing models available for Azure Active Directory. The most basic version is the
Free model. Here there is a limitation in terms of features. For example, you will not get features such as
A service level agreement
Self-service password reset for cloud users
Group access management
For more information on Azure AD Pricing , please refer to the below URL
https://azure.microsoft.com/en-us/pricing/details/active-directory/
Ask our Experts
Question 13 Correct
Your company is planning on making use of Azure Active Directory. Does the company need to create a virtual machine
in Azure for hosting Active Directory?
A. Yes
B.No A
Explanation:
Correct Answer : B
Azure Active Directory is a completely managed service. Here the underlying infrastructure is managed by Azure. You
don’t need to create any virtual machines for hosting Active Directory.
For more information on Azure Active Directory , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
Ask our Experts
Question 14 Correct
Domain :Describe the capabilities of Microsoft security solutions
Your company is planning on making use of Network Security Groups. Can you make use of network security groups to
deny all inbound traffic from the Internet?
A. Yes A
B.No
Explanation:
Correct Answer : A
By default, there is a rule in the Network security group that blocks all network traffic except for that within the Azure
virtual network. This rule will block all traffic from the Internet.
For more information on Azure network security groups , please refer to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Ask our Experts
Question 15 Correct
deny all outbound traffic from the Internet?
A. Yes A
B.No
Explanation:
Correct Answer : A
In the network security group, you can create a rule that would deny all outbound traffic to the Internet. An example is
shown below
Ask our Experts
Question 16 Correct
filter traffic based on the IP address, protocol and port number?
A. Yes A
B.No
Explanation:
Correct Answer : A
For a network security group rule, you can create a rule that is based on the IP address, the protocol and the port
number. An example screenshot is given below which shows the IP address, the protocol and the port number.
Ask our Experts
Question 17 Correct
Which of the following can be used to provide just-in-time access to resources?
A. Azure AD Identity Protection
B.Azure AD Privileged Identity Management A
C.Azure Multi-Factor Authentication
D. Azure Blueprints
Explanation:
Correct Answer : B
Azure AD Privileged Identity Management can be used to provide just-in-time access to your resources.
In Azure AD Privileged Identity Management, you can add assignments to resources to users in Azure.
An example screenshot is given below
Option A is incorrect since this is used for securing identities in Azure AD
Option C is incorrect since this is used as an extra level of authentication during the entire authentication process
Option D is incorrect since this is used to de ne a repeatable set of Azure resources
For more information on Azure AD Privileged Identity Management , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pimcon gure
Ask our Experts
Question 18 Correct
Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to provide
access to resources in Azure?
A. Yes
B. No A
Explanation:
Correct Answer : B
Azure AD Identity protection is used to identify risks based on the user sign-in process. It is not used to provide access to
resources in Azure.
For more information on Azure AD Identity Protection , please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identityprotection
Ask our Experts
Question 19 Correct
Your company is planning on using Azure AD Identity Protection. Can you use Azure AD Identity protection to enforce
multi-factor authentication for users based on a sign-risk policy?
A. Yes A
B.No
Explanation:
Correct Answer : A
In Azure AD Identity Protection, you can configure the Sign-in risk policy to allow access and enforce the use of Multi-
Factor Authentication.
Ask our Experts
Question 20 Correct
Your company is planning on using Azure AD Identity Protection. Does Azure AD Identity protection categorize events
into Low, Medium and High?
A. Yes A
B.No
Explanation:
Correct Answer : A
When you configure a risk policy in Azure AD Identity Protection, you can decide on the category of risks. This is because
all of the identified risks are categorized into High, Medium or Low risks.
Ask our Experts
Question 21 Correct
Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?
Explanation:
Correct Answer : A
You can accomplish this with the help of Azure Security Center
If you go to Azure Security Center, in the Overview you can see the secure score.
Since this is clearly shown in Azure Security Center, all other options are incorrect
For more information on Azure Security Center , please refer to the below URL
https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction
Ask our Experts
Question 22 Correct
You have to decide on the right service to use based on the requirement. Which of the following would you use
for the below requirement? “Provide Network address translation”
A. Azure Bastion
Azure Firewall
B. A
C.Network Security Groups
D. Azure DDoS Protection
Explanation:
Correct Answer : B
The Azure Firewall service has the facility to translate traffic via its public IP address to private IP addresses to virtual
networks
Option A is incorrect since this provides a service to RDP/SSH into your Azure virtual machines
Option C is incorrect since this is used to lter the tra c to your Azure virtual machines
Option D is incorrect since this is used to protect your Azure resources against large scale attacks from the Internet
For more information on the Azure Firewall feature , please refer to the below URL
https://docs.microsoft.com/en-us/azure/ rewall/features#inbound-dnat-support
Ask our Experts
Question 23 Correct
You have to decide on the right service to use based on the requirement. Which of the following would you use for the
below requirement?
“Provide protection against large scale internet attacks”
A. Azure Bastion
B.Azure Firewall
D. Azure DDoS Protection A
Explanation:
Correct Answer : D
You can use the Azure DDoS service to protect against large scale Internet-based attacks.
Option B is incorrect since this is a managed rewall service
For more information on the Azure DDoS service , please refer to the below URL
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
Ask our Experts
Question 24 Incorrect
You have to decide on the right service to use based on the requirement. Which of the following would you use
for the below requirement? “Filter traffic to Azure virtual machines”
A. Azure Bastion
Azure Firewall
B. B
C.Network Security Groups A

