@AzureAdminsGroup

Exam : SC-900
Title : Microsoft Security, Compliance, and Identity Fundamentals
Vendor : Microsoft
Version : V1.1
Questions: 238

Question 1: Which of the following is NOT a Zero Trust guiding principle?

A. Verify explicitly
B. Least privileged access
C. Assume breach.
D. Multi factor authentication

Correct Answer: D
Question 2: Which of the following is NOT a type of identity?
A. Users
B. Services
C. Devices
D. Networks

Correct Answer: D
Question 3: The human resources organization want to ensure that stored employee data is
encrypted. Which security mechanism would they use?

A. Encryption in transit
B. Digital signing
C. Encryption at rest

Correct Answer: D
Question 4: Which of the following measures might an organization implement as part of the
defense in-depth security methodology?

A. Locating all its servers in a single physical location.

B. Multi-factor authentication for all users.
C. Ensuring there's no segmentation of your corporate network.

Correct Answer: B
 @AzureAdminsGroup
2

Question 5: A compliance admin is looking for regulatory information relevant to a specific region,
which one link will provide the needed information?

A. Microsoft Privacy Principles.

B. Service Trust Portal.
C. Microsoft Compliance Manager.

Correct Answer: B
Question 6: Among the 4 pillars of identity, which pillar tells the story of how much assurance for a
particular identity is enough.

A. Administration
B. Authentication
C. Authorization
D. Auditing

Correct Answer: B
Question 7: T/F: With federation, trust is always bidirectional.
A. True
B. False

Correct Answer: B
Question 8: How many editions of the azure active directory (AAD) are available?
A. 1
B. 2
C. 3
D. 4

Correct Answer: D
Question 9: An organization is launching a new app for its customers. Customers will use a sign-in
screen that is customized with the organization's brand identity. Which type of Azure External
identity solution should the organization use?

A. Azure AD B2B
B. Azure AD B2C
C. Azure AD Hybrid identities

Correct Answer: B
 @AzureAdminsGroup
3

Question 10: True/False: "A system-assigned managed identity can be associated with more than
one Azure resource."

A. True
B. False

Correct Answer: B

Question 11: A company's IT organization has been asked to find ways to reduce IT costs, without
compromising security. Which feature should they consider implementing?

A. Self-service password reset.

B. Bio-metric sign-in on all devices.
C. FIDO2.

Correct Answer: A
Question 12: IT admins have been asked to review Azure AD roles assigned to users, to improve
organizational security. Which of the following should they implement?

A. Remove all global admin roles assigned to users.

B. Create custom roles.
C. Replace global admin roles with specific Azure AD roles.

Correct Answer: C
Question 13: Your IT organization recently discovered that several user accounts in the finance
department have been compromised. The CTO has asked for a solution to reduce the impact of
compromised user accounts. The IT admin team is looking into Azure AD features. Which one should
they recommend?

A. Identity Protection.
B. Conditional Access.
C. Entitlement management.

Correct Answer: A
Question 14: A company wants to make use of Windows Hello for Business when it comes to
authentication. Which of the following authentication techniques are available in Windows Hello for
Business?

A. PIN
B. Password
C. Facial Recognition
D. Email message
 @AzureAdminsGroup
4

E. Fingerprint recognition

Correct Answer: A, C, E
Question 15: You are planning to make use of Azure Bastion service. Can you use the Azure Bastion
service to restrict traffic from the Internet onto an Azure Virtual Machine?

A. Yes
B. No

Correct Answer: A
Question 16: Which of the following is a scalable, cloud-native security event management and
security orchestration automated response solution?

A. Azure Sentinel
B. Azure Security Centre
C. Azure Active Directory
D. Azure AD Identity Protection

Correct Answer: A
Question 17: Your company is planning on using Azure Active Directory. They already have user
identities stored in their on-premise Active Directory. They want to sync the user identities from the
on-premise Active Directory onto Azure Active Directory. Which of the following could be used?

A. Azure Blueprints
B. Azure AD Connect
C. Azure Identity Protection
D. Azure Privileged Identity Management

Correct Answer: B
Question 18: The security admin wants to increase the priority of a network security group, what
five sources of information will the admin need to provide?

A. source, source port, destination, destination port, and network layer.

B. source, source port, destination, destination port, and protocol.
C. source, source port, destination, destination port, and target resource.

Correct Answer: B

Question 19: An organization is using Azure and wants to improve their security best practices.
Which Azure specific benchmark would the IT security team need to consider?

A. Azure Security Benchmark.

B. Center for Internet Security.
 @AzureAdminsGroup
5

C. Microsoft cybersecurity group.

Correct Answer: B
Question 20: As the lead admin, it's important to convince your team to start using Azure Sentinel.
You’ve put together a presentation. What are the four security operation areas of Azure Sentinel
that cover this area?

A. Collect, Detect, Investigate, and Redirect.

B. Collect, Detect, Investigate, and Respond.
C. Collect, Detect, Investigate, and Repair.

Correct Answer: B
Question 21: Which of the following can be used to provide just-in-time access to resources?
A. Azure AD Identity Protection
B. Azure AD Privileged Identity Management
C. Azure Multi-Factor Authentication
D. Azure Blueprints

Correct Answer: B
Question 22: Which of the following provides "Network Address Translation"
A. Azure Bastion
B. Azure Firewall
C. Network Security Group
D. Azure DDoS protection

Correct Answer: B
Question 23: Which of the following provides XDR (Extended Detection & Response) capabilities
that helps to protect multi-cloud and hybrid workloads?

A. Azure Policy
B. Azure Defender
C. Azure Blueprints
D. Azure Identity Protection

Correct Answer: B
Question 24: Can Microsoft Defender for Endpoint be used for Windows 2016-based Azure Virtual
Machine?

A. Yes
 @AzureAdminsGroup
6

B. No

Correct Answer: A
Question 25: What is the maximum time frame for which you can retain audit logs in
Microsoft 365?
A. 1 month
B. 1 year
C. 5 year
D. 10 year

Correct Answer: D
Question 26: Can Azure Bastion be used to restrict traffic from the Internet onto an Azure
Virtual machine?
A. Yes
B. No

Correct Answer: A
Question 27: Azure Sentinel provides intelligent security analytics across your enterprise.
The data for this analysis is stored in ___________________ ?
A. Azure Monitor
B. Azure Blob Storage
C. Azure DataLake
D. Azure Log Analytics Workspace

Correct Answer: D
Question 28: Which of the following are examples of Microsoft Trust principle?
A. Control
B. Privacy
C. Transparency
D. Security
E. Strong legal protections

Correct Answer: A, C, D, E
 @AzureAdminsGroup
7

Question 29: Which of the following Azure Active Directory license type provides ability to
perform "self-service password reset" for both cloud and on-premise users?
A. Azure Active Directory Free
B. Office 365 Apps
C. Azure Active Directory Premium P1
D. Azure Active Directory Premium P2

Correct Answer: C
Question 30: A lead admin for an organization is looking to protect against malicious threats
posed by email messages, links (URLs), and collaboration tools. Which solution from the
Microsoft 365 Defender suite is best suited for this purpose?
A. Microsoft Defender for Office 365.
B. Microsoft Defender for Endpoint.
C. Microsoft Defender for Identity.

