SC-900 Exam - With Discussions

- Expert Verified, Online, Free.
 Custom View Settings
Topic 1 - Single Topic

Question #1 Topic 1
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
  AKYK Highly Voted  5 months ago

Correct Answers.
upvoted 5 times
  prabhjot Most Recent  2 days, 13 hours ago

yes correct
upvoted 1 times
  fasttony77 2 days, 19 hours ago

Correct.
upvoted 1 times
  TJ001 4 days, 22 hours ago

Correct
upvoted 1 times
  Chris_Chen 6 days, 3 hours ago

Correct.
upvoted 1 times
  Billbob 4 months ago

correct
upvoted 2 times
  zic04 6 months, 1 week ago

Correct !!!
upvoted 3 times
  78ro 5 months, 3 weeks ago

Correct as in what option?
upvoted 2 times
  gills 6 months, 3 weeks ago

Correct.
upvoted 3 times
Question #2 Topic 1
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/
  AKYK Highly Voted  5 months ago

Correct
upvoted 8 times
  TJ001 Most Recent  4 days, 22 hours ago

CAF is the right answer (as given)
upvoted 1 times
  Chris_Chen 6 days, 3 hours ago

Correct.
upvoted 1 times
  mcsank 1 month, 3 weeks ago

correct
upvoted 1 times
  Melwin86 6 months, 3 weeks ago

correct
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/
upvoted 4 times
Question #3 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
  Rada89 Highly Voted  6 months, 3 weeks ago

I feel like the correct answer is eDiscovery
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwide
upvoted 59 times
  PrajnaRao Highly Voted  6 months, 3 weeks ago

Answer is eDiscovery
upvoted 18 times
  sas000 Most Recent  1 day, 20 hours ago

correct answer
eDiscovery
upvoted 1 times

eDiscovery is the right answer here
upvoted 2 times
  Train4vcap 1 week ago

eDiscovery is the right answer
upvoted 3 times
  dobriv 1 week, 3 days ago

The provided answer is 100 % wrong. The right one is eDiscovery !
upvoted 3 times
  Shanti 1 week, 3 days ago

ediscovery is the correct answer
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases.
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwide
upvoted 2 times
  Nikita96 2 weeks, 1 day ago

The correct answer is eDiscovery
upvoted 2 times
  odbjegli 2 weeks, 3 days ago

eDiscovery is the correct answer.
ref: https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwide
Customer Lockbox - ensures that Microsoft can't access your content to do service operations without your explicit approval.
ref: https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-lockbox-requests?view=o365-worldwide
upvoted 2 times
  TH75 2 weeks, 5 days ago

I agree so. The right answer is eDiscovery
upvoted 1 times
  DChilds 3 weeks, 3 days ago

Correct answer is eDiscovery.
upvoted 2 times
  agnaou 1 month ago

Agree correct answer is E discovry
upvoted 1 times
  mithundevender 1 month, 1 week ago

it should be eDiscovery
upvoted 2 times
  Krunalgupta 1 month, 1 week ago

eDiscovery is the correct answer
upvoted 1 times
  phatboi 1 month, 1 week ago

eDiscovery is the right answer
upvoted 1 times
  aims123456 2 months, 3 weeks ago

eDiscovery is the correct answer. See the first paragrapgh, last line in the below link:
https://docs.microsoft.com/en-us/learn/modules/describe-ediscovery-capabilities-of-microsoft-365/2-describe-purpose-of-ediscovery
upvoted 6 times
  Master_of_Cloud 2 months, 3 weeks ago

Yes, the correct answer is eDiscovery. As it helps in investigation
upvoted 1 times
Question #4 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
  PrajnaRao Highly Voted  6 months, 3 weeks ago

Correct
upvoted 8 times
  Ronald88 Most Recent  1 month, 1 week ago

Correct
upvoted 1 times
  Charles 4 months, 2 weeks ago

Correct
https://docs.microsoft.com/en-us/mem/intune/remote-actions/device-management
upvoted 4 times
Question #5 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Federation is a collection of domains that have established trust.

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
  Melwin86 Highly Voted  6 months, 3 weeks ago

correct
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
upvoted 5 times

right answer
upvoted 2 times
  RamazanInce 3 months, 1 week ago

Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always
includes authorization. A typical federation might include a number of organizations that have established trust for shared access to a set of
resources.
upvoted 3 times
Question #6 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
System updates reduces security vulnerabilities, and provide a more stable environment for end users. Not applying updates leaves unpatched
vulnerabilities and results in environments that are susceptible to attacks.
Box 2: Yes -
Box 3: Yes -
If you only use a password to authenticate a user, it leaves an attack vector open. With MFA enabled, your accounts are more secure.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls

1. The higher the secure score the better your security posture, therefore anything to increase your posture is a yes
upvoted 3 times
  Marski 1 month, 4 weeks ago

MFA is just great. Why not apply it everywhere with educated people. (I think: Dont use for dummy. Their passwd is qwerty like valv. and vast.)
upvoted 1 times
  j3xmkr 3 months ago

It means that no matter how many subscriptions you have on your azure account. the security score will check through all subscriptions.
upvoted 3 times
  Shaowei 3 months, 1 week ago

what's the second statement mean?
upvoted 1 times
  necs 3 months, 1 week ago

Subscriptions are a billing boundy. Essentially the question is stating if Secure Score can be evaluated across multiple billing boundaries.
upvoted 2 times
  MohitRao 5 months, 3 weeks ago

correct
upvoted 3 times
  Shreyas2811 6 months ago

correct
upvoted 2 times
Question #7 Topic 1
Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory
standards?
A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Security Center
D. Compliance score
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide https://docs.microsoft.com/en-
us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide
Community vote distribution