Explanation:
Correct Answer : C
You can use Azure Network Security groups to filter traffic to and from resources that are located in an Azure virtual
network.
For more information on the Azure Network Security groups , please refer to the below URL
Ask our Experts
Question 25 Correct
You have to decide on the right service to use based on the requirement. Which of the following would you use for the
below requirement?
“Provide a secure way to RDP/SSH into Azure virtual machines”
Azure Bastion
A. A
B.Azure Firewall

Explanation:
Correct Answer : A
The Azure Bastion service is a managed service that allows you to connect to an Azure virtual machine via the browser
and the Azure portal.
For more information on the Azure Bastion service , please refer to the below URL
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
Ask our Experts
Question 26 Correct
Which of the following provides XDR capabilities that helps to protect multi-cloud and hybrid workloads?
A. Azure Policy
B.Azure Defender A
C.Azure Blueprints
D. Azure Identity Protection
Explanation:
Correct Answer : B
Azure Defender now has the capabilities to deliver XDR-based capabilities that helps to protect both multi-cloud and
hybrid workloads. Azure Defender comes as part of the Azure Security suite of features.
Option A is incorrect since this is a governance-based service for your Azure account
Option C is incorrect since this is used to deploy various artifacts to your Azure subscriptions
Option D is incorrect since this is used to protect your identities in Azure Active Directory
For more information on the Azure Defender XDR-based capabilities , please refer to the below URL
https://www.microsoft.com/security/blog/2020/09/22/microsoft-uni ed-siem-xdr-modernizesecurity-
operations/
Ask our Experts
Question 27 Correct
You company is planning on using the Microsoft Defender for Endpoint service. Can you use Microsoft Defender for
Endpoint to protect Windows 2016-based Azure virtual machines?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can on-board servers such as Windows Server 2012 and 2016 to the Microsoft Defender for Endpoint service.
For more information on the on-boarding devices for Microsoft Defender for endpoint, please refer to the below URL
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defenderatp/onboard-con gure
Ask our Experts
Question 28 Correct
Endpoint to protect Windows 10 machines?
A. Yes A
B.No
Explanation:
Correct Answer : A
Yes, Windows 10 devices are also supported for Microsoft Defender for Endpoint service
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defenderatp/onboard-con
gure
Ask our Experts

