SC-900 148q June 2021 by Drunkmonk

SC-900_148q_June_2021_By_Drunkmonk
Passing Score: 800

Time Limit: 120 min
File Version: 1.0
Microsoft Certified: Security, Compliance, and Identity Fundamentals
Skills measured
Describe the concepts of security, compliance, and identity
Describe the capabilities of Microsoft identity and access management solutions
Describe the capabilities of Microsoft security solutions
Describe the capabilities of Microsoft compliance solutions
Exam by DrunkMonk
Exam A
QUESTION 1
What is the purpose of eDiscovery hold?
Select two
NOTE: Each correct selection is woth one point
A. Quickly search the content locations on hold

B. Access and export case data for any case in the organization
C. Hold on users, create and edit searches, and export content
D. Preserves content that may be relevant to the case during the investigation.
Answer: AD
Section: (none)
Explanation/Reference:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide
QUESTION 2
How can you add a group as a member of the eDiscovery Manager role group?
A. By using Add-eDiscoveryCaseAdmin cmdlet in Security & Compliance Center PowerShell

B. By using New-DistributionGroup -Type Security in Security & Compliance Center PowerShell
C. By using Add-RoleGroupAdministrator cmdlet in Security & Compliance Center PowerShell
D. By using Add-RoleGroupMember cmdlet in Security & Compliance Center PowerShell
Answer: D
Section: (none)
Explanation:
You can add a mail-enabled security group as a member of the eDiscovery Managers subgroup in the
eDiscovery Manager role group by using the Add-RoleGroupMember cmdlet in Security & Compliance Center
PowerShell.
Reference:
QUESTION 3
Which of the following Insider risk management principle focuses on providing insights to enable reviewer
notifications, data investigations, and user investigations?
A. Transparency
B. Configurable
C. Integrated
D. Actionable
Answer: D
Section: (none)
Explanation:
Insider risk management is centered around the following principles:
Transparency: Balance user privacy versus organization risk with privacy-by-design architecture.
Configurable: Configurable policies based on industry, geographical, and business groups.
Integrated: Integrated workflow across Microsoft 365 compliance solutions.
Actionable: Provides insights to enable reviewer notifications, data investigations, and user investigations.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide
QUESTION 4
Where are all data files and email messages associated with alert activities are automatically captured and
displayed?
A. Alerts
B. Case Notes
C. Content Explorer
D. User Activity
E. Case Overview
Answer: C
Section: (none)
Explanation:
Content Explorer: All data files and email messages associated with alert activities are automatically captured
and displayed in the Content explorer. Reviewers can filter and view files and messages by data source, file
type, tags, conversation, and many more attributes.
Reference:
QUESTION 5
Insider risk management supports exporting alert information to security information and event management
(SIEM) services via the ________________.
A. Data leaks by priority users

B. Audit log
C. Office 365 Management APIs integration
D. Advanced eDiscovery
Answer: C
Section: (none)
Explanation:
Insider risk management supports exporting alert information to security information and event management
(SIEM) services via the Office 365 Management APIs.
Reference:
QUESTION 6
Which of the following is not a feature of Advanced eDiscovery?
Select two
A. Escalating a case for investigation allows you to transfer data and management of the case
B. It allows legal teams to manage the entire legal hold notification workflow
C. Exporting alert information to security information and event management (SIEM) services
D. Provides an end-to-end workflow to preserve, collect, review, analyze, and export content
Answer: AC
Section: (none)
Explanation:
Reference:
QUESTION 7
Which of the following should be configured to receive alerts for suspicious activities associated with data theft
by departing users?
A. Data leaks by disgruntled users

B. Security policy violations by priority users
C. General security policy violations
D. Microsoft 365 HR connector
Answer: D
Section: (none)
Explanation:
When users leave an organization, either voluntarily or as the result of termination, there is often legitimate
concerns that company, customer, and user data are at risk. Users may innocently assume that project data
isn't proprietary, or they may be tempted to take company data for personal gain and in violation of company
policy and legal standards. Insider risk management policies that use the Data theft by departing users policy
template automatically detect activities typically associated with this type of theft. With this policy, you'll
automatically receive alerts for suspicious activities associated with data theft by departing users so you can
take appropriate investigative actions. Configuring a Microsoft 365 HR connector for your organization is
required for this policy template.
Reference:
QUESTION 8
Which of the following insider risk management security policy violation templates scores security risk
indicators and uses Microsoft Defender for Endpoint alerts to provide insights for security-related activities?
Select two
A. General security policy violations

B. Data leaks by disgruntled users
C. Security policy violations by priority users
Answer: AC
Section: (none)
Explanation:
Users typically have a large degree of control when managing their devices in the modern workplace. This
control may include permissions to install or uninstall applications needed in the performance of their duties or
the ability to temporarily disable device security features. Whether this activity is inadvertent, accidental, or
malicious, this conduct can pose risk to your organization and is important to identify and act to minimize. To
help identity these risky security activities, the following insider risk management security policy violation
templates scores security risk indicators and uses Microsoft Defender for Endpoint alerts to provide insights for
security-related activities:
General security policy violations
Security policy violations by departing users
Security policy violations by priority users
Security policy violations by disgruntled users
Reference:
QUESTION 9
For closer inspection and more aggressive risk scoring to help surface alerts for investigation and quick action.
Which of the following insider risk management policy templates should be used?
Select two
A. General security policy violations

B. Security policy violations by priority users
C. Data leaks by disgruntled users
Answer: BC
Section: (none)
Explanation:
Users in your organization may have different levels of risk depending on their position, level of access to
sensitive information, or risk history. This structure may include members of your organization's executive
leadership team, IT administrators that have extensive data and network access privileges, or users with a past
history of risky activities. In these circumstances, closer inspection and more aggressive risk scoring are
important to help surface alerts for investigation and quick action. To help identify risky activities for these types
of users, you can create priority user groups and create policies from the following policy templates:
Security policy violations by priority users
Data leaks by priority user
Reference:
QUESTION 10
When we edit or delete content that's included in the retention policy, a copy of the content is automatically
retained in the __________________ for SharePoint and OneDrive sites.
A. Recoverable Hold Library

B. Recoverable Items folder
C. Preservation Hold library
D. SubstrateHolds
Answer: C
Section: (none)
Explanation:
When content has retention settings assigned to it, that content remains in its original location. People can
continue to work with their documents or mail as if nothing's changed. But if they edit or delete content that's
included in the retention policy, a copy of the content is automatically retained. For SharePoint and OneDrive
sites: The copy is retained in the Preservation Hold library.
Reference:
QUESTION 11
retained in the __________________ for Exchange mailboxes.
A. Recoverable Hold Library

B. Preservation Hold library
C. Recoverable Items folder
D. SubstrateHolds
Answer: C
Section: (none)
Explanation:
included in the retention policy, a copy of the content is automatically retained. For Exchange mailboxes: The
copy is retained in the Recoverable Items folder.
Reference:
QUESTION 12
retained in the __________________ for Teams and Yammer messages.
A. Preservation Hold library

B. Recoverable Items folder
C. SubstrateHolds
D. Recoverable Hold Library
Answer: C
Section: (none)
Explanation:
included in the retention policy, a copy of the content is automatically retained. For Teams and Yammer
messages: The copy is retained in a hidden folder named SubstrateHolds as a subfolder in the Exchange
Recoverable Items folder.
Reference:
QUESTION 13
Which of the following statement does not hold true with reference to retention labels and policies applied in the
diagram?
A. A retention label is manually applied when conditions specified in the policy are met.
B. The same location can be included in multiple retention label policies.
C. Create one or more auto-apply retention label policies, each with a single retention label.
D. A single retention label can be included in multiple retention label policies.
Answer: A
Section: (none)
Explanation:
Reference:
QUESTION 14
In case the retention label is published to admins and end users then the label policy can be applied to
____________.
A. Exchange, SharePoint, OneDrive, Microsoft 365 Groups

B. Exchange (all mailboxes only), SharePoint, OneDrive
C. Exchange, and Microsoft 365 Groups
Answer: A
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide
QUESTION 15
Which of the given Azure Active Directory services will be meet the minimum requirement to use Azure AD
Cloud App Discovery to address issues related to shadow IT?
A. Azure Active Directory Premium P2

B. Azure AD Free Account
C. Azure Active Directory Premium P1
D. Microsoft 365 Apps
Answer: C
Section: (none)
Explanation:
Azure Active Directory Premium P1 includes Azure Active Directory Cloud App Discovery which contains a
subset of the Microsoft Cloud App Security (MCAS) discovery features.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-threat-protection-with-microsoft-365-defender/6-
describe-microsoft-cloud-app-security#enhanced-cloud-app-discovery-in-azure-active-directory
QUESTION 16
Which of the following Azure services is used to monitors Azure resources to ensure compliance with the
organization’s regulatory requirements?
A. Azure Firewall
B. Azure Policy
C. Azure Blueprint
D. Azure RBAC
Answer: B
Section: (none)
Explanation:
Azure Policy continuously monitors Azure resources to ensure compliance. The standard evaluation cycle is
every 24 hours.
Reference:
QUESTION 17
Which of the given Azure services allows access to the VMs remotely from any machine with a Private IP
without exposing RDP/SSH ports to the outside world?
A. ARM templates
B. Azure RDP/SSH connectivity
C. Attack Simulator in Office 365 ATP
D. Azure Bastion
Answer: D
Section: (none)
Explanation:
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the
Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your
virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from
the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP
address, agent, or special client software.
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is
provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside
world, while still providing secure access using RDP/SSH.
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
QUESTION 18
What is the purpose of RDP and SSH ?
A. To connect to your workloads running in Azure