D (100%)
  qdam 3 weeks, 5 days ago

Selected Answer: D
D is correct
upvoted 2 times
  Gtese 1 month, 2 weeks ago

Selected Answer: D
Correct, they said already! 嗯哼！
upvoted 2 times
  eddie_network_jedi 2 months, 4 weeks ago

Correct. "regulatory" is the keyword here.
regulatory:compliance
upvoted 3 times
  Takloy 6 months ago

Correct!
Compliance Manager gives you an initial score based on the Microsoft 365 data protection baseline. This baseline is a set of controls that includes
key regulations and standards for data protection and general data governance.
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide#understanding-your-compliance-score
upvoted 4 times
  Sukhi4fornet 6 months, 3 weeks ago

correct
upvoted 3 times
Question #8 Topic 1
What do you use to provide real-time integration between Azure Sentinel and another security source?
A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector
Correct Answer: D
To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a number of connectors for Microsoft
solutions, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for
Identity, and Microsoft Cloud App
Security, etc.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview

correct
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources
upvoted 9 times
  Zahid1506 Most Recent  3 months, 4 weeks ago

To on-board Azure Sentinel, you first need to connect to your security sources.
upvoted 1 times
  CARIOCA 4 months ago

Wouldn't it be letter A. Azure AD Connect? Could someone explain this question better?
upvoted 1 times
  TDAC 3 months, 1 week ago

Azure AD Connect doesn't have anything to do with Azure Sentinel. AAD Connect is for synchronizing objects/attributes/password hashes
between on-prem Active Directory and Azure Active Directory.
upvoted 4 times
Question #9 Topic 1
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International
Organization for
Standardization (ISO)?
A. the Microsoft Endpoint Manager admin center
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. the Azure Active Directory admin center
Correct Answer: C
The Microsoft Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services
and the customer data therein.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide

C (100%)

correct
https://servicetrust.microsoft.com/
upvoted 9 times
  qdam Most Recent  3 weeks, 5 days ago

Selected Answer: C
C is correct
upvoted 3 times
Question #10 Topic 1
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware
Correct Answer: D

D (100%)

correct
https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
upvoted 11 times
  AJ86 Most Recent  4 days, 21 hours ago

Selected Answer: D
D is correct
upvoted 1 times

D is correcty
upvoted 2 times

Keep your mobile and work equipment safe and secure. Dont drop the ball!
upvoted 1 times
  sandyshd 4 months ago

Correct
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Box 2: Yes -
Box 3: No -
The Zero Trust model does not assume that everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies
each request as though it originated from an uncontrolled network.
Reference:
https://docs.microsoft.com/en-us/security/zero-trust/
  Matic_Prime Highly Voted  5 months, 2 weeks ago

correct
upvoted 7 times
  Sukhi4fornet Highly Voted  6 months, 3 weeks ago

correct
upvoted 6 times
  yulexam Most Recent  2 months, 2 weeks ago

Correct...
principles of zero trust: Verify explicitly, Least privileged access, Assume breach
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://privacy.microsoft.com/en-US/
  An_is_here Highly Voted  6 months, 1 week ago

The answer is CORRECT.
The Six privacy principles are:

Control: We will put you in control of your privacy with easy-to-use tools and clear choices.
Transparency: We will be transparent about data collection and use so you can make informed decisions.
Security: We will protect the data you entrust to us through strong security and encryption.
Strong legal protections: We will respect your local privacy laws and fight for legal protection of your privacy as a fundamental human right.
No content-based targeting: We will not use your email, chat, files or other personal content to target ads to you.
Benefits to you: When we do collect data, we will use it to benefit you and to make your experiences better.
upvoted 30 times
  mrTambourine_man Most Recent  2 months ago

Correct
https://www.microsoft.com/en-us/corporate-responsibility/privacy
upvoted 3 times
  yulexam 2 months, 2 weeks ago

correct...
6 key privacy principle: control, transparancy, security, strong legal protection, no content based targeting, benefits to you
upvoted 4 times
  Matic_Prime 5 months, 2 weeks ago

correct
upvoted 2 times

correct
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
  P_2311 Highly Voted  6 months, 1 week ago

absolutely right
upvoted 7 times

correct
upvoted 5 times
  MaheshP123 Most Recent  5 days, 23 hours ago

CORRECT
upvoted 1 times
  YessRoman 1 week, 5 days ago

CORRECT!!
upvoted 1 times
  odbjegli 2 weeks, 3 days ago

Is this typo mistake? Should be decryption, right?
Encryption is a process of converting normal data into an unreadable form.
Decryption is a method of converting the unreadable/coded data into its original form.
upvoted 1 times
  Cereb7 1 month ago

Correct
upvoted 1 times
  Adil251 1 month, 3 weeks ago

CORRECT
upvoted 1 times

Where in Microsoft docs?? Sorry, dont have time to investigate. Please copy-paste link here. Thanks.
upvoted 1 times
  paulien 4 weeks ago

You do have time to wait for someone to investigate this for you?
upvoted 4 times
  bobok 2 months, 2 weeks ago

correct
upvoted 2 times
  Vinny2019 2 months, 2 weeks ago

D it is
upvoted 1 times
  Jitusrit 3 months ago
Correct ...For encrypted data you need key to read it.
upvoted 1 times