Endpoint to protect Sharepoint online?
A. Yes A
B.No B
Explanation:
Correct Answer: A
You can’t use Microsoft Defender for Endpoint to protect Sharepoint sites
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defenderatp/onboard-con
gure
Ask our Experts
Question 30 Correct
You have to enrol devices into Microsoft Intune. Can you enrol your Window 10 devices into Microsoft Intune?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you enrol your Windows 10 devices into Microsoft Intune, you then get mobile access to your work and school
applications, email and Wi-Fi.
For more information on enrolling Windows 10 devices into Microsoft Intune, please refer to the below
URL
https://docs.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device
Ask our Experts
Question 31 Correct
You have to enrol devices into Microsoft Intune. Can you enrol your Android devices into Microsoft Intune?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you enrol your Android devices into Microsoft Intune, you then get mobile access to your work and school
applications, email and Wi-Fi.
For more information on enrolling Android devices into Microsoft Intune, please refer to the below
URL
https://docs.microsoft.com/en-us/mem/intune/user-help/enroll-device-android-company-portal
Ask our Experts

Question 32 Correct
You have to enrol devices into Microsoft Intune. Can you enrol both your organization-provided and personal devices?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can enrol both organization-provided devices and personal dev ices into Microsoft Intune.
For more information on enrolling devices into Microsoft Intune, please refer to the below URL
https://docs.microsoft.com/en-us/mem/intune/user-help/use-managed-devices-to-get-workdone
Ask our Experts
Question 33 Correct
Your company is planning on using Microsoft 365 security center to review the security for their
Microsoft Office 365 deployments. Which of the following categories are available for the cards in Microsoft office 365
security center? Choose 3 answers from the options given below
A. Identities A
B. Devices A
C. Groups
D. Apps A
Explanation:
Correct Answers: A, B and D
When it comes to the categories for Microsoft office 365 security center, the following are available
Identities – This helps to monitor the identities in the organization. It helps to keep track of suspicious or risky
behaviours when it comes to the de ned identities
Data – Here user activity can be tracked that could lead to unauthorized data disclosure
Devices – This helps to look at threats on the devices
Apps – This helps to gain better insight into the applications used in the organization
For more information on Microsoft 365 security center, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/overview-security-center? view=o365-worldwide
Ask our Experts
Question 34 Correct
Domain :Describe the capabilities of Microsoft compliance solutions
What is the maximum time frame for which you can retain audit logs in Microsoft 365?
A. 1 month
B.1 year
C.5 years
D. 10 years A
Explanation:
Correct Answer: D
With long-term retention in audit logs, you can retain logs for up-to 10 years. This can allow your security team to
perform long running investigations if required on the data.
Since Microsoft 365 Advanced auditing supports auditing of up to 10 years, all other options are incorrect
For more information on Microsoft 365 Advanced auditing, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365worldwide
Ask our Experts
Question 35 Correct
Your company has just setup an Azure subscription. They have the following requirements
“Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.”
“Be able to ensure no one can delete resources de ned in a resource group named whizlabs -staging”
“Ensure that all Windows Servers de ned as Azure virtual machines should have the Microsoft IaaS Antimalware
extension installed”
Which of the following can be used for the following requirement?
A. Azure Policy
B.Azure Blueprints A
C.Azure AD Identity Protection
D. Azure Resource locks
Explanation:
Correct Answer: B
You can use Azure Blueprints to deploy a set of artifacts. The artifacts can be resources as ARM templates, resource
groups and role assignments.
Below is a screenshot of the artifacts that can be deployed via Azure Blueprints
Option A is incorrect since this is used as a governance for your resources de ned as part of your Azure account
Option C is incorrect since this is used to protect your identities in Azure AD
Option D is incorrect since this is used to prevent the accidental deletion and modi cation of resources in Azure
For more information on Azure Blueprints, please refer to the below URL
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
Ask our Experts