Correct Answer: A
Question 31: Which of the following describes what an admin would need to select to view
security cards grouped by risk, detection trends, configuration, and health, among others?
A. Group by topic.
B. Group by risk
C. Group by category

Correct Answer: A
Question 32: Your new colleagues on the admin team are unfamiliar with the concept of
shared controls in Compliance Manager. How would the concept of shared controls be
explained?
A. Controls that both external regulators and Microsoft share responsibility for
implementing.
B. Controls that both your organization and external regulators share responsibility for
implementing.
C. Controls that both your organization and Microsoft share responsibility for
implementing.

Correct Answer: C
 @AzureAdminsGroup
8

Question 33: Which part of the concept of know your data, protect your data, and prevent
data loss addresses the need for organizations to automatically retain, delete, store data
and records in a compliant manner?
A. Know your data
B. Prevent data loss
C. Govern your data

Correct Answer: C
Question 34: Due to a certain regulation, your organization must now keep hold of all
documents in a specific SharePoint site that contains customer information for five years.
How can this requirement be implemented?
A. Use sensitivity labels
B. Use the content explorer
C. Use retention policies

Correct Answer: C
Question 35: Which tool can enable an organization's development team to rapidly
provision and run new resources, in a repeatable way that is in line with the organization’s
compliance requirements?
A. Azure Policy
B. Azure Rapid Build
C. Azure Blueprints

Correct Answer: C
Question 36: A hold has been placed on content relevant to a case. The hold has not taken
effect yet, what has happened?
A. It may take up to seven days after you create a hold for it to take effect.
B. It may take up to 24 hours after you create a hold for it to take effect.
C. It may take up to one hour after you create a hold for it to take effect.

Correct Answer: B
Question 37: To comply with corporate policies, the compliance admin needs to be able to
identify and scan for offensive language across the organization.
What solution can the admin implement to address this need?
 @AzureAdminsGroup
9

A. Use Policy Compliance in Microsoft 365.

B. Use Communication Compliance
C. Use information barriers.

Correct Answer: B
Question 38: Select Yes/No : If a user uses incorrect credentials, it will not be flagged by
Identity Protection since there is not of risk of credential compromise unless a bad actor
uses the correct credentials.
A. Yes
B. No
Correct Answer: B
Question 39: Select Yes/No : Can you add delete lock to a resource that has a read-only
lock?
A. Yes
B. No

Correct Answer: A
Question 40: Select Yes/No : Can Azure Policy service be used to check the compliance of
existing resources?
A. Yes
B. No

Correct Answer: A
Question 41: In the following situation, who is responsible for ensuring security and
compliance?
"Operating system for a Platform as a service (PaaS) application'
A. User
B. Microsoft
C. Both

Correct Answer: B
Question 42: Which out of the following requires the least management by the cloud
customer.
A. SaaS
 @AzureAdminsGroup
10

B. PaaS
C. IaaS
D. There is no difference, all require similar management

Correct Answer: A
Question 43: _______ attack attempts to exhaust an application's resources, making the
application unavailable to legitimate users.
A. Distributed Denial of Service (DDoS)
B. Ransomware
C. Data breach
Correct Answer: A
Question 44: An organization has deployed Microsoft 365 applications to all employees.
Who is responsible for the security of the personal data relating to these employees?
A. The organization
B. Microsoft, the SaaS provider
C. There's shared responsibility between an organization and Microsoft.

Correct Answer: A
Question 45: The security perimeter can no longer be viewed as the on-premises network. It
now extends to?
A. SaaS applications for business-critical workloads that might be hosted outside the
corporate network.
B. IoT devices installed throughout your corporate network and inside customer
locations.
C. The personal devices of employees
D. The unmanaged devices used by partners or customers when interacting with
corporate data or collaborating with employees

Correct Answer: A, B, C, D
Question 46: Among the 4 pillars of Identity, which is about tracking who does what, when,
where, and how?
A. Administration
B. Authentication.
C. Authorization.
D. Auditing
 @AzureAdminsGroup
11

Correct Answer: D
Question 47: What type of security risk does a phishing scam pose?
A. Ethical risk.
B. Physical risk.
C. Identity risk.

Correct Answer: D
Question 48: Which of the following Azure active directory (AAD) is available along with
Office 365 E1 & E3
A. Free
B. Office 365 Apps
C. Premium P1
D. Premium P2

Correct Answer: B
Question 49: All users in an organization have Microsoft 365 cloud identities. Which identity
model applies?
A. Hybrid
B. Cloud-only
C. On-premises only

Correct Answer: B
Question 50: In which type of authentication, Azure AD hands off the authentication
process to a separate trusted authentication system to validate the user’s password.
A. Password hash synchronization.
B. Pass-through authentication (PTA).
C. Federated authentication

Correct Answer: C
Question 51: True/False: "Custom roles require an Azure AD Premium P1 or P2 license.
A. True
B. False

Correct Answer: A
 @AzureAdminsGroup
12

Question 52: An organization has recently merged with a competitor, nearly doubling the
number of employees. The organization needs to implement an access life cycle system that
won't add a significant amount of work for its IT administrators. Which Azure AD feature
should they implement?
A. Dynamic groups.
B. Conditional Access policies.
C. Azure AD Terms of Use.

Correct Answer: A
Question 53: Which of the following can be used to provide a secure score for the resources
defined as a part of your Azure Account?
A. Security Centre
B. Key Vault
C. Azure Information Protection
D. Azure Active Directory
E. Application Security Groups

Correct Answer: A
Question 54: You are looking at the capabilities of Azure Active Directory. Can AAD be used
to manage device registrations?
A. Yes
B. No

Correct Answer: A
Question 55: Which of the following provides advanced and intelligent protection of Azure
and hybrid resources and workloads?
A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure Active Directory

Correct Answer: A
Question 56: Your company is planning on using Azure Cloud services. They are looking at
the different security aspects when it comes to Microsoft privacy. Is Shared Responsibility
Model a key Microsoft privacy principal?
 @AzureAdminsGroup
13

A. True
B. False

Correct Answer: B
Question 57: Do all versions of Azure Active Directory have the same set of features?
A. Yes
B. No

Correct Answer: B
Question 58: The security admin wants to protect Azure resources from DDoS attacks,
which Azure DDoS Protection tier will the admin use to target Azure Virtual Network
resources?
A. Basic
B. Standard
C. Advanced

Correct Answer: B
Question 59: An organization is using Security Center to assess its resources and
subscriptions for security issues. The organization's overall secure score is low and needs to
improve. How could a security admin try to improve the score?
A. Close old security recommendations.
B. Remediate security recommendations.
C. Move security recommendations to resolved.