Correct ...For Encryption you need to read it.
upvoted 1 times
  sidobill 4 months, 1 week ago

that is implicit
upvoted 2 times
  Nic1234 4 months, 2 weeks ago

correct
upvoted 2 times
  mavexamtops 4 months, 3 weeks ago

correct
upvoted 2 times
  CyberG 4 months, 3 weeks ago

correct
upvoted 2 times
  FireViper76 5 months, 1 week ago

Correct
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
A certificate is required that provides a private and a public key.
Box 2: Yes -
The public key is used to validate the private key that is associated with a digital signature.
Box 3: Yes -
The private key, or rather the password to the private key, validates the identity of the signer.
Reference:
https://support.microsoft.com/en-us/office/obtain-a-digital-certificate-and-create-a-digital-signature-e3d9d813-3305-4164-a820-2e063d86e512
https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/organization-administration/electronic-signature-overview
  ThomasDehottay Highly Voted  3 months ago

Shouldn't it be Y,Y,N ? As the private key is only used (and owned) by the signer to sign the document, and the associated public key is used to
verify the authenticity.
upvoted 36 times
  TJ001 1 week, 4 days ago

Y,Y,N - Agree
upvoted 4 times

I totally agree with you guys!
upvoted 3 times
  Bran738 2 months, 1 week ago

You are right. Private key is only used to sign a document and mustn't be shared with the recipients.
upvoted 2 times
  JA2018 4 days ago

yup, agreed. Cybersecurity 101, you should not share your private key to anyone. Doing so would probably render the original security
useful. Might as well use symmetric encryption.
upvoted 1 times
  Bala0076 Most Recent  1 day, 23 hours ago
It should be Y , Y and N
upvoted 1 times
  RDiver 3 days, 17 hours ago

Asymmetric encryption uses a public key and private key pair. Either key can encrypt data, but a single key can’t be used to decrypt encrypted data.
To decrypt, you need a paired key.
upvoted 2 times
  MaheshP123 5 days, 23 hours ago

YES YES NO
upvoted 1 times
  dobriv 6 days, 23 hours ago

My opinion is YYN too !
upvoted 2 times
  Nepean 2 weeks ago

Got 1000 so YYN is correct!
upvoted 4 times
  Student4AZ900 2 weeks, 1 day ago

I fully agree YYN is the right answer. BTW: In question #3 there is a typo (singer Vs signer)
upvoted 2 times
  Diow321ko 2 weeks, 3 days ago

Yes Yes No
upvoted 1 times
  frederikverstraeten 1 month ago

YES, YES, NO
upvoted 3 times
  paterreip 1 month, 1 week ago

Digital signatures are based on public key cryptography, also known as asymmetric cryptography. ... The individual who creates the digital
signature uses a private key to encrypt signature-related data, while the only way to decrypt that data is with the signer's public key.
upvoted 3 times

YES, YES, NO
upvoted 4 times
  gustangelo 2 months, 1 week ago

I agree with the guys. If you use the private key to sign and anybody has access to this private key, just the owner, we'll use the public key to verify
the authenticity.
So the correct answer is: Yes, Yes, and No.
upvoted 2 times

Yes, In my view it must be YYN, as private key will be used to sign and encrypt the document, and public key will be used to dencrypt the
document, so only associated public key will be used to verify the authenticity
upvoted 2 times
  ingenieroRob 3 months ago

It should be Y, Y, N. You shouldn't have a 3rd party signer key in the first. But you can have its public key to verify he/she actually signed the
document
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:

Link to MS docs?
upvoted 1 times

Correct
upvoted 2 times
  PmgCosta 2 months, 3 weeks ago

Correct
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
  PmgCosta Highly Voted  2 months, 3 weeks ago

Correct - from: https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization > "...authorization (providing access to
secure data)..."
upvoted 5 times

authN - you are the same person you are saying you are as defined in the identity provider of the system
authZ - what you are allowed to do inside the system
upvoted 2 times
  Ngomoney 1 week, 4 days ago

Correct
upvoted 1 times

correct, next.
upvoted 4 times
  Jitusrit 2 months, 3 weeks ago

Correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
  TheSwedishGuy Highly Voted  2 months, 4 weeks ago

Correct.
"Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to
collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from
any other organization, while maintaining control over your own corporate data."
upvoted 6 times
  Adil251 Most Recent  1 month, 3 weeks ago

cORRECT
upvoted 2 times

Correct.
upvoted 3 times
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a
complete solution.
A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy
Correct Answer: AE
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/overview

AE (100%)
  yulexam Highly Voted  2 months, 2 weeks ago

A, E Correct...
cloud adoption framework: strategy, plan, ready, adopt, govern, manage (SPRAGM) :)
upvoted 8 times
  JA2018 4 days ago

Hi, I think you had missed out the "Migrate" stage. Just my 2 cents' worth.
upvoted 1 times

nice acronym , correct answer
upvoted 1 times
  Raluc Most Recent  5 days, 22 hours ago

Selected Answer: AE
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/resources/tools-templates
upvoted 1 times
  NazarMohammad 2 weeks, 1 day ago

A & E are correct options
upvoted 1 times
  Infini 1 month, 4 weeks ago

Selected Answer: AE
Correct
upvoted 2 times

A,E are correct
upvoted 2 times
  Adriamcam 2 months, 4 weeks ago

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/resources/tools-templates
upvoted 2 times
  Adriamcam 2 months, 4 weeks ago

correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
  sas000 1 day, 19 hours ago

NYY is correct
upvoted 1 times
  xpanium 5 days, 9 hours ago

for all questions https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
upvoted 2 times
  AbdullahSalam 1 week, 2 days ago

It’s correct. Please ignore my last comment :)
upvoted 3 times
  AbdullahSalam 1 week, 2 days ago