Question 36 Correct
“Be able to ensure no one can delete resources de ned in a resource group named whizlabs-staging”
“Ensure that all Windows Servers de ned as Azure virtual machines should have the Microsoft IaaS Antimalware

“Be able to ensure no one can delete resources defined in a resource group named whizlabs-rg”
A. Azure Policy
B.Azure Blueprints
D. Azure Resource locks A
Explanation:
Correct Answer: D
Here you can define resource locks. This would ensure that no one accidentally deletes resources in a resource group.
A screenshot shown below shows that you can add a delete lock to a resource group for this requirement
Option A is incorrect since this is used as a governance for your resources de ned as part of your Azure account
Option B is incorrect since this is used to deploy artifacts such as ARM templates, resource groups , role
assignments
For more information on Azure Resource locks, please refer to the below URL
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Ask our Experts
Question 37 Correct
“Be able to ensure no one can delete resources de ned in a resource group named whizlabs -staging”
“Ensure that all Windows Servers de ned as Azure virtual machines should have the Microsoft IaaS
Antimalware extension installed”

“Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware
Azure Policy
A. A
B.Azure Blueprints
D. Azure Resource locks

Explanation:
Correct Answer: A
Here you can define an Azure policy. The policy can ensure that all Windows server based Azure virtual machines have
the Microsoft IaaS Antimalware extension installed
The below screenshot shows the policy that you can use for this requirement
Option B is incorrect since this is used to deploy artifacts such as ARM templates, resource groups , role
assignments
Option D is incorrect since this is used to prevent the accidental deletion and modi cation of resources in Azure
For more information on Azure policies, please refer to the below URL
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Ask our Experts

Question 38 Correct
Which of the following allows you to invite guest users and provide them access to Azure resources within your
organization?
A. Azure Identity Protection
B.Azure Privileged Identity Management
C.Azure Active Directory B2B A
D. Azure AD Connect
Explanation:
Correct Answer: C
With Azure Active Directory B2B , you can actually invite users from external partners. You can then securely give them
access to Azure resources within your organization.
Option A is incorrect since this is used for protection of identities
Option B is incorrect since this is used to give just-in-time access to resources in Azure
Option D is incorrect since this is used to sync your on-premises identities to Azure Active Directory
For more information on Azure Active Directory B2B, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
Ask our Experts

Question 39 Correct
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels can be used to encrypt the
contents in documents?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you apply a “Confidential” label to a document, the label will encrypt the content in the document.
For more information on Sensitivity labels for Microsoft 365, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365worldwide
Ask our Experts
Question 40 Correct
You are considering the use of sensitivity labels in Microsoft 365. Do sensitivity labels add a header and footer to the
underlying Office 365 document for which the label is applied?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you apply a sensitivity label to a document, it will also add a header and footer to the document.
Ask our Experts
Question 41 Correct
You are considering the use of sensitivity labels in Microsoft 365. Do sensitivity labels add a watermark to the underlying
Office 365 document for which the label is applied?
A. Yes A
B.No
Explanation:
Correct Answer: A
When you apply a sensitivity label to a document, it will also add a watermark to the document.
Ask our Experts

Question 42 Correct
Your company is looking at the different options available when it comes to security solutions for
Microsoft 365. Below are the key requirements
Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations
Restrict communication and collaboration between two groups to avoid a con ict of interest in the organization
Provide access to a Microsoft support engineer to a user’s Exchange Online data
Provide just-in-time access to users in Microsoft O ce 365 Exchange Online

“Search for email in Exchange mailboxes, documents in Sharepoint sites and OneDrive locations”
A. Information Barriers
B.Content Search Tool A
C.Customer Lockbox
D. Privileged Access Management
Explanation:
Correct Answer: B
With the Content Search tool, you can quickly find email in Exchange mailboxes, documents in SharePoint sites and
OneDrive locations. You can also search for instant messaging conversations in Microsoft teams as well.
Option A is incorrect because this is used to restrict communication and collaboration between two groups to
avoid a con ict of interest in the organization
Option C is incorrect because this is used to give Microsoft support engineers access to user’s data if they need to
debug an issue
Option D is incorrect because this is used to give just-in-time access to services in Microsoft 365
For more information on the Content Search tool, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365worldwide
Ask our Experts
Question 43 Correct