Correct Answer: B
Question 60: Your estate has many different data sources where data is stored. Which tool
should be used with Azure Sentinel to quickly gain insights across your data as soon as a
data source is connected?
A. Azure Monitor Workbooks.
B. Playbooks.
C. Microsoft 365 Defender.

Correct Answer: A
 @AzureAdminsGroup
14

Question 61: Can Azure AD Identity Protection be used to provide access to resources in
Azure?
A. Yes
B. No

Correct Answer: A
Question 62: Which of the following will provide "a secure way to RDP/SSH into Azure
Virtual Machines"

A. Azure Bastion
B. Azure Virtual Machines
C. Network Security Group
D. Azure DDoS Protection

Correct Answer: A
Question 63: Can Microsoft Defender For Endpoint be used to protect SharePoint Online?
A. Yes
B. No

Correct Answer: B
Question 64: Can Microsoft Intune be used for a Windows 10 device?
A. Yes
B. No

Correct Answer: A
Question 65: Which of the following allows you to invite guest users and provide them
access to Azure resources within your organization?
A. Azure Identity Protection
B. Azure Privileged Identity Management
C. Azure Active Directory B2B
D. Azure AD Connect

Correct Answer: C
 @AzureAdminsGroup
15

Question 66: Can AAD be used to ensure user does not have the product's name as part of
the password defined by the user?
A. Yes
B. No

Correct Answer: A
Question 67: __________________ are the types of resources you can manage user's access
to with entitlement management?
A. Azure AD security groups
B. Azure AD enterprise applications
C. SharePoint Online sites
D. Microsoft 365 Groups and Teams

Correct Answer: A, B, C, D
Question 68: Can Microsoft Defender for Endpoint service be used to protect Windows10
machines?
A. Yes
B. No

Correct Answer: A
Question 69: Which of the following is NOT one of the benefits of Microsoft Compliance
Manager?
A. Pre-built assessments based on common regional and industry regulations and
standards.
B. Step-by-step improvement actions that admins can take to help meet regulations
and standards
C. contains compliance information about Microsoft Cloud services organized by
industry and region.
D. Translating complicated regulations, standards, company policies, or other control
frameworks into a simple language.

Correct Answer: C
Question 70: A team admin is asked to provide a short presentation on the use and benefit
of Microsoft Cloud App Security. Which of the four MCAS pillars is responsible for identifying
and controlling sensitive information?
 @AzureAdminsGroup
16

A. Threat protection
B. Compliance
C. Data security

Correct Answer: C
Question 71: An admin wants to get a comprehensive view of an attack including where it
started, what tactics were used, and how far it has gone in the network. What can the
admin use to view this type of information?
A. Alerts
B. Reports
C. Incidents
Correct Answer: C
Question 72: A customer has requested a presentation on how the Microsoft 365
Compliance Center can help improve their organization’s compliance posture. The
presentation will need to cover Compliance Manager and compliance score. What is the
difference between Compliance Manager and compliance score?
A. Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center
to enable admins to manage and track compliance activities. Compliance score is a
calculation of the overall compliance posture across the organization.
B. Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center
to enable admins to manage and track compliance activities. Compliance score is a
score the organization receives from regulators for successful compliance.
C. Compliance Manager is the regulator who will manage your compliance activities.
Compliance score is a calculation of the overall compliance posture across the
organization.

Correct Answer: B
Question 73: As part of a new data loss prevention policy, the compliance admin needs to
be able to identify important information such as credit card numbers, across the
organization's data. How can the admin address this requirement?
A. Use activity explorer
B. Use sensitivity labels
C. Use sensitive information types

Correct Answer: C
 @AzureAdminsGroup
17

Question 74: A team that collaborates on a project through Microsoft Teams reports that
they're unable to use features that they were using last week. The admin will investigate
whether a user might have changed settings in Microsoft Teams.
What capability can the admin use?

A. Turn on Microsoft Teams settings search and ensure you've been assigned the
appropriate role to perform the search.
B. Verify that Auditing is enabled and ensure that you've been assigned the appropriate
role to perform the search.
C. Block Microsoft Teams from being used and ensure that you've been assigned the
appropriate role to perform the search.

Correct Answer: B
Question 75: An organization is moving their IT infrastructure to the cloud. They want to
know how to create and implement business and technology strategies in a way that will
help them succeed in the cloud.
What guidance can they use to help them transition to the cloud?
A. They should use Azure Policy for guidance on moving to the cloud.
B. They should use the Microsoft Cloud Adoption Framework for guidance on moving
to the cloud.
C. They should use the Azure Cloud Succeed Framework.

Correct Answer: B
Question 76: The compliance team needs to perform more advanced, complex, and
repetitive content search tasks. What can enable the team to do more complex search
tasks?
A. Use the Microsoft 365 autocontent search client.
B. Use the continuous eDiscovery autosearch client.
C. Use the PowerShell scripts provided by Microsoft.

Correct Answer: C
Question 77: Your organization has many departments that collaborate through Microsoft
Teams. To comply with business policies, the IT organization needs to make sure that users
from one particular department are limited in their access and interactions with other
departments.
What solution can address this need?
 @AzureAdminsGroup
18

A. Use Communication Compliance.

B. Use Customer Lockbox.
C. Use information barriers.

Correct Answer: C
Question 78: Select Yes/No : Can Azure Policy be used to remediate issues that get detected
via its compliance checks?
A. Yes
B. No

Correct Answer: A
Question 79: Select True/False: Azure Blueprints can be used to create Role assignments for
an Azure Subscription?
A. True
B. False

Correct Answer: A
Question 80: Select True/False: Can Blueprints be used to create Management Groups?
A. True
B. False

Correct Answer: B
Question 81: Which out of the following requires the most management by the cloud
customer.
A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. All require the same effort

Correct Answer: A
Question 82: Which of the following are not responsibilities always retained by the
customer organization?
A. Information and data
B. Devices (mobile and PCs)
 @AzureAdminsGroup
19

C. Accounts and identities

D. Identity and directory infrastructure

Correct Answer: D
Question 83: Malware can give attackers unauthorized access, which allows them to use
system resources, lock you out of your computer, and ask for ransom.
A. Malware
B. Data breach
C. dictionary attack
D. disruptive attacks

Correct Answer: A
Question 84: True/False: "When Microsoft does collect data, it is used to benefit you, the
customer, and to make your experiences better"
A. True
B. False

Correct Answer: A
Question 85: Which pillar in the 4 pillar identification system is about the creation and
management of identities for users, devices, and services.
A. Administration
B. Authentication
C. Authorization
D. Auditing

Correct Answer: A
Question 86: What is a benefit of single sign-on?
A. A central identity provider can be used.
B. The user signs in once and can then access many applications or resources.
C. Passwords always expire after 72 days.