Not correct. It should be N N Y
upvoted 2 times

cloud providers own the physical networks(underlying fabric network) the virtual networks are defined by organization
upvoted 2 times
  Ngomoney 1 week, 4 days ago

Correct
upvoted 1 times

correct
upvoted 1 times
  gab78 1 month, 1 week ago

correct
upvoted 3 times
  kichuku 2 months, 2 weeks ago

Correct
upvoted 4 times
  wyindualiizer 2 months, 4 weeks ago

correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:

answers are correct
upvoted 1 times

correct!!
upvoted 1 times

Link to MS docs?
upvoted 2 times
  rhayy 1 month ago

https://docs.microsoft.com/en-us/learn/modules/explore-basic-services-identity-types/6-describe-concept-of-hybrid-identities
upvoted 3 times

correct
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline
  eddie_network_jedi Highly Voted  2 months, 4 weeks ago

Correct, "guidance" here is the keyword.
guidance:baselines
upvoted 7 times
  Jitusrit Most Recent  2 months, 3 weeks ago

Correct
upvoted 2 times
  TheSwedishGuy 2 months, 4 weeks ago

Correct.
"Security baselines for Azure help you strengthen security through improved tooling, tracking, and security features. They also provide you a
consistent experience when securing your environment."
upvoted 3 times
What is an example of encryption at rest?
A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

B (100%)

Encryption at rest for PaaS customers
Platform as a Service (PaaS) customer's data typically resides in a storage service such as Blob Storage but may also be cached or stored in the
application execution environment, such as a virtual machine. To see the encryption at rest options available to you, examine the Data encryption
models: supporting services table for the storage and application platforms that you use.
upvoted 6 times
  AJ86 Most Recent  4 days, 21 hours ago

Selected Answer: B
B is correct
upvoted 1 times

Selected Answer: B
B is correct
upvoted 2 times
  jairross 1 month, 3 weeks ago

Selected Answer: B
correct
upvoted 2 times

correct
upvoted 4 times
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. Azure Multi-Factor Authentication (MFA)
C. Azure Active Directory (Azure AD) Identity Protection
D. conditional access policies
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common

A (95%) 5%
  extrankie Highly Voted  6 months, 3 weeks ago

PIM is the correct answer A
upvoted 62 times
  gills Highly Voted  6 months, 3 weeks ago

Provided answer is wrong. Should be A.
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused
access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
Provide just-in-time privileged access to Azure AD and Azure resources

Assign time-bound access to resources using start and end dates
Require approval to activate privileged roles
Enforce multi-factor authentication to activate any role
Use justification to understand why users activate
Get notifications when privileged roles are activated
Conduct access reviews to ensure users still need roles
Download audit history for internal or external audit
Prevents removal of the last active Global Administrator role assignment
upvoted 24 times

why we cannot use conditional access (D) as it is more granular and policy overrides normal configuration when condition is applied any
suggestions
upvoted 1 times
  Zealar 2 days, 18 hours ago

Selected Answer: D
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused
access permissions on resources that you care about.
upvoted 2 times
  Zealar 2 days, 18 hours ago

Answer A
upvoted 1 times

PIM is the right answer for JIT.
upvoted 1 times
  camaleon 5 days, 4 hours ago

Selected Answer: A
A is correct
upvoted 1 times
  xpanium 5 days, 8 hours ago

Selected Answer: A
correct A
upvoted 1 times
  rvertrees 5 days, 17 hours ago
Selected Answer: A
PIM allows JIT and JEA which is what is described in this question
upvoted 2 times
  Raluc 5 days, 21 hours ago

Selected Answer: A
PIM is:
• Just in time, providing privileged access only when needed, and not before.
• TIME BOUND, by assigning start and end dates that indicate when a user can access resources.
• Approval-based, requiring specific approval to activate privileges.
• Visible, sending notifications when privileged roles are activated.
• Auditable, allowing a full access history to be downloaded.
upvoted 2 times
  K_Rupesh 6 days, 1 hour ago

Selected Answer: A
PIM is the correct one
upvoted 1 times
  007Ali 6 days, 20 hours ago

Selected Answer: A
as per @gills detailed comment
upvoted 1 times
  dobriv 6 days, 20 hours ago

PIM is the answer!
upvoted 1 times
  Vijaygv 1 week ago

I hope its D only since PIM is only for Admin roles Conditional access gives permissions for users as well
upvoted 1 times
  Train4vcap 1 week ago

Selected Answer: A
PIM is the right answer
upvoted 1 times
  pefred 1 week, 1 day ago

Pim is correct
upvoted 1 times
  CodexFT 1 week, 3 days ago

Selected Answer: A
The key here is "time-frame". Conditional access would, for example, force an Admin to use MFA when login in to Azure.
upvoted 1 times

PIM is the right answer
upvoted 1 times
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory
(Azure AD)?
A. Active Directory Federation Services (AD FS)
B. Azure Sentinel
C. Azure AD Connect
D. Azure Ad Privileged Identity Management (PIM)
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect

C (100%)
  plima 2 days, 16 hours ago

correct
upvoted 1 times

Selected Answer: C
C is correct
upvoted 2 times
  Ronald88 1 month, 1 week ago

Correct, AD Connect
upvoted 2 times
  Ronald88 1 month, 2 weeks ago

Correct
upvoted 1 times

Selected Answer: C
Correct
upvoted 2 times
  mileytores 3 months, 1 week ago

cierto
upvoted 2 times
  marcosilvamada 4 months ago

Correct
upvoted 1 times

correct
upvoted 1 times

Correct
upvoted 4 times
  P_2311 6 months, 1 week ago

correct
upvoted 2 times

correct
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Azure AD supports custom roles.
Box 2: Yes -
Global Administrator has access to all administrative features in Azure Active Directory.
Box 3: No -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles https://docs.microsoft.com/en-us/azure/active-
directory/roles/permissions-reference

correct
1. https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-create
2,3 https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
upvoted 10 times

multiple roles and effective permission will be additive of all the roles. This is true for Azure AD privileges and Subscription RBAC
upvoted 1 times