B. To provide fully platform-managed PaaS service to provision inside your virtual network
C. To connect to a virtual machine using your browser and the Azure portal.
Answer: A
Section: (none)
Explanation:
Reference:
QUESTION 19
How is the Azure Bastion deployment conducted?
A. Per virtual machine
B. Per account
C. Per virtual network
D. Per subscription
Answer: C
Section: (none)
Explanation:
Azure Bastion deployment is per virtual network, not per subscription/account or virtual machine. Once you
provision an Azure Bastion service in your virtual network, the RDP/SSH experience is available to all your VMs
in the same virtual network.
Reference:
QUESTION 20
Alex is working in a organization. The organization uses RDP and SSH as the fundamental means to connect
to workloads running in Azure. He has been asked to take corrective action to ensure that the RDP/SSH ports
are not exposed over the Internet. What should Alex do in this case?
A. He should connect to a Azure Blueprint using your browser and the Azure portal.
B. He should deploy jump-servers at the public side of the perimeter network.
C. He should deploy Azure Firewall at the public side of the perimeter network.
D. He should connect to a virtual machine using your browser and the Azure portal.
Answer: C
Section: (none)
Explanation:
RDP and SSH are some of the fundamental means through which you can connect to your workloads running
in Azure. Exposing RDP/SSH ports over the Internet isn't desired and is seen as a significant threat surface.
This is often due to protocol vulnerabilities. To contain this threat surface, you can deploy bastion hosts (also
known as jump-servers) at the public side of your perimeter network. Bastion host servers are designed and
configured to withstand attacks. Bastion servers also provide RDP and SSH connectivity to the workloads
sitting behind the bastion, as well as further inside the network.
Reference:
QUESTION 21
Which of the following statement does not hold true with reference to the architecture of an Azure Bastion
deployment in the diagram?
A. Public IP is required on the Azure VM.Key features
B. The RDP/SSH session opens in the browser with a single-click
C. The user selects the virtual machine to connect to.
D. The Bastion host is deployed in the virtual network that contains the AzureBastionSubnet subnet that has a
minimum /27 prefix.
Answer: A
Section: (none)
Explanation:
Reference:
QUESTION 22
James wants to connect via Azure Bastion. Does he need a public IP on his virtual machine?
A. Yes, it is required
B. No, it is not required
Answer: B
Section: (none)
Explanation:
No. When you connect to a VM using Azure Bastion, you don't need a public IP on the Azure virtual machine
that you are connecting to. The Bastion service will open the RDP/SSH session/connection to your virtual
machine over the private IP of your virtual machine, within your virtual network.
Reference:
QUESTION 23
Which of the following is supported by Azure Bastion?
A. IPv6
B. IPv4
C. IPv2
Answer: B
Section: (none)
Explanation:
IPv6 is not supported. Azure Bastion supports IPv4 only.
Reference:
QUESTION 24
Mark is working in an organization. He has been asked to get RDP/SSH access to your virtual machine directly
in the browser. Which of the following options should he choose to meet the requirement?
A. Azure RBAC
B. Azure Templates
C. Azure Portal
D. RDP or SSH client
Answer: C
Section: (none)
Explanation:
Use the Azure portal to let you get RDP/SSH access to your virtual machine directly in the browser.
Reference:
QUESTION 25
Kevin was trying to deploy the Azure Bastion resources but was unsuccessful. What could be the reason for
this case?
A. He is using the Azure portal to get RDP/SSH access to your virtual machine directly in the browser.
B. The host virtual network was linked to a private DNS zone
C. He has connected to a virtual machine using your browser and the Azure portal.
D. All of these
Answer: B
Section: (none)
Explanation:
The use of Azure Bastion with Azure Private DNS Zones is not supported at this time. Before you deploy your
Azure Bastion resource, please make sure that the host virtual network is not linked to a private DNS zone.
Reference:
QUESTION 26
What is the limit of the number of sessions when Consultants and market researchers when they are assigned
tasks including database entry applications, building command-line interfaces, and static web pages?
A. 50
B. 20
C. 30
D. 40
Answer: A
Section: (none)
Explanation:
Reference:
QUESTION 27
Patrick has been asked to access to Windows Server VMs by Azure Bastion. He suggested to use RDS CAL
for administrative purposes on Azure-hosted VMs. Does the suggested solution meet the goal?
A. Yes, the solution meets the goal

B. No, the solution does not meet the goal
Answer: B
Section: (none)
Explanation:
No, access to Windows Server VMs by Azure Bastion does not require an RDS CAL when used solely for
administrative purposes.
Reference:
QUESTION 28
What could be the causes of failure of the Azure Bastion deployment?
A. The host virtual network is linked to a private DNS zone.

B. Customers may encounter a limit on the number of public IP addresses allowed per subscription
C. Azure subscription limits, quotas, and constraints
D. All of these
Answer: D
Section: (none)
Explanation:
Reference:
QUESTION 29
Which of the following guiding principles of Zero trust model focuses on using encryption to protect data, and
use analytics to get visibility, detect threats, and improve your security?
A. Network Security
B. Verify explicitly
C. Assume breach
D. Least privileged access
Answer: C
Section: (none)
Explanation:
The Zero Trust model has three principles which guide and underpin how security is implemented. These are:
1. Verify Explicitly. Always authenticate and authorize based on the available data points, including user
identity, location, device, service or workload, data classification, and anomalies.
2. Least Privileged Access. Limit user access with just-in-time and just-enough access (JIT/JEA), risk-based
adaptive policies, and data protection to protect both data and productivity.
3. Assume Breach. Segment access by network, user, devices, and application. Use encryption to protect
data, and use analytics to get visibility, detect threats, and improve your security.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/2-describe-zero-
trust-methodology
QUESTION 30
Which amongst the following is not the foundation pillars of Zero Trust model to enforce organization security
policies?
A. Identities
B. Applications
C. Security
D. Devices
E. Infrastructure
Answer: C
Section: (none)
Explanation:
In the Zero Trust model, all elements work together to provide end-to-end security. These six elements are the
foundational pillars of the Zero Trust model including identities, devices, application, data, infrastructure and
networks.
Reference:
QUESTION 31
Which of the given areas of responsibility are always retained by the customer?
1. Information and Data

2. Network Controls
3. Devices (Mobile and PCs)
4. Accounts and Identitie
5. Operating System
6. Applications
A. Only 1, 2 and 3
B. Only 2, 3 and 5
C. Only 1, 3 and 4
D. Only 2, 4 and 6
E. Only 3, 4 and 6
Answer: C
Section: (none)
Explanation:
The shared responsibility model identifies which security tasks are handled by the cloud provider, and which
security tasks are handled by you, the customer. The responsibilities vary depending on where the workload is
hosted.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/3-describe-shared-
responsibility-model
QUESTION 32
Which of the given areas of responsibility are transferred to cloud provider?
1. Physical hosts
2. Network Controls
3. Physical Network
4. Accounts and Identities
5. Operating System
6. Physical Datacenter
A. Only 1, 2 and 3
B. Only 2, 3 and 5
C. Only 1, 3 and 6
D. Only 2, 4 and 6
E. Only 3, 4 and 6
Answer: C
Section: (none)
Explanation:
The shared responsibility model makes responsibilities clear. When organizations move data to the cloud,
some responsibilities transfer to the cloud provider and some to the customer organization.
Reference:
QUESTION 33
Which of the following is a feature of Platform as a Service (PaaS)? (Choose ay 2)
Select two
A. It helps to create an application quickly without managing the underlying infrastructure.