Correct Answer: B
Question 87: Authentication is the process of doing what?
A. Verifying that a user or device is who they say they are.
 @AzureAdminsGroup
20

B. The process of profiling user behavior.

C. Enabling federated services.

Correct Answer: A
Question 88: Which edition of the Azure active directory gives you Privileged Identity
Management to help discover, restrict, and monitor administrators?
A. Free
B. Office 365
C. Premium P1
D. Premium P2

Correct Answer: D
Question 89: An organization has developed an app to allow users to be able to sign in with
their Facebook, Google, or Twitter credentials. What type of authentication is being used?
A. Service principal authentication
B. Azure AD B2C
C. User assigned identities

Correct Answer: B
Question 90: After hearing of a breach at a competitor, the security team wants to improve
identity security within their organization. What should they implement immediately to
provide the greatest protection to user identities?
A. Multi-factor authentication.
B. Require bio-metrics for all sign-ins.
C. Require strong passwords for all identities

Correct Answer: A
Question 91: An organization plans to implement Conditional Access. What do admins need
to do?
A. Create policies that enforce organizational rules.
B. Check that all users have multi-factor authentication enabled.
C. Amend your apps to allow Conditional Access.

Correct Answer: A
 @AzureAdminsGroup
21

Question 92: An organization is project-oriented with employees often working on more

than one project at a time. Which solution is best suited to managing user access to this
organization’s resources?
A. Azure Terms of Use.
B. Dynamic groups.
C. Entitlement management.

Correct Answer: C
Question 93: Your company has just setup an Azure subscription. They have the following
requirements.
1. Be able to deploy a set of resources, resource groups, role assignments to a set of
subscriptions
2. Be able to ensure no one can delete resources defined in a resource group name "RG-
staging"
3. Ensure that all the Windows servers defined as Azure virtual machines should have the
Microsoft IaaS Anti-malware extension installed.
Which of the following can be used to fulfill requirement (2) above.
A. Azure Policy
B. Azure Blueprints
C. Azure Resource Locks
D. Azure AD Identity Protection

Correct Answer: C
Question 94: Your company has just setup an Azure subscription. They have the following
requirements.
1. Be able to deploy a set of resources, resource groups, role assignments to a set of
subscriptions
2. Be able to ensure no one can delete resources defined in a resource group name "RG-
staging"
3. Ensure that all the Windows servers defined as Azure virtual machines should have the
Microsoft IaaS Anti-malware extension installed.
Which of the following can be used to fulfill requirement (1) above.
A. Azure Resource Locks
B. Azure Policy
C. Azure Blueprints
 @AzureAdminsGroup
22

D. Azure Identity Protection

Correct Answer: C
Question 95: Your company has just setup an Azure subscription. They have the following
requirements.
1. Be able to deploy a set of resources, resource groups, role assignments to a set of
subscriptions
2. Be able to ensure no one can delete resources defined in a resource group name "RG-
staging"
3. Ensure that all the Windows servers defined as Azure virtual machines should have the
Microsoft IaaS Antimalware extension installed.
Which of the following can be used to fulfill requirement (3) above.

A. Azure Policy
B. Azure Blueprints
C. Azure Resource Locks
D. Azure Identity Protection

Correct Answer: A
Question 96: Your company is planning on using AAD for the storage of identities. They
want to make use of the self-service password reset feature. Which 3 of the following
authentication methods are available for self service password reset?
A. Email
B. passport identification number
C. picture message
D. mobile app code
E. mobile app notification

Correct Answer: A, D, E
Question 97: Which of the following is available for the Azure Application Gateway service
that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
 @AzureAdminsGroup
23

D. Azure Identity Protection

Correct Answer: B
Question 98: Your company is planning on using Azure Cloud services. They are looking at
the different security aspects when it comes to Microsoft privacy. Is Control a key Microsoft
privacy principal?
A. True
B. False

Correct Answer: A
Question 99: Select all which is an example of Zero Trust Guiding principle?
A. Verify explicitly
B. Assume Breach
C. Shared responsibility

Correct Answer: A, B
Question 100: Which of the following is the process of checking if a signed-in user has
access to a particular resource in Azure?
A. Authentication
B. Authorization
C. Conditional Access
D. Resource Locks

Correct Answer: B
Question 101: Can you make use of Network Security Groups to deny all inbound traffic
from the Internet?
A. Yes
B. No

Correct Answer: A
Question 102: An organization needs to continuously monitor the security status of its
network. What Security Center tool would they use?
A. Continuous assessment.
B. Network map.
 @AzureAdminsGroup
24

C. Network assessment.

Correct Answer: B
Question 103: Which of the following would provide "Protection against large scale internet
attacks"?
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

Correct Answer: D
Question 104: Can Microsoft Intune be used for Android devices?
A. Yes
B. No

Correct Answer: A
Question 105: Can Azure Bastion be used to securely RDP into an Azure Windows virtual
machine via the browser and the Azure portal?
A. Yes
B. No

Correct Answer: A
Question 106: Your organization has Azure Active Directory Premium P1 license for its users.
You want to create a policy which requires users to perform additional authentication via
MFA for all the risky sign-ins. Is this possible to achieve the same?
A. Yes
B. No

Correct Answer: B
Question 107: Azure Identity Protection calculates the user risk/sign-risk. Which of the
following is an example of a user risk?
A. Anonymous IP address
B. Atypical travel
C. Malware linked IP address
 @AzureAdminsGroup
25

D. Password spray

Correct Answer: D
Question 108: Which of the following is NOT an identity governance feature in Azure Active
Directory?
A. Privileged Identity Management
B. Access Reviews
C. Conditional Access
D. Entitlement management

Correct Answer: C
Question 109: When considering using Microsoft Cloud App Security for an organization,
what is one of the key considerations?
A. The data security of your entire estate.
B. The architecture of your entire estate.
C. The use of Shadow IT in your entire estate.

Correct Answer: B
Question 110: Employees are allowed to bring and use their cell phones at work. The
employees don't want their phone to be under full corporate control, but admins want to
allow users to read emails and use Teams while protecting corporate data. Which of the
following will allow admins to accomplish these goals?
A. Mobile Application Management (MAM).
B. Mobile Device Management (MDM).
C. Role-based access control (RBAC).