“Restrict communication and collaboration between two groups to avoid a conflict of interest in the organization”
A. Information Barriers A
B.Content Search Tool
C.Customer Lockbox
Explanation:
Correct Answer: A
Sometimes it might be required to ensure communication is not possible between two groups of people. This could be
because of a potential conflict of interest between both parties. In this case , you can make use of Information Barriers.
Option B is incorrect because this is used to search for content in Exchange mailboxes, documents in SharePoint
sites and OneDrive locations
debug an issue
For more information on “Information barriers”, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-solutionoverview?view=o365-
worldwide
Ask our Experts
Question 44 Correct

“Provide access to a Microsoft support engineer to a user’s Exchange Online data”
C.Customer Lockbox A
Explanation:
Correct Answer: C
Sometimes Microsoft Engineers need access to user’s data to diagnose an issue. This can be done with the help of the
Customer Lockbox feature.
For more information on Customer Lockbox, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-lockbox-requests? view=o365-worldwide
Ask our Experts
Question 45 Correct

“Provide just-in-time access to users in Microsoft Office 365 Exchange Online”
C.Customer Lockbox
D. Privileged Access Management A
Explanation:
Correct Answer: D
You can make use of privileged access management to provide just-in-time access to services in Microsoft 365. So
instead of giving prior access, here you can ensure that access is only provided whenever it is required.
debug an issue
For more information on the privileged access management feature, please refer to the below URL
https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-managementsolution-
overview?view=o365-worldwide
Ask our Experts
Question 46 Correct
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely RDP into
an Azure Windows virtual machine via the browser and the Azure portal?
A. Yes A
B.No
Explanation:
Correct Answer: A
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines.
Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a
Windows Azure virtual machine or SSH into a Linux Azure virtual machine.
For more information on the Azure Bastion service, please refer to the below URL
Ask our Experts
Question 47 Correct Domain :Describe the capabilities of Microsoft security solutions
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to securely SSH into
an Azure Linux virtual machine via the browser and the Azure portal?
A. Yes A
B.No
Explanation:
Correct Answer: A
The entire purpose of the Azure Bastion service is to provide a secure way to RDP/SSH into your Azure virtual machines.
Here you can use the Azure portal and the browser to log into the Azure virtual machine. Here you can RDP into a
Windows Azure virtual machine or SSH into a Linux Azure virtual machine.
Ask our Experts

You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic
from the Internet onto an Azure virtual machine?
A. Yes A
B.No B
Explanation:
Correct Answer: A
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine. For this you will need to use
Network Security groups. The Azure Bastion service is used to RDP/SSH into an Azure virtual machine via the Azure portal
and the browser.
Ask our Experts
Question 49 Correct
You are trying to set the password policy for the identities defined in your company’s Azure Active Directory tenant. Can
you ensure a lockout of the user’s account occurs after five login simultaneous attempts?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can define the lockout threshold for the user in the password protection policy as shown below.
For more information on the smart lockout feature, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smartlockout
Ask our Experts

Question 50 Correct
you ensure a user does not have the product’s name as part of the password defined by the user?
A. Yes A
B.No
Explanation:
Correct Answer: A
You can define your own custom word list when it comes to banned passwords that users can set. A screenshot of
where this can be defined is shown below
For more information on password protection in Azure AD, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-banbad
Ask our Experts