B. It is responsible for managing everything except data, devices, accounts, and identities.
C. It provides an environment for building, testing, and deploying software applications
D. It has responsibility for software components such as operating systems, network controls, applications, and
protecting data.
Answer: AC
Section: (none)
Explanation:
Platform as a Service (PaaS) - PaaS provides an environment for building, testing, and deploying software
applications. The goal of PaaS is to help you create an application quickly without managing the underlying
infrastructure. With PaaS, the cloud provider manages the hardware and operating systems, and the customer
is responsible for applications and data.
Reference:
QUESTION 34
Defense in depth uses a layered approach to security, rather than relying on a single perimeter. What does the
Network security indicates in this case?
A. It controls access to business and customer data, and encryption to protect data.
B. It ensures that applications are secure and free of security vulnerabilities.
C. It is used to limit communication between resources using segmentation and access controls.
D. It is used for controlling access to infrastructure and change control.
E. It is used for limiting access to a datacenter to only authorized personnel.
Answer: C
Section: (none)
Explanation:
Network security can limit communication between resources using segmentation and access controls.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/4-describe-defense-
depth
QUESTION 35
What is the purpose of Perimeter security in defense in depth approach?
A. It controls access to business and customer data, and encryption to protect data.
B. It is used for controlling access to infrastructure and change control.
C. It is used to limit communication between resources using segmentation and access controls.
D. It is uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a
denial of service for users.
Answer: D
Section: (none)
Explanation:
Perimeter security including distributed denial of service (DDoS) protection to filter large-scale attacks before
they can cause a denial of service for users.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/4-describe-defense-
depth
QUESTION 36
Phishing, spear phishing, tech support scams, SQL injection, and malware designed to steal passwords or
bank details is an example of which type of common security threats?
A. Dictionary attack
B. Disruptive attacks
C. Data Breach
D. Ransomware
E. All of these
Answer: C
Section: (none)
Explanation:
Common security threats that can result in a breach of personal data include phishing, spear phishing, tech
support scams, SQL injection, and malware designed to steal passwords or bank details.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/5-describe-
common-threats
QUESTION 37
Which of the following type of security attack is also known as brute force attacks?
A. Ransomware
B. Data Breach
C. Disruptive attacks
D. Dictionary attack
Answer: D
Section: (none)
Explanation:
A dictionary attack is a type of identity attack where a hacker attempts to steal an identity by trying a large
number of known passwords. Each password is automatically tested against a known username. Dictionary
attacks are also known as brute force attacks.
Reference:
common-threats
QUESTION 38
Which of the following attempts to exhaust an application's resources, making the application unavailable to
legitimate users?
A. Dictionary attack
B. Data Breach
C. Disruptive attacks
D. Ransomware
Answer: C
Section: (none)
Explanation:
A Distributed Denial of Service (DDoS) attack attempts to exhaust an application's resources, making the
application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly
reachable through the internet.
Reference:
common-threats
QUESTION 39
______________ is used for things like Transport Layer Security (TLS), such as the HTTPS protocol, and data
signing.
A. All of these
B. Non-symmetric encryption
C. Symmetric encryption
D. Asymmetric encryption
Answer: D
Section: (none)
Explanation:
Asymmetric encryption is used for things like Transport Layer Security (TLS), such as the HTTPS protocol, and
data signing. Encryption may protect data at rest, or in transit.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/6-describe-ways-
encryption-hashing-signing-secure-data
QUESTION 40
Which of the given encryption uses public and private key pair to decrypt?
A. All of these
B. Non-symmetric encryption
C. Symmetric encryption
D. Asymmetric encryption
Answer: D
Section: (none)
Explanation:
Asymmetric encryption uses a public key and private key pair. Either key can encrypt data, but a single key
can’t be used to decrypt encrypted data. To decrypt, you need a paired key.
Reference:
QUESTION 41
Which of the following encryption of data ensures data is unreadable without the keys and secrets needed to
decrypt it?
A. Signing
B. Encryption in transit
C. Encryption at rest
D. Hashing
Answer: C
Section: (none)
Explanation:
here are two top-level types of encryption: symmetric and asymmetric. Symmetric encryption uses the same
key to encrypt and decrypt the data. Asymmetric encryption uses a public key and private key pair. Either key
can encrypt data, but a single key can’t be used to decrypt encrypted data. To decrypt, you need a paired key.
Asymmetric encryption is used for things like Transport Layer Security (TLS), such as the HTTPS protocol, and
data signing. Encryption may protect data at rest, or in transit. Refer: https://docs.microsoft.com/en-us/learn/
modules/describe-security-concepts-methodologies/6-describe-ways-encryption-hashing-signing-secure-data.
Reference:
QUESTION 42
HTTPS is an example of _________________.
A. Signing
B. Encryption at rest
C. Encryption in transit
D. Hashing
Answer: C
Section: (none)
Explanation:
Encryption in transit - Data in transit is the data moving from one location to another, such as across the
internet or through a private network. Secure transfer can be handled by several different layers. It could be
done by encrypting the data at the application layer before sending it over a network. HTTPS is an example of
encryption in transit. Refer: https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-
methodologies/6-describe-ways-encryption-hashing-signing-secure-data.
Reference:
QUESTION 43
In order to mitigate risk, passwords are often “salted”. What do you understand by the term salted?
A. It refers to data moving from one location to another, such as across the internet or through a private
network.
B. It ensures the data is unreadable without the keys and secrets needed to decrypt it.
C. It verifies that a message has been sent by the sender, and that the contents haven't been tampered.
D. It refers to adding a fixed-length random value to the input of hash functions to create unique hashes for
every input.
Answer: D
Section: (none)
Explanation:
For every matched hash, they know the actual password. To mitigate this risk, passwords are often “salted”.
This refers to adding a fixed-length random value to the input of hash functions to create unique hashes for
every input. As hackers can't know the salt value, the hashed passwords are more secure.
Reference:
QUESTION 44
Arrange the following steps in order in creating a digital signature from a message.
2. Create a hash value from the message

1. The hash value is signed, using the signer's private key
3. The message is hashed again thereafter, at the receiving end
5. The message is verified against the digital signature
4. The message is then decrypted using the public key.
A. 4-5-2-1-3
B. 2 - 3 - 4 -5 -1
C. 2 - 1 -3 -5 - 4
D. 1-2-3-4-5
Answer: C
Section: (none)
Explanation:
Reference:
QUESTION 45
A company has deployed Microsoft 365 applications for all its employees. Who is liable for the security of
personal data of these employees?
A. It will be shared responsibility between an organization and Microsoft.

B. Microsoft, as the SaaS provider will be responsible
C. The company will be responsible
D. All of these
Answer: C
Section: (none)
Explanation:
In the shared responsibility model, the customer organization always has responsibility for their data, including
personal data relating to employees.
Reference:
QUESTION 46
On account of the defense in-depth security methodology, which of the given measures will an organization
implement?
A. By ensuring there's no segmentation of your corporate network.

B. By Multi-factor authentication for all users.
C. By locating all its servers in a single physical location.
D. None of these
Answer: B
Section: (none)
Explanation:
Reference:
QUESTION 47
The human resources department of the organization want to make sure that the stored employee data of the
its employed is encrypted. Which of the given security mechanism should be used to meet the requirement?
A. All of these
B. Digital signing
C. Encryption at rest
D. Encryption in transit
Answer: C
Section: (none)
Explanation:
Digital signing is a mechanism to show that a message has come from the correct sender, and has not been
tampered with, making it an inappropriate method to protect the stored data.
Reference:
QUESTION 48
Which of the following types of attack attempts to match a username against a list of weak passwords?
A. Spear Phishing
B. Phishing attack
C. Password spray attack
D. Brute force attack
Answer: C
Section: (none)
Explanation:
A password spray attack attempts to match a username against a list of weak passwords.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-identity-principles-concepts/2-describe-common-
identity-attacks
QUESTION 49
Which of the following types of attack try many passwords against one or more accounts, by using dictionaries
of commonly used passwords?
A. Phishing attack
B. Password spray attack
C. Brute force attack
D. Spear Phishing
Answer: C
Section: (none)
Explanation:
Brute force attacks try many passwords against one or more accounts, sometimes using dictionaries of
commonly used passwords. When a user has assigned a weak password to their account, the hacker will find a
match, and access that account.
Reference:
identity-attacks
QUESTION 50
Which of the following types of attack uses a formal email to sign in and change their password?
A. Spear Phishing
B. Password spray attack
C. Phishing attack
D. Brute force attack
Answer: C
Section: (none)
Explanation:
A phishing attack is when a hacker sends an email that appears to come from a reputable source. The email
contains a credible story, such as a security breach, instructing the user to sign in and change their password.
Instead of going to a legitimate website, the user is directed to the scammer’s website where they enter their
username and password. The hacker has now captured the user’s identity, and their password.
Reference:
identity-attacks
Exam B
QUESTION 1
In terms of network control match the following statement with the appropriate solution.
1. The customer shares responsibility with a service provider to deploy, manage, secure, and configure the
networking solutions to be implemented.
2. Network controls are managed and secured for customers as part of a software as a core offering, because
the network infrastructure is abstracted from them.
3. The virtual machines are placed on an Azure Virtual Network, which allows customers to configure network
level services.
A. 1- SaaS, 2 - PaaS, 3- IaaS

B. None of these
C. 1 - PaaS, 2 - IaaS, 3 - SaaS
D. 1 - IaaS, 2 - SaaS, 3 - PaaS
Answer: D
Section: (none)
Explanation:
Network control includes the configuration, management, and securing of network elements such as virtual
networking, load balancing, DNS, and gateways. The controls provide a means for services to communicate
and interoperate.
In SaaS solutions, network controls are managed and secured for customers as part of a software as a core
offering, because the network infrastructure is abstracted from them.
As in SaaS solutions, most networking control configuration in a PaaS solution is done by the service provider.
With Microsoft Azure, hybrid solutions are the exception because virtual machines are placed on an Azure
Virtual Network, which allows customers to configure network
level services.
In an IaaS solution, the customer shares responsibility with a service provider to deploy, manage, secure, and
configure the networking solutions to be implemented.
Reference:
https://azure.microsoft.com/mediahandler/files/resourcefiles/shared-responsibility-for-cloud-computing/Shared
%20Responsibility%20for%20Cloud%20Computing-2019-10-25.pdf
QUESTION 2
Cloud Solution Providers have building security processes and policies that ensures the infrastructure is
protected from unauthorized physical access, and that power is maintained in a highly available method. What
will happen if disaster strikes?
A. The services will be removed

B. The services should fail over to a new physical location providing continued service.
C. The services will fail over till the problem is identified.
Answer: B
Section: (none)
Explanation:
CSPs have building security processes and policies that help ensure the infrastructure is protected from
unauthorized physical access, that power is maintained in a highly available method, and that if disaster strikes,
the service or services should fail over to a new physical location providing continued service.
Reference:
QUESTION 3
_______________ are used to encrypt a symmetric session key, digitally sign a message, or decrypt a
message encrypted with the corresponding _____________.
A. Public Key; Private Key

B. Private Key; Private Key
C. Private key; Public Key
D. Public Key; Public Key
Answer: C
Section: (none)
Explanation:
Private key is the secret half of a key pair used in a public key algorithm. Private keys are typically used to
encrypt a symmetric session key, digitally sign a message, or decrypt a message that has been encrypted with
the corresponding public key.
Reference:
https://docs.microsoft.com/en-us/windows/win32/secgloss/p-gly
QUESTION 4
The most common hash value lengths are either ___________ or ____________ bits
A. 125; 150
B. 135; 160
C. 128; 160
D. 118; 140
Answer: C
Section: (none)
Explanation:
The most common hash value lengths are either 128 or 160 bits.
Reference:
https://docs.microsoft.com/en-us/windows/win32/seccrypto/digital-signatures
QUESTION 5
Identify the action associated with each of the given options
1. Privacy incident response