Correct Answer: A
Question 111: Within the organization, some emails are confidential and should be
encrypted so that only authorized users can read them. How can this requirement be
implemented?
A. Use the content explorer
B. Use sensitivity labels
C. Use Records Management

Correct Answer: B
 @AzureAdminsGroup
26

Question 112: The audit team needs to conduct compliance investigations across emails.
They need access to crucial events, such as when mail items were accessed, when mail
items were replied to and forwarded.
What capability can the team use?
A. Use Advanced Auditing so that you access and investigate those events.
B. Use Core Auditing so that you can access and investigate those events.
C. Use alert policies to generate and view alerts on when users perform certain actions
on emails.

Correct Answer: A
Question 113: Within an organization, there are many users who will need to access Azure
and perform different actions across various scopes. The admin wants to implement action
management at all scopes across Azure for the organization. What can the admin use to
address this need?
A. Use Azure role-based access control (RBAC)
B. Use Azure Policy
C. Use Azure action management (AM)

Correct Answer: A
Question 114: The compliance admin has been asked to use Advanced e-Discovery to help a
legal team that is working on a case. What is the workflow the admin will use?
A. Search custodial data, add custodians to a case, add data to a review set, review and
analyze data, then finally export and download case data.
B. Add custodians to a case, search custodial sources for relevant data, add data to a
review set, review and analyze data, then finally export and download the case data.
C. Add data to a review set, review and analyze data, add custodians to a case, search
custodial sources for relevant data, then finally export and download the case data.

Correct Answer: B
Question 115: The compliance team wants to control the use privileged admin accounts
with standing access to sensitive data, so that admins receive only the level of access they
need, when they need it. How can this requirement be implemented?
A. Use Communication Compliance.
B. Use privileged access management.
C. Use the Audit log.
 @AzureAdminsGroup
27

Correct Answer: B
Question 116: Which of the following provides advanced and intelligent protection of Azure
and hybrid resources and workloads?
A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure AD

Correct Answer: A
Question 117: Can Priviledged Identity Management be used to provide time-bound
assignments for Azure AD roles?
A. Yes
B. No

Correct Answer: A
Question 118: Can Priviledged Identity Management be used to provide time-bound
assignments for Azure Resources?
A. Yes
B. No

Correct Answer: A
Question 119: With _________, the cloud provider manages the hardware and operating
systems, and the customer is responsible for applications and data.
A. PaaS
B. SaaS
C. IaaS
Correct Answer: A
Question 120: The _____ layer can secure access to virtual machines either on-premises or
in the cloud by closing certain ports.
A. compute
B. perimeter
C. Identity & access
D. network
 @AzureAdminsGroup
28

Correct Answer: A
Question 121: In the CIA model of security trade-offs, which refers to keeping data or
messages correct?
A. Confidentiality
B. Integrity
C. Availability
D. None of the above

Correct Answer: B
Question 122: __________ is a type of identity attack where a hacker attempts to steal an
identity by trying a large number of known passwords
A. dictionary attack
B. data breach
C. ransomware
D. Disruptive attacks

Correct Answer: A
Question 123: What is the best way of staying current with Microsoft compliance
documentation available through the Service Trust Portal?
A. Save the documents to your My Library.
B. Print each document so you can easily refer to them.
C. Download each document.

Correct Answer: A
Question 124: Among the 4 pillars of Identity, which is about processing the incoming
identity data to determine the level of access?
A. Administration
B. Authentication
C. Authorization
D. Auditing

Correct Answer: C
Question 125: Which relationship allows federated services to access resources?
A. Claim relationship.
B. Shared access relationship.
 @AzureAdminsGroup
29

C. Trust relationship.

Correct Answer: C
Question 126: Which of the following authentication method provides a simple password
validation for Azure AD authentication services by using a software agent that runs on one
or more on-premises servers.
A. Password hash synchronization.
B. Pass-through authentication (PTA)
C. Federated authentication

Correct Answer: B
Question 127: True/False: A system assigned managed identity is created as a standalone
Azure resource.
A. True
B. False

Correct Answer: B
Question 128: To improve identity security within the organization, the security team wants
to implement Windows Hello for Business.
When explaining the benefits of Windows Hello for Business, which of the following
statements is true?
A. Windows Hello is an authentication feature built into Windows Server 2012 R26.
B. Windows Hello is an alternative to multi-factor authentication.
C. Windows Hello for Business is more secure because it uses PINs and bio-metric data
to authenticate users.

Correct Answer: C
Question 129: Sign-in risk is a signal used by Conditional Access policies to decide whether
to grant or deny access. What is sign-in risk?
A. The probability that the device is owned by the identity owner.
B. The probability that the authentication request is authorized by the identity owner.
C. The probability that the user is authorized to view data from a particular application.

Correct Answer: B
 @AzureAdminsGroup
30

Question 130: An organization has recently conducted a security audit and found that four
people who have left were still active and assigned global admin roles. The users have now
been deleted but the IT organization has been asked to recommend a solution to prevent a
similar security lapse happening in future. Which solution should they recommend?
A. Entitlement management.
B. Privileged Identity Management.
C. Identity Protection.

Correct Answer: B
Question 131: You are considering the use of sensitivity labels in Microsoft 365. Can
sensitivity labels be used to encrypt the contents in documents?
A. Yes
B. No

Correct Answer: A
Question 132: Which of the following supports: "Enforce Multi- Factor Authentication based
on the sign-in-risks"
A. AAD Identity Management
B. Azure AD Roles
C. Azure AD Connect
D. Azure Conditional Access

Correct Answer: D
Question 133: Which of the following can be accomplished with the use of the Azure
Privileged Identity Management Service?
A. Filter traffic to Azure virtual machines
B. Enable MFA for the users based on detected sign-in-risks
C. Provide just-in-time access to resources roles in Azure
D. Measure Security posture of resources defined in Azure environment

Correct Answer: C

Question 134: Your company is planning on using Azure Cloud services. They are looking at
the different security aspects when it comes to Microsoft privacy. Is Transparency a key
Microsoft privacy principal?
 @AzureAdminsGroup
31

A. True
B. False

Correct Answer: A
Question 135: Which of the following is used to ensure that data can be read by only
authorized users?
A. Encryption
B. De-duplication
C. Archiving
D. Compression

Correct Answer: A
Question 136: Which of the following is used to describe the exact term for Azure Active
Directory?
A. Federation server
B. Identity Provider
C. Proxy server
D. Firewall

Correct Answer: B
Question 137: Can you make use of Network Security Groups to filter traffic based on the IP
address, protocol and port number?
A. Yes
B. No

Correct Answer: A
Question 138: An organization has several virtual machines in Azure. The security admin
wants to deploy Azure Bastion to get secure access to those VMs. What limitation should
the admin keep in mind?
A. Azure Bastion is deployed per virtual network.
B. Azure Bastion is deployed per subscription.
C. Azure Bastion is deployed per virtual machine.