CORRECT
upvoted 1 times
  Jebli071 1 month, 4 weeks ago

Correct :D !
upvoted 1 times

Correct
upvoted 1 times

correct
upvoted 1 times

correct
upvoted 2 times
  Matic_Prime 5 months, 2 weeks ago

correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Box 2: Yes -
Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your Microsoft 365 subscription.
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
  gchauhanebay Highly Voted  5 months ago

Correct is
False
True
True
upvoted 10 times
  dynamicJames Highly Voted  5 months ago

Guys, of course you need/get an Azure AD when you license/buy a M365 tenant. Whenever you create Users via the admin.microsoft.com page,
the users are created in the AAD "above".
So I go with:
False
True
True
upvoted 6 times
  faricity 2 months ago

agreed
upvoted 1 times

Correct
false
true
true
upvoted 2 times

CORRECT
upvoted 2 times
  faricity 2 months ago

Answer is correct
upvoted 1 times
  Iliyasm 5 months, 1 week ago

Correct answer will be
False
False
TRUE
upvoted 3 times

correct
upvoted 3 times
  fhqhfhqh 5 months ago

For the second question: Microsoft 365 uses Azure Active Directory (Azure AD), a cloud-based user identity and authentication service that is
included with your Microsoft 365 subscription, to manage identities and authentication for Microsoft 365.
Ref: https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-
worldwide#:~:text=Microsoft%20365%20uses%20Azure%20Active,and%20authentication%20for%20Microsoft%20365.
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Biometrics templates are stored locally on a device.

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview

Correct !
upvoted 1 times

Correct. Link provided on Reference is also enough to confirm.
upvoted 2 times

correct
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise
upvoted 3 times
What is the purpose of Azure Active Directory (Azure AD) Password Protection?
A. to control how often users must change their passwords
B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
C. to encrypt a password by using globally recognized encryption standards
D. to prevent users from using specific words in their passwords
Correct Answer: D
Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are
specific to your organization.
With Azure AD Password Protection, default global banned password lists are automatically applied to all users in an Azure AD tenant. To
support your own business and security needs, you can define entries in a custom banned password list.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises

D (100%)

correct
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
upvoted 9 times
  Beng_ali Most Recent  3 weeks ago

Selected Answer: D
Correct Answer is D
upvoted 1 times
  ssamonim 1 month, 3 weeks ago

correct
upvoted 2 times

1) In course they said that change the passwd of any device or net immediately away from default? I think so. 2) And then the instructions said that
don't use same names or terms in both username and passwd. 3) Store passwd and username separately and securily.
upvoted 2 times
  Proxy25 2 months, 4 weeks ago

Correct
upvoted 3 times

correct
upvoted 2 times

correct
upvoted 4 times
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require
membership in a group?
A. access reviews
B. managed identities
C. conditional access policies
D. Azure AD Identity Protection
Correct Answer: A
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise
applications, and role assignments.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

A (100%)

correct
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
upvoted 17 times

Selected Answer: A
A is correct
upvoted 2 times

Selected Answer: A
Correct A
upvoted 2 times

CORRECT
upvoted 1 times

Selected Answer: A
Correct
upvoted 2 times
  ssamonim 1 month, 3 weeks ago

correct
upvoted 1 times

Correct Answer !
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to
enter a code on their cellphone or to provide a fingerprint scan.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

correct
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
upvoted 7 times

correct answer
upvoted 2 times
  Ronald88 1 month, 1 week ago

Correct MFA
upvoted 2 times

Correct ...mda response can be done via call, sms code, and auth app
upvoted 2 times
  DALGMCI 2 months, 3 weeks ago

correct!
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Box 2: No -
Conditional Access policies are enforced after first-factor authentication is completed.
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

correct
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies
upvoted 10 times
  Proxy25 Most Recent  2 months, 4 weeks ago

Correct!
upvoted 3 times

correct
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is

correct
upvoted 9 times
  RamazanInce Highly Voted  3 months, 1 week ago

Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and
investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
upvoted 6 times
  Jebli071 Most Recent  1 month, 4 weeks ago

Correct answer and refference !
upvoted 2 times

Absolutely correct..
upvoted 2 times
  eddie_network_jedi 2 months, 4 weeks ago

Correct, "identify" here is the keyword.
upvoted 4 times
  Cryptomike87 2 weeks, 3 days ago

No, the keyword is "Active Directory" and the answer is correct.
upvoted 2 times

Correct
upvoted 5 times
HOTSPOT -
Hot Area:
Correct Answer:
Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect,
and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Reference:

correct
upvoted 6 times
  Adil251 Most Recent  1 month, 3 weeks ago

CORRECT
upvoted 3 times
  Sachuu97 3 months, 3 weeks ago

Correct
upvoted 3 times

correct
upvoted 3 times

correct
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
  Mk1331 Highly Voted  5 months, 2 weeks ago

Correct answer
upvoted 9 times

correct
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
upvoted 6 times

AAD IS cloud based identity provider..
upvoted 1 times
  GuruPandian 6 months ago