2. Regulatory compliance audits
3. Separation of duties
A. Preventive; Detective; Corrective

B. Preventive; Corrective; Detective
C. Corrective; Detective; Preventive
D. Detective; Preventive; Corrective
Answer: C
Section: (none)
Explanation:
1. Privacy incident response is a corrective action to limit damage and restore systems to an operational state
after a breach.
2. Regulatory compliance audits are a type of detective action used to find process issues.
3. Separation of duties is a preventative action to manage conflict of interest and guard against fraud.
Reference:
QUESTION 6
Sam is working in an organization as an Security administrator. He observed an attack trying to take low-level
access for gaining a foothold in an organization. Which type of attack is this?
A. Data Breach
B. Keystroke logging
C. Ransomware
D. Password Spray attack
E. Spear Phishing
Answer: D
Section: (none)
Explanation:
When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a
single, high-value target—someone in the C-suite for example and do “spear phishing.” Or if they just need low-
level access to gain a foothold in an organization or do reconnaissance, they target a huge volume of people
and spend less time on each one which is called “password spray.”
Reference:
https://www.microsoft.com/security/blog/2020/04/23/protecting-organization-password-spray-attacks/
QUESTION 7
Which type of attack is represented in the following diagram?
A. Data Breach
B. Ransomware
C. Password attack
D. Keystroke logging
E. Spear Phishing
Answer:
Section: (none)
Explanation:
Reference:
QUESTION 8
Which of the given Azure services allows you to run realistic, but simulated phishing and password attack
campaigns in your organization?
A. Azure RBAC
B. ARM templates
C. Attack Simulator in Office 365 ATP
D. Azure AD Password Protection
Answer: C
Section: (none)
Explanation:
Attack Simulator in Office 365 ATP lets you run realistic, but simulated phishing and password attack
campaigns in your organization. Pick a password and then run the campaign against as many users as you
want. The results will let you know how many people are using that password. Use the data to train users and
build your custom list of banned passwords.
Reference:
QUESTION 9
Which of the following deployments support destructive PIN reset that works with both the certificate trust and
the key trust models?
A. None of these
B. Cloud Deployment
C. Hybrid Deployment
D. On-premises Deployment
Answer: D
Section: (none)
Explanation:
On-premises deployments support destructive PIN reset that works with both the certificate trust and the key
trust models.
Requirements:
Reset from settings - Windows 10, version 1703, Professional
Reset above lock screen - Windows 10, version 1709, Professional
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-
verification
QUESTION 10
One of the user in your organization signs into Windows using biometric or PIN gesture. The gesture unlocks
the Windows Hello for Business private key. Where is the private key sent in this case?
A. To the user
B. To the administrator
C. To the Cloud AP provider
Answer: C
Section: (none)
Explanation:
A user signs into Windows using biometric or PIN gesture. The gesture unlocks the Windows Hello for
Business private key and is sent to the Cloud Authentication security support provider, referred to as the Cloud
AP provider. The Cloud AP provider requests a nonce (a random arbitrary number that can be used just once)
from Azure AD
Reference:
QUESTION 11
Arrange the following steps in proper sequence to enable passwordless sign using the Authenticator App.
1. The user completes the challenge by entering their biometric or PIN to unlock private key.
2. Azure AD performs public/private key validation and returns a token.
3. The user enters their username.
4. A notification is sent to the app via Apple Push Notification Service (APNS) on iOS devices, or via Firebase
Cloud Messaging (FCM) on Android devices.
5. Azure AD detects that the user has a strong credential and starts the Strong Credential flow.
6. The user receives the push notification and opens the app.
7. The nonce is signed with the private key and sent back to Azure AD.
8. The app calls Azure AD and receives a proof-of-presence challenge and nonce.
A. 4-3-1-7-6-5-8-2
B. 3-4-5-6-7-8-1-2
C. 3-5-4-6-8-1-7-2
D. 5-4-7-1-3-8-2-6
Answer: C
Section: (none)
Explanation:
The user enters their username.
Azure AD detects that the user has a strong credential and starts the Strong Credential flow.
A notification is sent to the app via Apple Push Notification Service (APNS) on iOS devices, or via Firebase
Cloud Messaging (FCM) on Android devices.
The user receives the push notification and opens the app.
The app calls Azure AD and receives a proof-of-presence challenge and nonce.
The user completes the challenge by entering their biometric or PIN to unlock private key.
The nonce is signed with the private key and sent back to Azure AD.
Azure AD performs public/private key validation and returns a token.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless
QUESTION 12
Which of the following is amongst the best option for enterprises who are very security sensitive or have
scenarios or employees who are not willing or able to use their phone as a second factor?
A. Microsoft Authenticator App

B. FIDO2 Security keys
C. Windows Hello for Business
Answer: B
Section: (none)
Explanation:
FIDO2 security keys can be used to sign in to their Azure AD or hybrid Azure AD joined Windows 10 devices
and get single-sign on to their cloud and on-premises resources. Users can also sign in to supported browsers.
FIDO2 security keys are a great option for enterprises who are very security sensitive or have scenarios or
employees who aren't willing or able to use their phone as a second factor.
Reference:
QUESTION 13
Samantha works in an organization. She has been asked to use a features/extensions from the FIDO2 CTA to
ensures the use of the same security key across multiple services like Microsoft Account and Azure Active
Directory. Which of the following feature should Samantha use in this case?
A. Client pin
B. Resident key
C. Multiple accounts per RP
D. hmac-secret
Answer: C
Section: (none)
Explanation:
Multiple accounts per RP - This feature ensures you can use the same security key across multiple services
like Microsoft Account and Azure Active Directory.
Reference:
QUESTION 14
You have noticed user activity that is unusual for the given user or is consistent with known attack patterns
based on Microsoft's internal and external threat intelligence sources.
Which type of attack is this?
A. Malware linked IP address

B. Atypical travel
C. Azure AD Threat Intelligence
D. Leaked credentials
Answer: C
Section: (none)
Explanation:
This risk detection type indicates user activity that is unusual for the given user or is consistent with known
attack patterns based on Microsoft's internal and external threat intelligence sources.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks
QUESTION 15
The Microsoft identity platform uses the OpenID Connect protocol for handling ________________
A. Authorization
B. SAML
C. Authentication
D. Microsoft identity platform
Answer: C
Section: (none)
Explanation:
Authentication is the process of proving that you are who you say you are. It's sometimes shortened to AuthN.
The Microsoft identity platform uses the OpenID Connect protocol for handling authentication.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization
QUESTION 16
Which of the following are features of Azure Active Directory?
1. It provides a special class of identity to support external identities.

2. Administrators make users members of groups. App and resource owners then give groups access to apps
or resources.
3. provides built-in roles with its Azure AD role-based access control (Azure AD RBAC) system, with limited
support for creating custom roles to delegate privileged access to the identity system, the apps, and resources
it controls.
4. It does not support SaaS apps natively and requires federation system, such as AD FS.
5. It uses intelligent password protection for cloud and on-premises
A. Only 2, 3 and 4
B. Only 3 and 4
C. Only 1, 3 and 5
D. Only 1 and 2
Answer: C
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad
QUESTION 17
Which of the following features are not included in the pricing plan for office 365 apps?
1. Password Protection (global banned password)

2. Multi-Factor Authentication
3. Microsoft Cloud App Discovery
4. Group access management
5. Risk based Conditional Access policies
A. Only 4 and 5
B. Only 1, 2 and 5
C. Only 3, 4 and 5
D. Only 2, 3 and 4
Answer: C
Section: (none)
Explanation:
Reference:
https://azure.microsoft.com/en-us/pricing/details/active-directory/
QUESTION 18
State whether the following statement holds True/False <br>The probability that a given authentication request
isn't authorized by the identity owner is referred to as User risk
A. The statement is correct

B. The statement is not correct
Answer: B
Section: (none)
Explanation:
There are two types of risk: user risk and sign-in risk. User risk represents the probability that a given identity or
account is compromised. Sign-in risk represents the probability that a given authentication request isn't
authorized by the identity owner.
Reference:
identity-attacks
QUESTION 19
Peter is working as a Security operator in an organization. Which amongst the following permissions are not
granted to him as a security operator?
1. Reset password for a user

2. Dismiss user risk, confirm safe sign-in, confirm compromise
3. View all Identity Protection reports and Overview blade
4. Configure or change policies
5. Configure alerts
A. Only 1, 2 and 3
B. Only 3, 4 and 5
C. Only 1, 4 and 5
D. Only 2, 3 and 4
Answer: C
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
QUESTION 20
What license is required to use Privileged Identity Management?
A. Azure AD Premium P2
B. Azure AD Premium P1
C. Microsoft 365 App
D. Enterprise Mobility + Security (EMS) E5
Answer: AD
Section: (none)
Explanation:
To use Privileged Identity Management, you must have one of the following licenses:
Azure AD Premium P2
Enterprise Mobility + Security (EMS) E5
Reference:
QUESTION 21
Jane is working in an organization. She has been asked to enable Premium P2 features for external users.
Does she require to have an Azure AD Premium P2 license to enable Premium P2 features for my external
users?
A. Yes, it is required
B. No, it is not required
Answer: B
Section: (none)
Explanation:
No, you are not required to purchase Premium P2 licenses for employees in order to provide External Identities
at Premium P2 to external users. You may need to purchase at least one Azure AD Premium P2 license for
your admin to enable and manage Premium P2 features.
Reference:
QUESTION 22
Which amongst the following is not a feature of External user collaboration (B2B)?
1. External users are managed in the Azure AD B2C directory.