Correct Answer: A
 @AzureAdminsGroup
32

Question 139: Which of the following can provide a secure score for the resources defined
as a part of the Azure Account?
A. Security Centre
B. Key Vaults
C. Azure Sentinel
D. Azure Information Protection

Correct Answer: A
Question 140: Which of the following filters "traffic to Azure Virtual Machines"
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups
D. Azure DDoS Protection

Correct Answer: C
Question 141: Can one enroll both organizational and personal devices in Microsoft Intune?
A. Yes
B. No

Correct Answer: A
Question 142: Which of the following categories are available for the cards in Microsoft
Office 365 Security Centre?
A. Identities
B. Devices
C. Groups
D. Apps

Correct Answer: A, B, D
Question 143: Can Azure Bastion service be used to securely SSH into an Azure Linux
machine via the browser and the Azure portal?
A. Yes
B. No

Correct Answer: A
 @AzureAdminsGroup
33

Question 144: What kind of encryption is used for Transport Layer Security (TLS), such as
the HTTPS protocol, ?
A. Symmetric Encryption
B. Asymmetric Encryption
C. Hashing
D. Signing

Correct Answer: B
Question 146: Which of the following tools helps you to strengthen your cloud security
posture?
A. Azure Sentinel
B. Azure Security Centre
C. Azure Defender
D. Microsoft 365 Defender

Correct Answer: B
Question 147: ______________ is used to require a terms of use statement being displayed,
and ensuring the user has agreed to those terms before accessing an application?
A. Azure AD terms of use
B. Conditional Access Policy(Correct)
C. Azure Privileged Identity Management
D. Azure Identity Protection

Correct Answer: B
Question 148: Admins in the organization are using the Microsoft 365 security center every
day. They want to quickly get an understanding of the organization's current security
posture. Which section in the Microsoft 365 security center will they use?
A. Reports
B. Secure score
C. Policies

Correct Answer: B
Question 149: An organization uses different types of devices, including Windows, iOS, and
Android devices. Admins for that organization have created a security baseline profile in
Intune that they want to apply across the devices. To which devices can the security
baseline profile be applied?
 @AzureAdminsGroup
34

A. Android devices.
B. iOS devices.
C. Windows devices.

Correct Answer: C
Question 150: A new admin has joined the team and needs to be able to access the
Microsoft 365 Compliance Center. Which of the following roles could the admin use to
access the Compliance Center?
A. Compliance Administrator role(Correct)
B. Help desk Administrator role
C. User Administrator role

Correct Answer: A
Question 151: Your organization uses Microsoft Teams to collaborate on all projects. The
compliance admin wants to prevent users from accidentally sharing sensitive information in
a Microsoft Teams chat session. What capability can address this requirement?
A. Use data loss prevention policies (Correct)
B. Use Records Management capabilities
C. Use retention policies

Correct Answer: A
Question 152: The compliance admin for the organization wants to ensure that users can
access the resources they need, but not accidentally delete resources. Which Azure
resource lock level can the admin set to ensure that users can read and modify a resource,
but can't delete the resource?
A. ReadOnly
B. CanNotDelete
C. UpdateAndDelete

Correct Answer: B
Question 153: A new admin has joined the compliance team and needs access to Core e-
Discovery to be able to add and remove members, create and edit searches, and export
content from a case. To which role should the admin be assigned?
A. Add them as a member of the e-Discovery Manager role group.
B. Add them as a member of the e-Discovery review role.
C. Add them as a member of the e-Discovery custodian role.
 @AzureAdminsGroup
35

Correct Answer: A
Question 154: The compliance admin for the organization wants to explain the importance
of insider risk management, to the business leaders? What use case would apply?
A. To identify and protect against risks like an employee sharing confidential
information.
B. To identify and protect against malicious software across your network, such as
ransomware.
C. To identify and protect against devices shutting down at critical moments.

Correct Answer: A
Question 155: A customer has identified an issue that requires a Microsoft engineer to
access the organization’s content to determine the root cause and fix the issue. To protect
the organization, the engineer shouldn't be able to access content and perform service
operations without explicit approval. What capability can address this requirement?
A. Use privileged access management
B. Use information barriers
C. Use Customer Lockbox

Correct Answer: C
Question 156: Which tool helps with below "Be able to quickly find email in Exchange
mailboxes"
A. Content Search (Correct)
B. Advanced eDiscovery
C. Core eDiscovery
D. Sensitivity Labels

Correct Answer: A
Question 157: Which of the following provides:"an end to end workflow to preserve, collect,
analyze, review and export content in MS365"
A. Core eDiscovery
B. Advanced eDiscovery
C. Content Search
D. Sensitivity Labels
 @AzureAdminsGroup
36

Correct Answer: B
Question 158: Select Yes/No: Can Firewall service be used to encrypt incoming traffic to a
Virtual Machine?
A. Yes
B. No

Correct Answer: B
Question 159: Select Yes/No: Can Firewall service be used to filter incoming traffic to Azure
Virtual Machines?
A. Yes
B. No

Correct Answer: A
Question 160: Select Yes/No : Azure Firewall is used to authenticate users to Azure Virtual
machine
A. Yes
B. No

Correct Answer: B
Question 161: Which feature in Microsoft Defender for Endpoint provides the first line of
defense against cyberthreats by reducing the attack surface?
A. automated remediation
B. advanced hunting
C. automated investigation
D. network protection

Correct Answer: D
Question 162: What should you use in the Microsoft 365 security centre to view security
trends and track the protection status of identities?
A. Hunting
B. Reports
C. Incidents
D. Attack simulator
 @AzureAdminsGroup
37

Correct Answer: B
Question 163: Select T/F: Microsoft Defender for Endpoint can protect Android devices
A. True
B. False

Correct Answer: A
Question 164: Select True/False: Microsoft Defender for Endpoint can protect Azure virtual
machines that run Windows 10.
A. True
B. False

Correct Answer: A
Question 165: Select True/False: Microsoft Defender for Endpoint can protect Microsoft
SharePoint Online sites and content?
A. True
B. False

Correct Answer: B
Question 166: ______________________ is a cloud-native security information and event
management (SIEM) and security orchestration automated response (SOAR) solution used
to provide a single solution for alert detection, threat visibility, proactive hunting, and threat
protection.
A. Azure Advisor
B. Azure Bastion
C. Azure Monitor
D. Azure Sentinel

Correct Answer: D
Question 167: _____________________ in the Microsoft 365 security center is used to
identify devices that are affected by an alert.
A. classifications
B. incidents
C. policies
D. secure score
 @AzureAdminsGroup
38

Correct Answer: B
Question 168: _____________ provides Network Address Translation (NAT) services
A. Azure Bastion
B. Azure Firewall
C. Network Security Group (NSG)

Correct Answer: B
Question 169: ______________ provides secure and seamless Remote Desktop connectivity
to Azure virtual machines.
A. Azure Bastion
B. Azure Firewall
C. Network Security Group (NSG)

Correct Answer: A
Question 170: ______________________ provides traffic filtering that can be applied to
specific network interfaces on a virtual network.
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups (NSG)

Correct Answer: C
Question 171: Which two types of resources can be protected by using Azure Firewall?