Question 51 Correct
you enable password protection for Windows Server Active directory from Azure AD password protection?
A. Yes A
B.No
Explanation:
Correct Answer: A
Yes, if you go to Password protection in Azure AD , you can also enable password protection for
Windows Server Active Directory as shown below
For more information on password protection for Active Directory Domain services, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-banbad-on-premises
Ask our Experts
Question 52 Correct
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to provide a user access
to manage an Azure virtual machine?
A. Yes
B.No A
Explanation:
Correct Answer: B
To manage access to resources in Azure, you need to use Role-based access control. You will define the user identities in
Azure AD, but then provide access using Role-based access control.
For more information on Role-based access control, please refer to the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Ask our Experts
Question 53 Correct
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to provide a user access
to create application registrations in Azure Active directory?
A. Yes A
B.No
Explanation:
Correct Answer: A
In Azure Active Directory , you will go ahead and assign roles to users. Here you can assign the Application administrator
role to the user to manage various aspects when it comes to managing applications in Azure Active Directory.
For more information on Azure Active Directory roles, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
Ask our Experts
Question 54 Correct Domain :Describe the capabilities of Microsoft identity and access management solutions
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to manage device
registrations in Azure Active Directory?
A. Yes A
B.No
Explanation:
Correct Answer: A
Yes, you can go to All devices and manage devices in Azure Active Directory
The screenshot below shows the devices page in Azure Active Directory
For more information on device entities in Azure Active Directory, please refer to the below URL
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
Ask our Experts
Question 55 Correct Domain :Describe the capabilities of Microsoft security solutions

You are currently using Azure Security to evaluate the security of resources defined as part of your Azure subscription.
Can you download various regulatory compliance reports from Azure Security Center?
A. Yes A
B.No
Explanation:
Correct Answer: A
In the regulatory compliance dashboard, you have the ability to download the various compliance reports as shown
below.
For more information on Azure Security Center regulatory compliance, please refer to the below URL
https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard
Ask our Experts

Correct: Sorting by

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Correct: Sorting by

Uploaded by

Copyright:

Available Formats

Review the Answers

Domain :Describe the concepts of security, compliance, and identity

Below are the key privacy principals as addressed by Microsoft

Strong legal protections

View Queries open

Domain :Describe the concepts of security, compliance, and identity

Below are the key privacy principals as addressed by Microsoft

Strong legal protections

Ask our Experts

Rate this Question? vu

Domain :Describe the concepts of security, compliance, and identity

Shared Responsibility is not a key Microsoft Privacy principal

Below are the key privacy principals as addressed by Microsoft

Strong legal protections

Ask our Experts

Rate this Question? vu

Domain :Describe the concepts of security, compliance, and identity

The principles when it comes to Zero trust are

Use least privileged access

Ask our Experts

Rate this Question? vu

Domain :Describe the concepts of security, compliance, and identity

The principles when it comes to Zero trust are

Use least privileged access

Ask our Experts

Rate this Question? vu

Domain :Describe the concepts of security, compliance, and identity

Ask our Experts

Rate this Question? vu

Option D is incorrect since this is used to lock resources in Azure

Ask our Experts

Rate this Question? vu

Ask our Experts

Rate this Question? vu

Correct Answers : A, B and E

Ask our Experts

Rate this Question? vu

B. A passport identification number

D. Mobile app notification A

E. Mobile app code A

Mobile app noti cation

Mobile app code Email

Ask our Experts

Rate this Question? vu

C.Azure Identity Protection

D. Azure Privileged Identity Management

Option A is incorrect since this is used to de ne a repeatable set of Azure resources

Option C is incorrect since this is used for securing identities in Azure AD

Ask our Experts

Rate this Question? vu

A service level agreement

Self-service password reset for cloud users

Group access management

Ask our Experts

Rate this Question? vu

Rate this Question? vu

Domain :Describe the capabilities of Microsoft security solutions

Rate this Question? vu

Domain :Describe the capabilities of Microsoft security solutions

Rate this Question? vu

Domain :Describe the capabilities of Microsoft security solutions

Rate this Question? vu

Which of the following can be used to provide just-in-time access to resources?