2. SSO to all Azure AD-connected apps is supported.
3. Managed by the host/inviting organization
4. Fully customizable branding per application or organization.
A. Only 2 and 3
B. Only 3 and 4
C. Only 1 and 4
D. Only 1 and 2
E. Only 1 and 3
Answer: C
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/compare-with-b2c
QUESTION 23
How will you locate failed sign-in attempts in the Active Directory sign-in activity report?
A. Sign-in error code of 10053

B. Sign-in error code of 60063
C. Sign-in error code of 50053
D. Sign-in error code of 60000
Answer: C
Section: (none)
Explanation:
To obtain information about locked-out accounts, you can check the Active Directory sign-in activity report.
Under Status, select Failure. Failed sign-in attempts with a Sign-in error code of 50053 indicate a locked
account.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management
QUESTION 24
Which of the following Azure service defends against SYN flood attacks using a SYN cookie?
A. Azure AD Password Protection

B. ARM templates
C. Azure RBAC
D. Azure AD B2C
Answer: D
Section: (none)
Explanation:
Reference:
QUESTION 25
Edward is working in an organization. He has been asked to enable organizations to manage identity and
access lifecycle at scale, by automating access request workflows, access assignments, reviews, and
expiration.
Which of the following features should Edward use this case?
A. Azure AD Threat Intelligence

B. Azure AD B2C
C. Azure AD Entitlement Management
D. Azure AD Password Protection
Answer: C
Section: (none)
Explanation:
Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables
organizations to manage identity and access lifecycle at scale, by automating access request workflows,
access assignments, reviews, and expiration.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
QUESTION 26
Under which of the following scenarios should you use entitlement management?
A. When users may hold on to access longer than is required for business purposes
B. When users may not know what access they should have
C. When users may have difficulty locating the right individuals to approve their access
D. All of these
Answer: D
Section: (none)
Explanation:
Reference:
QUESTION 27
Your organization is facing in-house file sharing issues with no solution to monitor users, and the system was
limited to 120 domains, which significantly inhibited the organization’s scalability.
Which of the following Azure services would you recommend in this case?
A. Azure AD Threat Intelligence

B. Azure AD Password Protection
C. Azure AD Identity Governance
D. Azure AD Entitlement Management
Answer: C
Section: (none)
Explanation:
Reference:
QUESTION 28
Entitlement management introduces to Azure AD the concept of an access package.
When should the company use access packages?
Select all that apply
A. When two or more organizations are collaborating on a project, requiring multiple users to access resources
B. When employees need unlimited access for a particular task.
C. When access requires the approval of an employee's manager or other designated individuals.
D. When departments wish to manage their own access policies for their resources without IT involvement.
Answer: BCD
Section: (none)
Explanation:
Reference:
QUESTION 29
Which of the following licensing model is needed for Guest users who request an access package, or approve
requests for an access package?
A. None of these
B. Microsoft 365 App
C. Azure AD Premium P2
D. Azure AD Premium P1
Answer: C
Section: (none)
Explanation:
Reference:
QUESTION 30
A Global Administrator creates initial catalogs and delegates administrative tasks to 6 other users. One of the
policies specifies that All employees of the organization (2,000 employees) can request a specific set of access
packages.
Another policy specifies that some users from Users from partner Contoso (guests) can request the same
access packages subject to approval. Contoso has 30,000 users. 150 employees request the access packages
and 10,500 users from Contoso request access.
How many licenses are required to be issued in this case?
A. 2500
B. 2000
C. 1500
D. 3000
Answer: A
Section: (none)
Explanation:
2,000 employees + 500 guest users from Contoso that exceed the 1:5 ratio (10,500 - (2,000 * 5)
Reference:
QUESTION 31
Which amongst the following are the preconfigured security settings to implement security defaults?
A. All of these
B. Blocking legacy authentication protocols.
C. Requiring users to perform multi-factor authentication when necessary.
D. Protecting privileged activities like access to the Azure portal.
Answer: A
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
QUESTION 32
Which of the following organizations should not use security defaults?
A. An organization having complex security requirements.

B. An organization currently using Conditional Access policies to bring signals together, to make decisions,
and enforce organizational policies.
C. An organization with Azure Active Directory Premium licenses.
D. An organization utilizing the free tier of Azure Active Directory licensing.
E. An organization that wants to increase security posture.
Answer: DE
Section: (none)
Explanation:
Reference:
QUESTION 33
Users are required to register for Azure AD Multi-Factor Authentication by using the Microsoft Authenticator app
in _____________.
A. 25 days
B. 32 days
C. 14 days
D. 28 days
Answer: C
Section: (none)
Explanation:
All users in your tenant must register for multi-factor authentication (MFA) in the form of the Azure AD Multi-
Factor Authentication. Users have 14 days to register for Azure AD Multi-Factor Authentication by using the
Microsoft Authenticator app. After the 14 days have passed, the user won't be able to sign in until registration is
completed. A user's 14-day period begins after their first successful interactive sign-in after enabling security
defaults.
Reference:
QUESTION 34
What should be the status of the users who are using security defaults or Conditional Access based Azure AD
Multi-Factor Authentication?
A. Enforced
B. Disabled
C. Enabled
Answer: B
Section: (none)
Explanation:
If your organization is a previous user of per-user based Azure AD Multi-Factor Authentication, do not be
alarmed to not see users in an Enabled or Enforced status if you look at the Multi-Factor Auth status page.
Disabled is the appropriate status for users who are using security defaults or Conditional Access based Azure
AD Multi-Factor Authentication.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
QUESTION 35
A resource group is read only and tags on the resource group can't be modified. Not Locked resources can be
added, moved, changed, or deleted from this resource group. What will be the locking mode and state of
resource group?
A. State - Cannot Edit / Delete and Lock Mode - Don't lock

B. State - Cannot Edit / Delete and Lock Mode - Do not delete
C. State - Not Locked and Lock Mode - Read Only
D. State - Cannot Edit / Delete and Lock Mode - Read Only
Answer: D
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
QUESTION 36
Which of the following options would you use to remove locking states?
A. Delete the blueprint assignment

B. Hide the blueprint assignment
C. Update the blueprint assignment to a locking mode of Read Only
D. Updating the blueprint assignment to a locking mode of Don't Lock
Answer: AD
Section: (none)
Explanation:
If it becomes necessary to modify or delete a resource protected by an assignment, there are two ways to do
so.
Updating the blueprint assignment to a locking mode of Don't Lock
Delete the blueprint assignment
When the assignment is removed, the locks created by Azure Blueprints are removed. However, the resource
is left behind and would need to be deleted through normal means.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
QUESTION 37
Which of the following fundamental pillars of identity should an organizations consider when performing in-
depth reporting, alerts, and governance of identities?
A. Administration
B. AuthZ
C. Auditing
D. AuthN
Answer: C
Section: (none)
Explanation:
The auditing pillar is about tracking who does what, when, where, and how. Auditing includes having in-depth
reporting, alerts, and governance of identities.
Reference:
QUESTION 38
Under Solution catalog ______________________ is used to show how your organization can identify,
analyze, and act on internal risks before they cause harm.
A. Discovery & respond section

B. Information protection & governance Section
C. Insider risk management Section
Answer: C
Section: (none)
Explanation:
Reference:
QUESTION 39
______________ is a requirement of a regulation, standard, or policy.
A. Assessment
B. Templates
C. Controls
D. Improvement actions
Answer: C
Section: (none)
Explanation:
A control is a requirement of a regulation, standard, or policy. It defines how to assess and manage system
configuration, organizational process, and people responsible for meeting a specific requirement of a
regulation, standard, or policy.
Reference:
QUESTION 40
_______________ is a grouping of controls from a specific regulation, standard, or policy.
A. Templates
B. Assessment
C. Controls
Answer: B
Section: (none)
Explanation:
An assessment is a grouping of controls from a specific regulation, standard, or policy. Completing the actions
within an assessment helps to meet the requirements of a standard, regulation, or law.
Reference:
QUESTION 41
_____________ provides secure and seamless RDP/SSH connectivity to your virtual machines directly from
the Azure portal using Transport Layer Security (TLS).
A. Azure Virtual Machine

B. Azure Active Directory (AD)
C. Azure Firewall
D. Azure Bastion
Answer: D
Section: (none)
Explanation:
Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the
Azure portal using Transport Layer Security (TLS). When you connect via Azure Bastion, your virtual machines
don't need a public IP address, agent, or special client software.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/5-describe-what-
azure-bastion
QUESTION 42
Which of the following fundamental pillars of identity should an organizations consider to determine the level of
access an authenticated person or service has within the application or service?
A. Auditing
B. AuthZ
C. AuthN
D. AuthN
Answer: B
Section: (none)
Explanation:
The authorization pillar is about processing the incoming identity data to determine the level of access an
authenticated person or service has within the application or service that it wants to access. Authorization is
sometimes shortened to AuthZ.
Reference:
QUESTION 43
Which of the following is NOT a role of central identity provider?
A. Identify suspicious activities

B. Reduce malicious attacks
C. Storing the information used to authenticate the user with the server.
D. Establish authentication and authorization policies
E. Monitoring user behavior
Answer: C
Section: (none)
Explanation:
With modern authentication, all services, including all authentication services, are supplied by a central identity
provider. Information that's used to authenticate the user with the server is stored and managed centrally by the
identity provider.
With a central identity provider, organizations can establish authentication and authorization policies, monitor
user behavior, identify suspicious activities, and reduce malicious attacks.
Reference:
QUESTION 44
Arrange the following steps in order used in modern authentication used by the clients to communicates with
the identity provider?
1. The centralized identity provider supplies the authentication service.