A. Microsoft Exchange Online inboxes

B. Azure Virtual machines
C. Azure Virtual Networks
D. Azure Active Directory users
E. Microsoft SharePoint Online sites

Correct Answer: B, C
Question 172: What is the capability of Azure Defender?
A. provides an inventory of unmonitored virtual machines
B. provides security alerts by security
 @AzureAdminsGroup
39

C. identifies user accounts that are granted elevated Privilege

D. identifies the regulatory compliance status of Azure resources

Correct Answer: B
Question 173: What can you use to scan email attachments and forward the attachments to
recipients only if the attachments are free from malware?
A. Microsoft Defender for Office 365
B. Microsoft Defender for Identity
C. Microsoft Defender Antivirus

Correct Answer: A
Question 174: You can manage Microsoft Intune by using the ______________________
A. Azure Active Directory admin center
B. Microsoft 365 compliance center
C. Microsoft 365 security center
D. Microsoft Endpoint Manager admin center

Correct Answer: D
Question 175: Select True/False: Network security groups (NSGs) can deny inbound traffic
from the internet
A. True
B. False

Correct Answer: A
Question 176: Select True/False: Network Security groups(NGSs) can deny outbound traffic
to the internet
A. True
B. False

Correct Answer: A
Question 177: Select True/False: Network Security Groups(NSGs) can filter traffic based on
IP address, protocol and port.
A. True
B. False
 @AzureAdminsGroup
40

Correct Answer: A
Question 178: Which Feature provides the extended detection and response(XDR)
capabilities of Azure Sentinel?
A. support for Azure Monitor Workloads
B. Integration with Microsoft 365 Defender
C. Integration with the Microsoft 365 compliance center
D. support for threat hunting

Correct Answer: B
Question 179: Which service should you use to view your Azure secure score?
A. Alerts
B. Application Insights
C. Subscriptions
D. Policy
E. Monitor
F. Advisor
G. Security Centre
H. Azure AD Connect Health

Correct Answer: G
Question 180: What are the 3 uses of Microsoft Cloud App security?
A. to prevent data leaks to noncompliant apps and limit access to regulated data
B. to provide pass-through authentication to on-premises applications
C. to provide secure connections to Azure virtual machines
D. to discover and control the use of shadow IT
E. to protect sensitive information hosted anywhere in the cloud

Correct Answer: A, D, E
Question 181: Select True/False: Microsoft Intune can be used to manage Android devices.
A. True
B. False

Correct Answer: A
 @AzureAdminsGroup
41

Question 182: Select True/False: Microsoft Intune can be used to provision Azure
subscriptions
A. True
B. False

Correct Answer: B
Question 183: Select True/False : Microsoft Intune can be used to manage organization-
owned devices and personal devices
A. True
B. False

Correct Answer: A
Question 184: Which two cards are available in the Microsoft 365 security center?
A. Devices at risk
B. User Management
C. Users at risk
D. Service Health
E. Compliance Score

Correct Answer: A, C
Question 185: Select True/False: Conditional access policies can use the device state as a
signal
A. True
B. False

Correct Answer: A
Question 186: Select True/False: Conditional access policies apply before first-factor
authentication is complete
A. True
B. False

Correct Answer: B
Question 187: Select True/False: Conditional access policies can trigger multi-factor
authentication (MFA) if a user attempts to access specific application
 @AzureAdminsGroup
42

A. True
B. False

Correct Answer: A
Question 188: Conditional access policies can use __________________________ as a
signal that provides the ability to control sessions in real time.
A. Azure Active Directory (Azure AD)
B. Azure Defender
C. Azure Sentinel
D. Azure Cloud App Security
E. Priviledged Identity Management (PIM)

Correct Answer: D
Question 189: Select True/False: Azure Active Directory (Azure AD) Identity Protection
generates risk detections once a user is authenticated?
A. True
B. False

Correct Answer: A
Question 190: Select True/False: Azure Active Directory (Azure AD) Identity Protection
assigns a risk level of Low, Medium, or High to each risk event
A. True
B. False

Correct Answer: A
Question 191: Select True/False : A user risk in Azure Active Directory(Azure AD) Identity
Protection represents the probability that a given identity or account is compromised
A. True
B. False

Correct Answer: A
Question 192: What is the purpose of Azure Active Directory (Azure AD) Password
Protection?
 @AzureAdminsGroup
43

A. to identify devices to which users can sign in without using multi-factor

authentication(MFA)
B. to encrypt a password by using globally recognized encryption standards
C. to control how often users must change their passwords
D. to prevent users from using specific word in their passwords

Correct Answer: D
Question 193: Azure Active Directory ( Azure AD) is ________________________ used for
authentication and authorization
A. an extended detection and response (XDR) system
B. an identity provider
C. a management group
D. a security information and event management (SIEM) system

Correct Answer: B
Question 194: ________________ is the process of identifying whether a signed-in user can
access a specific resource
A. Authentication
B. Authorization
C. Federation
D. Single-sign-on(SSO)

Correct Answer: B
Question 195: Which three authentication methods can Azure Active Directory (Azure AD)
users use to reset their passwords?

A. picture password
B. certificate
C. text message to a phone
D. security question
E. mobile app notification

Correct Answer: C, D, E
Question 196: When users sign in to the Azure portal, they are first __________________
A. assigned permissions
 @AzureAdminsGroup
44

B. authenticated
C. authorized
D. resolved

Correct Answer: B
Question 197: Select True/False: Multi-factor authentication (MFA) is required for
conditional access policies
A. True
B. False

Correct Answer: B
Question 198: Select True/False: Conditional access policies can be used to block access to
an application based on the location of the user
A. True
B. False

Correct Answer: A
Question 199: Select True/False: Conditional access policies can be applied only to users
who have Azure Active Directory (Azure AD) joined devices
A. True
B. False

Correct Answer: B
Question 200: _______________ enables collaboration with business partners from
external organizations such as suppliers, partners and vendors. External users appear as
guest users in the directory.
A. Azure Active Directory services
B. Azure Directory forest trusts
C. Azure Active Directory business to business(Correct)
D. Azure Active Directory B2C

Correct Answer: C
Question 201: With Windows Hello for Business, a user's biometric data used for
authentication _______________
 @AzureAdminsGroup
45