Correct
upvoted 2 times

correct
upvoted 2 times
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
A. conditional access policies
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. authentication method policies
Correct Answer: C
Azure AD Privileged Identity Management (PIM) provides just-in-time privileged access to Azure AD and Azure resources
Reference:

C (100%)
  Matic_Prime Highly Voted  5 months, 2 weeks ago

correct
upvoted 6 times

Selected Answer: C
correct
upvoted 2 times
  UttamG 4 weeks ago

Selected Answer: C
correct
upvoted 3 times
  sandyshd 3 months, 3 weeks ago

correct
upvoted 2 times
  OlaCharles 4 months, 2 weeks ago

I agree. PIM is used for Just In Time and Just Enough Access
upvoted 4 times
  Mk1331 5 months, 2 weeks ago

Correct answer
upvoted 2 times

correct
upvoted 3 times

correct
upvoted 3 times
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
A. text message (SMS)
B. Microsoft Authenticator app
C. email verification
D. phone call
E. security question
Correct Answer: ABD

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

ABD (100%)
  Jillis Highly Voted  5 months ago

Correct
upvoted 8 times

Selected Answer: ABD
Correct
upvoted 2 times

Correct...
authentication method used by MFA: sms, phone call, authenticator app, hw token, sw token.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks.
If SSPR, option E (security question) included.
upvoted 3 times
  danlwc 3 months ago

correct
upvoted 1 times
  josemariamr 3 months, 3 weeks ago

correct
upvoted 1 times

Correct
upvoted 1 times
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your
organization?
A. sensitivity label policies
B. Customer Lockbox
C. information batteries
D. Privileged Access Management (PAM)
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers

C (100%)
  Vinny2019 Highly Voted  2 months, 2 weeks ago

Information Barrier is the correct choice, ignore the typo :-)
upvoted 16 times
  ThomasDehottay Highly Voted  3 months ago

Correct but better with "Barriers" rather than "Batteries" :D
upvoted 11 times
  rvertrees Most Recent  5 days, 17 hours ago

Selected Answer: C
"Barriers" not "Batteries"
upvoted 4 times

Selected Answer: C
C is the correct answer Information Barrier
upvoted 3 times
  evanow 2 months, 3 weeks ago

Correct but... "Barriers" 😉
upvoted 4 times

It must be information Barriers and not information batteries
upvoted 3 times
  Teplah 2 months, 3 weeks ago

Barriers in stead of Batteries. Answer is correct
upvoted 2 times
  Saj194 3 months ago

information-barriers not batteries.
upvoted 5 times
  Diablo21 3 months ago

haha that confused me
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:

Correct..
upvoted 4 times

Correct
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Conditional access policies can be applied to all users
Box 2: No -
Conditional access policies are applied after first-factor authentication is completed.
Box 3: Yes -
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Reference:
  pinhan 1 month, 2 weeks ago

Correct
upvoted 2 times

CORRECT
upvoted 2 times

Correct!
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
When you register an application through the Azure portal, an application object and service principal are automatically created in your home
directory or tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
  thiaybovo 1 month, 2 weeks ago

CORRECT
upvoted 3 times

Correct
upvoted 3 times
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question
Correct Answer: ABC

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication
  JayHall Highly Voted  3 months ago

correct
Windows Hello in Windows 10 enables users to sign in to their device using a PIN. https://docs.microsoft.com/en-us/windows/security/identity-
protection/hello-for-business/hello-why-pin-is-better-than-password
Windows Hello lets your employees use fingerprint or facial recognition as an alternative method to unlocking a device. With Windows Hello,
authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Windows Hello
credentials.
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise
upvoted 6 times
  thiaybovo Most Recent  1 month, 2 weeks ago

CORRECT
upvoted 2 times
  biel 2 months ago

correct
upvoted 2 times
  Adriamcam 3 months ago

Correct
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
  Cereb7 Highly Voted  3 weeks, 6 days ago

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
Security defaults make it easier to help protect your organization from these attacks with preconfigured security settings:
- Requiring all users to register for Azure AD Multi-Factor Authentication.

- Requiring administrators to do multi-factor authentication.
- Blocking legacy authentication protocols.
- Requiring users to do multi-factor authentication when necessary.
- Protecting privileged activities like access to the Azure portal.
upvoted 7 times
  yulexam Most Recent  2 months, 2 weeks ago

correct...
to change the "security default" : AAD>properties>manage security defaults
upvoted 3 times

Correct!
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security

The answer is CORRECT. Using Conditional Access App Control protection to get real-time visibility and control over access and activities within
your cloud apps.
https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security#architecture
upvoted 20 times

Absolutely right.
upvoted 1 times
  mileytores 3 months, 1 week ago

Es un CASB basicamente
upvoted 1 times

correct
upvoted 1 times

correct
upvoted 3 times

corrct
https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview

Azure DDoS Protection Standard, combined with application design best practices, provides enhanced DDoS mitigation features to defend against
DDoS attacks. It is automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new
or existing virtual network, and it requires no application or resource changes.
Since Azure Resources is not listed as part of the option, VIRTUAL NETWORK is the correct answer
upvoted 19 times
  Nepean Most Recent  2 weeks ago

Got 1000. Answer is correct.
upvoted 3 times
  thiaybovo 1 month, 2 weeks ago

CORRECT
upvoted 1 times
  vakkil 1 month, 4 weeks ago

Technically answer should be all resources in a virtual network.
as per the details mentioned in one of the feature i.e. Multi-Layered protection mentioned in the below link, directs the answer to be network layer
protection (i.e. virtual network).
upvoted 3 times

DDOS HAPPENs on IP based identity, so virtual network is correct. But what is the purpose then we can say to secure the application or resources.
upvoted 2 times
  LoremanReturns 3 months, 1 week ago