2. The user or application accesses the required resources on the server by using the security token.
3. The identity provider issues a security token that the client sends to the server.
4. The server validates the security token through its trust relationship with the identity provider.
A. 3-1-2-4
B. 1-2-3-4
C. 4-3-2-1
D. 3-4-2-1
E. 1-3-2-4
Answer: D
Section: (none)
Explanation:
Reference:
QUESTION 45
All audit records generated in other services that aren't covered by the default audit log retention policy are
retained for __________________.
A. 120 days
B. 60 days
C. 90 days
D. 30 days
Answer: C
Section: (none)
Explanation:
All audit records generated in other services that aren't covered by the default audit log retention policy
(described in the previous section) are retained for 90 days. But you can create customized audit log retention
policies to retain other audit records for longer periods of time up to 10 years.
Reference:
QUESTION 46
What is the longest duration for which audit log retention policies retain other audit records?
A. 12 years
B. 10 years
C. 7 years
D. 15 years
Answer: B
Section: (none)
Explanation:
All audit records generated in other services that aren't covered by the default audit log retention policy
(described in the previous section) are retained for 90 days. But you can create customized audit log retention
policies to retain other audit records for longer periods of time up to 10 years.
Reference:
QUESTION 47
Kevin is working in an organization. He has been asked to access Core eDiscovery in the Microsoft 365
compliance center or the Office 365 Security & Compliance Center and use the hold and export features.
Which of the following subscription is required by the organization?
A. Office 365 E1 license with an Exchange Online Plan 2

B. Office 365 E1 license with an SharePoint Online Plan 2
C. Microsoft 365 E3 or Office 365 E3
Answer: C
Section: (none)
Explanation:
Organization subscription: To access Core eDiscovery in the Microsoft 365 compliance center or the Office 365
Security & Compliance Center and use the hold and export features, your organization must have a Microsoft
365 E3 or Office 365 E3 subscription or higher.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide
QUESTION 48
Which of the following is not one of the roles of an eDiscovery Manager?
A. Access and export case data for any case in the organization.
B. Manage any case in the organization after they add themselves as a member of the case.
C. View all cases that are listed on the Core eDiscovery page.
D. Can view and manage the Core eDiscovery cases they create or are a member of.
Answer: D
Section: (none)
Explanation:
Reference:
Exam C
QUESTION 1
Your security admin aims to protect Azure resources from DDoS attacks, which of the given Azure DDoS
Protection tier will help the admin use to target Azure Virtual Network resources?
A. Advanced
B. Standard
C. Basic
Answer: B
Section: (none)
Explanation:
The Standard service tier provides additional mitigation capabilities that are tuned specifically to Microsoft
Azure Virtual Network resources.
Reference:
QUESTION 2
An NSG is made up of inbound and outbound security rules. Rules are processed in priority order, with lower
numbers processed _____________ higher numbers. When traffic matches a rule, processing stops.
A. after
B. before
C. together
Answer: B
Section: (none)
Explanation:
Priority: A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed
before higher numbers. When traffic matches a rule, processing stops. This means that any other rules with a
lower priority (higher numbers) won't be processed.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/2-describe-azure-
network-security-groups
QUESTION 3
Which of the following is an advantage of single sign-on?
A. Passwords always expire after 72 days.

B. The user signs in once and can then access many applications or resources.
C. A central identity provider can be used.
D. None of these
Answer: B
Section: (none)
Explanation:
With single sign-on, a user signs in once and can then access a number of applications or resources.
In-correct Answer: A central identity provider can be used.

Although a central identity provider can be used by an organization, it isn't a benefit of single sign-on.
Reference:
QUESTION 4
Mobile application management (MAM) gives admins the ability to protect corporate data at the application
level. When apps are managed in Intune, administrators can ______________.
A. Protect your company information by controlling the way users access and share information.
B. See reports on which apps are used and track their usage.
C. Set rules and configure settings on personal and organization-owned devices to access data and networks.
D. Add and assign mobile apps to user groups and devices
E. Configure apps to start or run with specific settings enabled and update existing apps already on the device.
Answer: BDE
Section: (none)
Explanation:
Users with personal devices might not want their phone to be under full corporate control. Mobile application
management (MAM) gives admins the ability to protect corporate data at the application level. Where users just
want to access apps like email or Microsoft Teams, admins can use application protection policies, without
requiring the device to be enrolled in Intune, supporting bring-your-own device (BYOD) scenarios.
MAM can be used with custom applications and store apps.
When apps are managed in Intune, administrators can:

Add and assign mobile apps to user groups and devices, including users and devices in specific groups,
and more.
Configure apps to start or run with specific settings enabled and update existing apps already on the device.
See reports on which apps are used and track their usage.
Do a selective wipe by removing only organization data from apps.
Reference:
QUESTION 5
Under Solution catalog ______________________ is used to show you how to use Microsoft 365 compliance
solutions to protect and govern data in your organization.

Answer: B
Section: (none)
Explanation:
Reference:
QUESTION 6
Which of the following statement holds true with reference to Transparent data encryption (TDE)?
A. It helps you control your applications' secrets by keeping them in a single, central location and by providing
secure access.
B. It helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity.
C. It helps you encrypt Windows and Linux IaaS virtual machine disks.
D. It helps to protect data at rest by automatically encrypting before persisting it to Azure-managed disks,
Azure Blob Storage, Azure Files, or Azure Queue Storage, and decrypts the data before retrieval.
Answer: B
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/7-describe-ways-
azure-encrypts-data
QUESTION 7
In order to increase the priority of a network security group, which of the given sources of information will the
admin need to provide?
A. source, source port, destination, destination port, and target resource.

B. source, source port, destination, destination port, and protocol.
C. source, source port, destination, destination port, and network layer.
D. None of these
Answer: B
Section: (none)
Explanation:
NSG security rules are evaluated by priority using five information points: source, source port, destination,
destination port, and protocol to either allow or deny the traffic.
Reference:
QUESTION 8
Which of the following statement holds true with reference to Azure Disk Encryption?
A. It helps you control your applications' secrets by keeping them in a single, central location and by providing
secure access.
B. It helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity.
C. It helps to protect data at rest by automatically encrypting before persisting it to Azure-managed disks,
D. It helps you encrypt Windows and Linux IaaS virtual machine disks.
Answer: D
Section: (none)
Explanation:
Reference:
azure-encrypts-data
QUESTION 9
Which of the given options is a part of the guiding principles of Zero Trust under assume breach policy?
1. Minimize blast radius and prevent lateral movement by segmenting access by network, user, devices, and
application awareness
2. Always authenticate and authorize based on all available data points
3. Verify all sessions are encrypted end to end.
4. Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA)
5. Use analytics to get visibility, drive threat detection, and improve defenses.
A. Only 1, 4 and 5
B. Only 2, 3 and 4
C. Only 1, 3 and 5
D. Only 3 and 4
E. Only 1 and 2
Answer: C
Section: (none)
Explanation:
Assume breach. Minimize blast radius for breaches and prevent lateral movement by segmenting access by
network, user, devices, and application awareness. Verify all sessions are encrypted end to end. Use analytics
to get visibility, drive threat detection, and
improve defenses.
Reference:
QUESTION 10
Which of the following tools is used to collect data from across the whole estate, including infrastructure,
software, and resources?
A. XDR
B. SOAR
C. SIEM
D. SAML
Answer: C
Section: (none)
Explanation:
A SIEM system is a tool that an organization uses to collect data from across the whole estate, including
infrastructure, software, and resources. It does analysis, looks for correlations or anomalies, and generates
alerts and incidents.
Reference:
QUESTION 11
The NSG security rule sets the priority range from _____________ to _______________.
A. 200: 2096
B. 150: 3500
C. 100; 4096
D. 126: 4000
Answer: C
Section: (none)
Explanation:
Priority: A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed
before higher numbers. When traffic matches a rule, processing stops. This means that any other rules with a
lower priority (higher numbers) won't be processed.
Reference:
network-security-groups
QUESTION 12
Which of the following is NOT one of the services of Active Directory Domain Services (AD DS)?
A. It gives organizations the ability to manage multiple on-premises infrastructure components and systems
using a single identity per user.
B. It stores information about members of the domain
C. It verifies the credentials of the members of the domain, and defines their access rights.
D. It natively support mobile devices, SaaS applications, or line of business apps that require modern
authentication methods.
Answer: D
Section: (none)
Explanation:
Active Directory (AD) is a set of directory services developed by Microsoft as part of Windows 2000 for on-
premises domain-based networks. The best-known service of this kind is Active Directory Domain Services (AD
DS). It stores information about members of the domain, including devices and users, verifies their credentials,
and defines their access rights. A server running AD DS is a domain controller (DC).
AD DS is a central component in organizations with on-premises IT infrastructure. AD DS gives organizations

the ability to manage multiple on-premises infrastructure components and systems using a single identity per
user. AD DS doesn't, however, natively support mobile devices, SaaS applications, or line of business apps that
require modern authentication methods.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-identity-principles-concepts/6-describe-concept-of-
directory-services-active-directory
QUESTION 13
_____________ measures the progress in completing recommended improvement actions within controls.
A. Solution catalog
B. Active alerts
C. Compliance Score
Answer: C
Section: (none)
Explanation:
The compliance score card. This card shows the compliance score, and will forward admins to the Compliance
Manager where they can see a breakdown of the compliance score. Compliance score measures the progress
in completing recommended improvement actions within controls. The score helps an organization to
understand its current compliance posture. It also helps an organization to prioritize actions based on their
potential to reduce risk.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-compliance-management-capabilities-microsoft/3-
describe-compliance-center
QUESTION 14
Which of the following is one of the limitations to keep in mind when the security admin wants to deploy Azure
Bastion to get secure access to those VMs?
A. Azure Bastion is deployed per subscription.

B. Azure Bastion is deployed per virtual machine.
C. Azure Bastion is deployed per virtual network.
Answer: C
Section: (none)
Explanation:
Azure Bastion deployment is per virtual network, not per subscription/account or virtual machine.
Reference:
QUESTION 15
Which of the following type of DDoS attack target web application packets, to disrupt the transmission of data
between hosts?
A. Protocol attack
B. Volumetric attacks
C. Resource (application) layer attacks
Answer: C
Section: (none)
Explanation:
Resource (application) layer attacks: These attacks target web application packets, to disrupt the transmission
of data between hosts.
Reference:
ddos-protection
QUESTION 16
It was observed that the SecOp analysts and security professionals are struggling to detect advanced attacks in
hybrid environments to monitor users, entity behavior, and activities with learning-based analytics and Protect
user identities and credentials stored in Active Directory.
Which of the following Azure services should be suggested in this case to meet the requirement?
A. Microsoft Defender for Identity

B. Microsoft Cloud App Security
C. Microsoft Defender for Endpoint
D. Microsoft Defender for Office 365
Answer: A
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
QUESTION 17
Peter is working in an organization.
The organization uses On-premises apps that are accessed through physical networks or VPN. Also, Some
critical cloud apps are accessible to users.
Identify, at which stage is the Zero Trust readiness of the organization?
A. The organization is at the Advanced level in the Zero Trust journey.