A. is stored on an external device

B. is stored on a local device only
C. is stored in Azure Active Directory
D. is replicated to all the devices designed by the user

Correct Answer: B
Question 202: In a hybrid identity model, what can you use to sync identities between
Active Directory Domain services and Azure Active Directory?
A. Azure AD Priviledged Identity Management
B. Active Directory Federation services
C. Azure AD Connect
D. Azure Sentinel

Correct Answer: C
Question 203: Select True/False: All Azure Active Directory (Azure AD) license editions
include the same feature.
A. True
B. False

Correct Answer: B
Question 204: Select True/False: You can manage an Azure Active Directory tenant by using
Azure portal
A. True
B. False
Correct Answer: A
Question 205: Select True/False: You must deploy Azure virtual machines to host an Azure
Active Directory tenant
A. True
B. False

Correct Answer: B
Question 206: Select True/False: Azure Active Directory Identity Protection can add users to
groups based on the users' risk level
A. True
 @AzureAdminsGroup
46

B. False

Correct Answer: B
Question 207: Select True/False: Azure Active Directory Identity Protection can detect
whether user credentials were leaked to the public
A. True
B. False

Correct Answer: A
Question 208: Select True/False: With Azure Active Directory Identity Protection, you can
force the use of multi-factor authentication during a user sign-in
A. True
B. False

Correct Answer: A
Question 209: Which Azure Active Directory feature can you use to provide just-in-time
access to Azure resources?
A. conditional access policies
B. Azure AD privileged Identity Management(PIM)
C. authentication method policies
D. Azure AD Identity Protection

Correct Answer: B
Question 210: Select True/False: Verify explicitly is one of the guiding principles of Zero
Trust
A. True
B. False

Correct Answer: A
Question 211: Select True/False: The Zero Trust security model assumes that a firewall
secures the internal network from external threats
A. True
B. False
 @AzureAdminsGroup
47

Correct Answer: B
Question 212: Select True/False: In Software as a service(SaaS), managing applications is the
responsibility of the organization
A. True
B. False

Correct Answer: B
Question 213: Select True/False: In Infrastructure as service (IaaS), managing the physical
networks is the responsibility of the cloud provider
A. True
B. False

Correct Answer: A
Question 214: Select True/False: In all Azure cloud deployment types, managing the security
of information and data is the responsibility of the organizations
A. True
B. False

Correct Answer: A
Question 215: Which Microsoft portal provides information about how Microsoft manages
privacy, compliance and security?

A. Microsoft 365 compliance center

B. Compliance Manager
C. Microsoft Service Trust Portal
D. Microsoft Support

Correct Answer: C
Question 216: _____________________ a file makes the data in the file readable and
usable to authorized viewers only.
A. Archiving
B. Compressing
C. Deduplicating
 @AzureAdminsGroup
48

D. Encrypting

Correct Answer: D
Question 217: _______________ provides a central location for managing information
protection, information governance, and data loss prevention policies.
A. Azure Defender
B. The Microsoft 365 Compliance center (Correct)
C. The Microsoft 365 Security Manager
D. Microsoft Endpoint Manager

Correct Answer: B
Question 218: Which Microsoft 365 compliance centre feature can you use to identify all
the documents on a Microsoft SharePoint Online site that contains a specific key word?
A. Compliance Manager
B. Content Search
C. Audit
D. Alerts

Correct Answer: B
Question 219: Which score measures an organization's progress in completing actions that
help reduce risks associated to data protection and regulatory standards?
A. Microsoft Secure Score
B. Compliance Score(Correct)
C. Productivity Score
D. Secure score in Azure Security Center
Correct Answer: B
Question 220: What can you specify in Microsoft 365 sensitivity labels?
A. who can access files
B. where to store files
C. which watermark to add to files
D. how long files must be preserved

Correct Answer: A
Question 221: Select True/False: Sensitivity labels can be used to encrypt documents
 @AzureAdminsGroup
49

A. True
B. False

Correct Answer: A
Question 222: Select True/False: Sensitivity labels can add headers and footers to files
A. True
B. False

Correct Answer: A
Question 223: Select True/False: Watermarks can be applied to emails
A. True
B. False

Correct Answer: B
Question 224: Select True/False: You can use Advanced Audit in Microsofts 365 to view
billing details
A. True
B. False

Correct Answer: B
Question 225: Select True/False: You can use Advanced Audit in Microsoft 365 to view the
contents of an email messages
A. True
B. False

Correct Answer: B
Question 226: Select True/False: You can use Advanced Audit in Microsoft 365 to identify
when a user uses the search bar in Outlook on the web to search for items in a mailbox
A. True
B. False

Correct Answer: A
 @AzureAdminsGroup
50

Question 227: ________________ is used to identify, hold and export electronic

information that might be used in an investigation
A. Customer Lockbox
B. Data Loss prevention
C. eDiscovery
D. A resource lock

Correct Answer: C
Question 228: Select True/False: You can add a resource lock to an Azure subscription
A. True
B. False

Correct Answer: A
Question 229: Select True/False: You can add only one resource lock to an Azure resource
A. True
B. False

Correct Answer: B
Question 230: Select True/False: You can delete a resource group containing resources that
have resource locks
A. True
B. False

Correct Answer: B

Question 231: Match Microsoft 365 insider risk management workflow step to the
appropriate task. "Review and filter alerts"
A. Action
B. Investigate
C. Triage

Correct Answer: C
 @AzureAdminsGroup
51

Question 232: Match Microsoft 365 insider risk management workflow step to the
appropriate task. "Create cases in the Case dashboard"
A. Action
B. Investigate
C. Triage

Correct Answer: B
Question 233: Match Microsoft 365 insider risk management workflow step to the
appropriate task. "Send a reminder of corporate policies to users"
A. Action
B. Investigate
C. Triage

Correct Answer: A
Question 234: Which Microsoft 365 compliance feature can you use to encrypt content
automatically based on specific conditions?
A. sensitivity labels
B. retention policies
C. content search
D. eDiscovery

Correct Answer: A
Question 235: Select True/False: Azure Policy supports automatic remediation
A. True
B. False

Correct Answer: A
Question 236: Select True/False: Azure Policy can be used to ensure that new resource
adhere to corporate standards
A. True
B. False

Correct Answer: A
 @AzureAdminsGroup
52

Question 237: Select True/False: Compliance evaluation in Azure Policy occurs only when a
target resource is created or modified.
A. True
B. False

Correct Answer: B
Question 238: __________________ can be used to provide Microsoft Support Engineers
with access to an organization's data stored in Microsoft Exchange , SharePoint Online and
OneDrive for Business
A. Customer Lockbox
B. Information barriers
C. Privileged Access Management
D. Sensitivity labels

Correct Answer: A