"Azure DDoS Protection is enabled at the Virtual Network level"
https://azure.microsoft.com/en-gb/pricing/details/ddos-protection/
upvoted 3 times
  Ender3 3 months, 2 weeks ago

IMHO, both A and D are correct. But since only one answer can be given, I am in a quandary on how to answers in a real test. I guess I would take a
50/50 chance with D.
upvoted 1 times

IMHO, both A and D are correct. But since only one answer can be given, I am in a quandary on how to answers in a real test. I guess I would take a
50/50 chance with D.
upvoted 1 times
  alopezme 3 months, 2 weeks ago

Azure DDoS Protection is enabled at the Virtual Network level. All protected resource types within the Virtual Network will be automatically
protected when Azure DDoS Protection is enabled on the Virtual Network.
upvoted 2 times
  Thabiso786 3 months, 3 weeks ago

Please read the 1st line. Azure Firewall protects your Virtual Network, DDOS protects your applications
https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/4-describe-what-azure-firewall
upvoted 1 times
  jedboy88 3 months, 2 weeks ago

This document doesn't mention anything about DdoS.
upvoted 1 times
  Thabiso786 3 months, 3 weeks ago

Applications is the correct answer. Please see link
upvoted 2 times

corrct
upvoted 1 times
  zer0en 6 months, 3 weeks ago

is this not supposed to be an application? DDoS Protection Standard is designed for services that are deployed in a virtual network. For other
services, the default DDoS Protection Basic service applies. To learn more about supported architectures, see DDoS Protection reference
architectures.
upvoted 4 times
  Takloy 6 months ago

Azure DDoS Protection Standard, combined with application design best practices, provides enhanced DDoS mitigation features to defend
against DDoS attacks. It is automatically tuned to help protect your specific Azure resources in a virtual network.
upvoted 2 times
What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?
A. Attack simulator
B. Reports
C. Hunting
D. Incidents
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-
worldwide
  eddie_network_jedi Highly Voted  2 months, 4 weeks ago

"trends" is the keyword here.
trends:reports
upvoted 11 times
  Breino Highly Voted  6 months ago

Correct
upvoted 5 times
  Chris_Chen Most Recent  6 days, 1 hour ago

Correct
upvoted 1 times
  DALGMCI 3 months ago

correct
upvoted 3 times
  rayden 3 months, 1 week ago

Yes report
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide

Answer is CORRECT
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide#incidents-and-alerts-in-the-
microsoft-365-defender-portal
upvoted 8 times

Correct
upvoted 1 times
  Beng_ali 3 weeks ago

Answer is correct :)
upvoted 1 times
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction
Correct Answer: AD
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide

Answers are CORRECT
Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at
scale. While The attack surface reduction set of capabilities provides the first line of defence in the stack.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide#microsoft-
defender-for-endpoint
upvoted 14 times
DRAG DROP -
Match the Azure networking service to the appropriate description.
To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than
once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:
Correct Answer:
Box 1: Azure Firewall -

Azure Firewall provide Source Network Address Translation and Destination Network Address Translation.
Box 2: Azure Bastion -

Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS.
Box 3: Network security group (NSG)
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/networking/fundamentals/networking-overview https://docs.microsoft.com/en-
us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/firewall/features https://docs.microsoft.com/en-us/azure/virtual-
network/network-security-groups-overview
  Chris_Chen 6 days, 1 hour ago

Correct
upvoted 1 times
  Chris_Chen 6 days, 1 hour ago

Correct
upvoted 1 times
  Tazmania98 2 months ago

correct
upvoted 4 times

Correct! Next.
upvoted 1 times
  AKYK 3 months ago

Correct Answers!
upvoted 3 times

Correct
upvoted 1 times
  Kctaz 6 months, 1 week ago
Correct
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated
response (SOAR) solution.
Reference:

Answer is CORRECT
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response
(SOAR) solution.
upvoted 7 times

Correct
upvoted 1 times
  roberto314 1 month ago

Correct
upvoted 1 times
  DavidR150198 1 month, 2 weeks ago

Correct, the SIEM solution by Microsoft is Sentinel and It can provide SOAR capabilities
upvoted 1 times
  sohag1995 1 month, 3 weeks ago

ANSWER IS CORRECT
upvoted 1 times
  Vinny2019 2 months, 2 weeks ago

yes that is correct
upvoted 1 times

Correct
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your
network, your storage, and more
Box 2: Yes -
Cloud security posture management (CSPM) is available for free to all Azure users.
Box 3: Yes -
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and
provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/azure-defender https://docs.microsoft.com/en-us/azure/security-center/defender-for-
storage-introduction https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction
  danialonso Highly Voted  4 months, 3 weeks ago

All is correct!
upvoted 6 times

Correct
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide
  Breino Highly Voted  6 months ago

Incidents:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide
upvoted 10 times

Correct
upvoted 1 times
  Melwin86 6 months, 1 week ago

correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network
security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure
resources. For each rule, you can specify source and destination, port, and protocol.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
  Art3 Highly Voted  4 months, 3 weeks ago

correct!
upvoted 9 times

Correct
upvoted 1 times

Correct
upvoted 4 times

correct
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune https://docs.microsoft.com/en-
us/mem/intune/fundamentals/what-is-device-management
  lgab Highly Voted  5 months ago

Correct
upvoted 7 times
  fasttony77 Most Recent  2 days, 18 hours ago

Correct
upvoted 1 times

CORRECT
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal
  mavexamtops Highly Voted  4 months, 3 weeks ago