B. The organization is at the Traditional level in the Zero Trust journey.
C. The organization is at the Optimal level in the Zero Trust journey.
Answer: B
Section: (none)
Explanation:
Reference:
QUESTION 18
Which of the following statement hold true with the reference to Authentication?
A. It is the process of profiling user behavior.

B. Enabling federated services.
C. It verifies that a user or device is who they say they are.
D. All of these
Answer: C
Section: (none)
Explanation:
Authentication is the process of verifying that a user or device is who they say they are.
Reference:
QUESTION 19
Which of the following Azure service offers the following features?
1. SQL-injection protection.
2. Cross-site scripting protection.
3. Protection against HTTP protocol violations.
4. Protection against crawlers and scanners.
A. Azure Network Security Groups (NSGs)

B. Azure DDoS Protection
C. Azure Web Application Firewall Application Gateway
D. Azure Bastion
Answer: C
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
QUESTION 20
Rachel is working in an organization. She recommends to run a newly deployed WAF in prevention mode for a
short period of time in a production environment to avoid occurrence of unexpected blocked traffic.
Does the suggested solution meet the requirement?
A. Yes, the solution meets the goal

B. No, the solution meets the goal
Answer: B
Section: (none)
Explanation:
It is recommended that you run a newly deployed WAF in Detection mode for a short period of time in a
production environment. This provides the opportunity to obtain firewall logs and update any exceptions or
custom rules prior to transition to Prevention mode. This can help reduce the occurrence of unexpected
blocked traffic.
Reference:
QUESTION 21
Which of the following statement correctly describes the concept of shared controls in Compliance Manager?
A. Controls that both your organization and Microsoft share responsibility for implementing.
B. Controls that both your organization and external regulators share responsibility for implementing.
C. Controls that both external regulators and Microsoft share responsibility for implementing.
Answer: A
Section: (none)
Explanation:
Both your organization and Microsoft work together to implement these controls. External regulators aren’t
responsible for shared controls. Shared controls are controls that both your organization and Microsoft share
responsibility for implementing.
Reference:
QUESTION 22
Which of the following statement does not hold true with reference to Azure DDoS protection and DDoS attack?
A. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
B. It helps protect all Azure services, including PaaS services like Azure DNS.
C. DDoS Protection Basic requires user configuration and application changes.
D. It attempts to exhaust an application's resources, making the application unavailable to legitimate users
Answer: C
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
QUESTION 23
Samuel is working in an organization. The organization uses Endpoint threat detection to monitor device risk.
Also, access control is gated on device risk for both corporate and BYO devices.
Identify, at which stage is the Zero Trust readiness of the organization?
A. The organization is at the Optimal level in the Zero Trust journey.

C. The organization is at the Advanced level in the Zero Trust journey.
Answer: A
Section: (none)
Explanation:
Reference:
QUESTION 24
Which of the following are the features of Azure Bastion?
A. Protect against zero-day exploit

B. Network and application level filtering
C. Integration with Azure Monitor
D. RDP and SSH directly in Azure portal
E. Protection against port scanning
Answer: ADE
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/5-describe-what-
azure-bastion
QUESTION 25
Kevin has turned on logging diagnostics for Application Gateway in the Diagnostics section. He must also make
sure that the WAF log is selected and turned on. It was observed that the Web application firewall doesn't block
incoming requests. What could be the reason for this?
A. It is operating under custom rule

B. It is operating in Detection mode
C. It is operating in prevention mode
D. None of these
Answer: B
Section: (none)
Explanation:
Detection mode: Monitors and logs all threat alerts. You turn on logging diagnostics for Application Gateway in
the Diagnostics section. You must also make sure that the WAF log is selected and turned on. Web application
firewall doesn't block incoming requests when it's operating in Detection mode.
Reference:
QUESTION 26
Which of the following statement holds true with reference to Azure Storage Service Encryption?
A. It helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity.
B. It helps you control your applications' secrets by keeping them in a single, central location and by providing
secure access.
C. It helps you encrypt Windows and Linux IaaS virtual machine disks.
D. It helps to protect data at rest by automatically encrypting before persisting it to Azure-managed disks,
Answer: D
Section: (none)
Explanation:
Reference:
azure-encrypts-data
QUESTION 27
Which amongst the following is not a characteristic of Azure Security Center?
A. It can recommend Application Gateway WAF to protect these vulnerable resources.

B. It scans your environment to detect unprotected web applications.
C. It allows you to track diagnostic information, including WAF alerts and logs.
D. It provides increased visibility into and control over the security of your Azure resources.
Answer: C
Section: (none)
Explanation:
Security Center helps you prevent, detect, and respond to threats. It provides increased visibility into and
control over the security of your Azure resources. Application Gateway is integrated with Security Center.
Security Center scans your environment to detect unprotected web applications. It can recommend Application
Gateway WAF to protect these vulnerable resources. You create the firewalls directly from Security Center.
These WAF instances are integrated with Security Center. They send alerts and health information to Security
Center for reporting.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/
QUESTION 28
Which relationship allows federated services to access resources?
A. Trust Relationship
B. Shared access Relationship
C. Claim Relationship
D. Terminal Relationship
Answer: A
Section: (none)
Explanation:
Federated services use a trust relationship to allow access to resources.
Reference:
QUESTION 29
Compliance Manager provides _____________ to help admins to quickly create assessments
A. Improvement actions
B. Assessment
C. Templates
D. Controls
Answer: C
Section: (none)
Explanation:
Compliance Manager provides templates to help admins to quickly create assessments. They can modify these
templates to create an assessment optimized for their needs.
Reference:
QUESTION 30
Which of the given statement with reference to diagram of Cloud App Security Architecture in Microsoft 365
Defender services does not hold true?
A. Sanctioning and unsanctioning apps in your cloud.
B. Use easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of
apps that you connect to.
C. Use App connectors to map and identify your cloud environment and the cloud apps your organization is
using.
D. Use Conditional Access App Control protection to get real-time visibility and control over access and
activities within your cloud apps.
Answer: C
Section: (none)
Explanation:
Cloud App Security integrates visibility with your cloud by:
Using Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is
using.
Sanctioning and unsanctioning apps in your cloud.
Using easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of
apps that you connect to.
Using Conditional Access App Control protection to get real-time visibility and control over access and
activities within your cloud apps.
Helping you have continuous control by setting, and then continually fine-tuning, policies.
Reference:
QUESTION 31
Which of the following services uses traffic logs to dynamically discover and analyze the cloud apps that your
organization is using?
A. Conditional Access App

B. Cloud Traffic Logs
C. Cloud Discovery
D. App Connectors
Answer: C
Section: (none)
Explanation:
loud Discovery uses your traffic logs to dynamically discover and analyze the cloud apps that your organization
is using. To create a snapshot report of your organization's cloud use, you can manually upload log files from
your firewalls or proxies for analysis. To set up continuous reports, use Cloud App Security log collectors to
periodically forward your logs.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security
QUESTION 32
Under Solution catalog ______________________ is used to show shows how your organization can quickly
find, investigate, and respond to compliance issues with relevant data.

Answer: A
Section: (none)
Explanation:
Reference:
QUESTION 33
Match the following statements with reference to implementation of the Azure Sentinel to their respective
features.
1. It help you to understand the scope and find the root cause, of a potential security threat.
2. It provides a highly-extensible architecture that enables scalable automation as new technologies and
threats emerge.
3. It enable you to proactively look for security threats across your organization’s data sources, before an alert
is triggered.
4. It enable you to proactively hunt for security threats across your organization’s data sources, before an alert
is triggered.
A. 1 - Hunting
2 - Deep investigation tool
3 - Analytics
4 - Automation and orchestration solution
B. 1 - Automation and orchestration solution
3 - Analytics
4 - Hunting
C. 1 - Analytics
2 - Hunting
D. 1 - Deep investigation tool
3 - Hunting
4 - Analytics
Answer: D
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview
QUESTION 34
Which of the following tools help to deliver intelligent, automated, and integrated security across an
organization’s domain?
A. SAML
B. SOAR
C. XDR
D. SIEM
Answer: C
Section: (none)
Explanation:
An XDR system is designed to deliver intelligent, automated, and integrated security across an organization’s
domain. It helps prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT,
infrastructure, and cloud platforms.
Reference:
QUESTION 35
A company has implemented Microsoft Defender for Endpoint built into Windows 10 and Microsoft's robust
cloud service, to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Which of the following is a feature of Endpoint behavioral sensors technology?
A. It ensures configuration settings are properly set and exploit mitigation techniques are applied
B. It generate alerts when they are observed in collected sensor data.
C. It collects and process behavioral signals from the operating system and send this sensor data to your
private, isolated, cloud instance of Microsoft Defender for Endpoint.
D. Behavioral signals are translated into insights, detections, and recommended responses to advanced
threats.
Answer: C
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?
view=o365-worldwide
QUESTION 36
James is working in an organization that is looking to protect and secure hybrid workloads across on-premise
and external cloud systems. He has been asked to suggest a solution that meets the following requirement.
1. Monitor the security state of your hybrid cloud workloads via one console.
2. Protect hybrid data that is hosted in Azure, on premises or in other clouds and detect unusual attempts to
access Azure Storage
3. Scan container images for vulnerabilities in Azure Container Registry.
A. Azure Firewall Gateway

B. Azure NSGs
C. Azure Defender
D. Azure DDoS
Answer: C
Section: (none)
Explanation:
se Azure Defender, integrated with Azure Security Center, for Azure and hybrid cloud workload protection and
security. With extended detection and response (XDR) capabilities, stand up against threats like remote
desktop protocol (RDP) brute-force attacks and SQL injections. Streamline security with AI and automation.
Refer: https://azure.microsoft.com/en-in/services/azure-defender/
Reference:
QUESTION 37
According to which of the following characteristics of the could computing as a service delivery model, the
resources can expand or contract as quickly as they are used or freed?
A. Resource pooling
B. Broad network access
C. Rapid elasticity
D. On-demand self-service
Answer: C
Section: (none)
Explanation:
Rapid elasticity – resources can expand or contract as quickly as they are used or freed. Measured service –
services are charged based on what is used.
Reference:
QUESTION 38
Which of the following is a PaaS service that provides data protection capability for customers and is integrated
into many Microsoft SaaS solutions?
A. Azure Policy
B. Azure Blueprints
C. Azure RBAC
D. Azure Rights Management services
Answer: D
Section: (none)
Explanation:
For PaaS solutions, a customer’s accountability for data classification and management should
be acknowledged as an essential part of the planning process. In such solutions, customers need to configure
and establish process to protect both the data and the solution’s feature set that protects their data. Azure
Rights Management services is a PaaS service that provides data protection capability for customers and is
integrated into many Microsoft SaaS solutions.
Reference:
https://azure.microsoft.com/mediahandler/files/resourcefiles/shared-responsibility-for-cloud-computing/Shared
%20Responsibility%20for%20Cloud%20Computing-2019-10-25.pdf
QUESTION 39
John is working in an organization. The organization has data classified and labeled using regex/keyword
methods. Also, access decisions are governed by encryption. Identify at which stage is the Zero Trust
readiness of the organization?
A. The organization is at the Optimal level in the Zero Trust journey.

C. The organization is at the Advanced level in the Zero Trust journey.
Answer: C
Section: (none)
Explanation:
Reference:
QUESTION 40
Why should Security Operations Center (SOC) have a multi-tier incident response team using advanced threat
detection and AI-driven alert management capabilities?
A. To cut through the noise and deliver prioritized security alerts.

B. To monitor and enforce device health and compliance for secure access.
C. To detect attacks and anomalies, and automatically block and flag risky behavior and take protective
actions.
D. To enhance visibility and help prevent attackers from moving laterally across the network.
Answer: A
Section: (none)
Explanation:
Zero Trust relies heavily on signal and solution integration to be successful, this is a great time to
work towards providing greater visibility into your threat landscape and embracing security automation. The
Security Operations Center (SOC) should have a multi-tier incident response team in place that uses advanced
threat detection and AI-driven alert management capabilities to cut through the noise and deliver prioritized
security alerts. Response to common incidents, such as denying access to infected devices, should be
automated to improve response times and reduce risk exposure.
Reference:
QUESTION 41
Which of the following statement correctly illustrates the difference between Compliance Manager and
compliance score?
A. Compliance Manager is the regulator who will manage your compliance activities. Compliance score is a
calculation of the overall compliance posture across the organization.
B. Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center to enable admins to
manage and track compliance activities. Compliance score is a score the organization receives from
regulators for successful compliance.
C. Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center to enable admins to
manage and track compliance activities. Compliance score is a calculation of the overall compliance
posture across the organization.
Answer: C
Section: (none)
Explanation:
Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center to enable admins to
manage and track compliance activities. Compliance score is a calculation of the overall compliance posture
across the organization.
Compliance Manager provides admins with the capabilities to understand and improve their compliance score
so that they can ultimately improve the organization’s compliance posture and help it to stay in line with its
compliance requirements .
Reference:
QUESTION 42
What kind of risk does Phishing represent?
A. Personal risk
B. Physical risk
C. Identity risk
D. Ethical risk
Answer: C
Section: (none)
Explanation:
A phishing scam is an example of an identity attack.
Reference:
QUESTION 43
__________________ provides recommended guidance that's intended to help organizations to align with data
protection regulations and standards.
A. Controls
B. Assessment
C. Templates
Answer: D
Section: (none)
Explanation:
Improvement actions help centralize compliance activities. Each improvement action provides recommended
guidance that's intended to help organizations to align with data protection regulations and standards.
Improvement actions can be assigned to users in the organization to do implementation and testing work.
Admins can also store documentation, notes, and record status updates within the improvement action.
Reference:
QUESTION 44
Which of the following type of DDoS attack flood the network with legitimate traffic, thereby overwhelming the
available bandwidth?
A. Resource (application) layer attacks

B. Volumetric attacks
C. Protocol attack
Answer: B
Section: (none)
Explanation:
Volumetric attacks: These are volume-based attacks that flood the network with seemingly legitimate traffic,
overwhelming the available bandwidth. Legitimate traffic can't get through. These types of attacks are
measured in bits per second. Refer: https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-
capabilities-azure/3-describe-azure-ddos-protection .
Reference:
QUESTION 45
Which of the following type of DDoS attack are typically measured in packets per second?
A. Volumetric attacks
B. Resource (application) layer attacks
C. Protocol attack
Answer: C
Section: (none)
Explanation:
Protocol attacks: Protocol attacks render a target inaccessible by exhausting server resources with false
protocol requests that exploit weaknesses in layer 3 (network) and layer 4 (transport) protocols. These types of
attacks are typically measured in packets per second. Refer: https://docs.microsoft.com/en-us/learn/modules/
describe-basic-security-capabilities-azure/3-describe-azure-ddos-protection .
Reference:
QUESTION 46
Which of the following guiding principles of Zero Trust Limit user access with Just-In-Time and Just-Enough
Access (JIT/JEA), risk-based adaptive polices, and data protection to protect both data and productivity?
A. None of these
B. Verify explicitly
C. Least privileged access
D. Assume breach
Answer: C
Section: (none)
Explanation:
Use least privileged access. Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-
based adaptive polices, and data protection to protect both data and productivity.
Reference:
QUESTION 47
Where are the Application Gateway logs to track diagnostic information, including WAF alerts and logs?
A. Azure Monitor
B. Azure Network Security Groups (NSGs)
C. Azure Firewall Gateway
D. Azure DDoS Protection
Answer: A
Section: (none)
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
QUESTION 48
Peter is working in an organization that plans to implement Microsoft Defender for Office 365.
Which of the following Office 365 security services is used to adds post-breach investigation, hunting, and
response, as well as automation, and simulation (for training)?
A. Exchange Online Protection (EOP)

B. Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
C. Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)
Answer: C
Section: (none)
Explanation:
The three service components include -
EOP - Prevents broad, volume-based, known attacks.

Microsoft Defender for Office 365 P1 - Protects email and collaboration from zero-day malware, phish, and
business email compromise.
Microsoft Defender for Office 365 P2 - Adds post-breach investigation, hunting, and response, as well as
automation, and simulation (for training).
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/overview?view=o365-worldwide
QUESTION 49
Peter has joined as a new admin of the team and needs to be able to access the Microsoft 365 Compliance
Center.
Which of the given roles could the admin use to access the Compliance Center?
A. User Administrator role
B. Compliance Administrator role
C. Helpdesk Administrator role
Answer: B
Section: (none)
Explanation:
This is one of the multiple roles you can use to access the Compliance Center
Reference:
QUESTION 50
Which of the given cloud solutions provide capabilities such as multifactor authentication, identity protection,
and robust role-based access control?
A. Azure Policy
B. Azure Blueprints
C. Azure RBAC
D. Azure Active Directory (Azure AD)
Answer: D
Section: (none)
Explanation:
Cloud solutions such as Azure Active Directory (Azure AD) provide capabilities such as multifactor
authentication, identity protection, and robust role-based access control. Azure Active Directory also provides
the ability to provision on-premises and third-party applications such as
Box, Concur, Google Apps, Salesforce, and more. CSPs that can provide extendible SSO capabilities can help
tie together customer and CSP responsibilities with less risk of security and privacy misconfigurations.
Reference:

SC-900 148q June 2021 by Drunkmonk

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SC-900 148q June 2021 by Drunkmonk

Uploaded by

Copyright:

Available Formats

SC-900_148q_June_2021_By_Drunkmonk

Passing Score: 800

Microsoft Certified: Security, Compliance, and Identity Fundamentals

NOTE: Each correct selection is woth one point

A. Quickly search the content locations on hold

A. By using Add-eDiscoveryCaseAdmin cmdlet in Security & Compliance Center PowerShell

A. Data leaks by priority users

NOTE: Each correct selection is woth one point

A. Data leaks by disgruntled users

A. General security policy violations

NOTE: Each correct selection is woth one point

A. General security policy violations

A. Recoverable Hold Library

A. Recoverable Hold Library

A. Preservation Hold library

A. Exchange, SharePoint, OneDrive, Microsoft 365 Groups

A. Azure Active Directory Premium P2

A. To connect to your workloads running in Azure

A. Yes, the solution meets the goal

A. The host virtual network is linked to a private DNS zone.

1. Information and Data

NOTE: Each correct selection is woth one point

A. It helps to create an application quickly without managing the underlying infrastructure.

2. Create a hash value from the message

A. It will be shared responsibility between an organization and Microsoft.

A. By ensuring there's no segmentation of your corporate network.

A. 1- SaaS, 2 - PaaS, 3- IaaS

A. The services will be removed

A. Public Key; Private Key

1. Privacy incident response

A. Preventive; Detective; Corrective

A. Microsoft Authenticator App

Which type of attack is this?

A. Malware linked IP address

1. It provides a special class of identity to support external identities.

1. Password Protection (global banned password)

A. The statement is correct

1. Reset password for a user

1. External users are managed in the Azure AD B2C directory.

A. Sign-in error code of 10053

A. Azure AD Password Protection

Which of the following features should Edward use this case?

A. Azure AD Threat Intelligence

A. Azure AD Threat Intelligence

When should the company use access packages?

Select all that apply

How many licenses are required to be issued in this case?

Select all that apply

NOTE: Each correct selection is woth one point

A. An organization having complex security requirements.

A. State - Cannot Edit / Delete and Lock Mode - Don't lock

Select all that apply

NOTE: Each correct selection is woth one point

A. Delete the blueprint assignment

A. Discovery & respond section

A. Azure Virtual Machine

A. Identify suspicious activities

1. The centralized identity provider supplies the authentication service.

Which of the following subscription is required by the organization?

A. Office 365 E1 license with an Exchange Online Plan 2

A. Passwords always expire after 72 days.

In-correct Answer: A central identity provider can be used.

Select all that apply

NOTE: Each correct selection is woth one point