Correct.
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
upvoted 6 times
  freshmaker Most Recent  1 week, 2 days ago

YNY. azure bastion use RDP and SSH together. It does not use RDP by itself. RDP is not secure connection.
upvoted 2 times

how does SSH matter for windows servers you are trying to connect via Bastion ?
upvoted 1 times
  lgab 5 months ago

Correct
upvoted 4 times
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection
Correct Answer: D
Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

D (100%)

Selected Answer: D
Answer is D
upvoted 1 times

Correct!
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:

playbooks -> automation using Logic App
workbooks -> for visualization
upvoted 1 times
  TheSwedishGuy 2 months, 4 weeks ago

Correct.
"Automate your common tasks and simplify security orchestration with playbooks that integrate with Azure services and your existing tools."
upvoted 2 times

correct
upvoted 4 times
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
A. Azure virtual machines
B. Azure Active Directory (Azure AD) users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E. Microsoft SharePoint Online sites
Correct Answer: DE

AD (100%)
  Hellboy Highly Voted  2 months, 4 weeks ago

A and D
upvoted 22 times
  Cepul Highly Voted  1 month, 3 weeks ago

Selected Answer: AD
A and D are correct
upvoted 8 times
  jabanto19 Most Recent  12 hours, 57 minutes ago

A and D should be the correct answer.
upvoted 1 times

A&D is the correct answer
upvoted 1 times
  pdidy968 3 days, 19 hours ago

Selected Answer: AD
A and D
upvoted 1 times

A and D. Firewall is really not directly protecting the Virtual Networks though DDOS would have been ideal for VNETS
upvoted 1 times

Selected Answer: AD
A and D are the correct answers
upvoted 1 times

AD is the correct answer
upvoted 2 times
  lordguppy 3 weeks, 4 days ago

Selected Answer: AD
Sharepoint is a M365 Service
upvoted 2 times

Selected Answer: AD
A & D are correct
upvoted 2 times

A and D
upvoted 2 times
  camiloo 1 month, 1 week ago
Selected Answer: AD
A and D
upvoted 4 times
  henkjansen92 1 month, 3 weeks ago

Selected Answer: AD
A and D are correct
upvoted 4 times
  Cepul 1 month, 3 weeks ago

A and D are correct
upvoted 2 times
  Quacks 1 month, 3 weeks ago

Selected Answer: AD
A and D are correct
upvoted 2 times
  EncePro 1 month, 4 weeks ago

Selected Answer: AD
A and D are correct answers
upvoted 2 times
  Ildar 2 months ago

Selected Answer: AD
https://docs.microsoft.com/en-us/azure/firewall/overview
upvoted 2 times
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?
A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth

right answers Defence in depth spanning
Data, Application, Compute, Network , Perimeter , Identity and Access and Physical. Of this physical is more of cloud provider responsibility
upvoted 1 times
  eddie_network_jedi 3 months ago

right, "defense" is the keyword here.
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
  mmNYC 1 day, 15 hours ago

WHO PROTECTS SHARE POINT?
upvoted 1 times

Y, Y, N
upvoted 1 times

Y,Y,N
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/android-intune?view=o365-
worldwide#:~:text=Defender%20for%20Endpoint%20supports%20Device,up%20VPN%20service%20while%20onboarding.
upvoted 2 times

Correct !
Y
Y
N
upvoted 4 times
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description

Answer is A
upvoted 1 times

Correct
upvoted 4 times
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
A. integration with the Microsoft 365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide
  JayHall Highly Voted  2 months, 4 weeks ago

Correct
The Microsoft 365 Defender connector for Azure Sentinel (preview) sends all Microsoft 365 Defender incidents and alerts information to Azure
Sentinel and keeps the incidents synchronized.
Once you add the connector, Microsoft 365 Defender incidents—which include all associated alerts, entities, and relevant information received
from Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Cloud App Security—are
streamed to Azure Sentinel as security information and event management (SIEM) data, providing you with context to perform triage and incident
response with Azure Sentinel.
Once in Azure Sentinel, incidents remain bi-directionally synchronized with Microsoft 365 Defender, allowing you to take advantage of the benefits
of both the Microsoft 365 Defender portal and Azure Sentinel in the Azure portal for incident investigation and response.
https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender-integration-with-azure-sentinel?view=o365-worldwide
upvoted 6 times
What can you use to provide threat detection for Azure SQL Managed Instance?
A. Microsoft Secure Score
B. application security groups
C. Azure Defender
D. Azure Bastion
Correct Answer: C
  JayHall Highly Voted  2 months, 4 weeks ago

Correct
What resource types can Azure Defender secure?

Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your
network, and more.
https://docs.microsoft.com/en-us/azure/security-center/azure-defender
upvoted 7 times
HOTSPOT -
Hot Area:
Correct Answer:
  JayHall 2 months, 4 weeks ago

Correct
Microsoft Secure Score in Microsoft 365 Security Center, How it works:

You're given points for the following actions:
• Configuring recommended security features
• Doing security-related tasks
• Addressing the improvement action with a third-party application or software, or an alternate mitigation
Key scenarios
• Check your current score
• Compare your score to organizations like yours
• View improvement actions and decide an action plan
• Initiate work flows to investigate or implement
https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide
upvoted 4 times
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
D. resource locks
Correct Answer: C

correct
upvoted 4 times
Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete
solution.
A. Display policy tips to users who are about to violate your organization‫ג‬€™s policies.
B. Enable disk encryption on endpoints.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
D. Apply security baselines to devices.
Correct Answer: AC
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
  Melwin86 Highly Voted  6 months, 1 week ago

correct
upvoted 6 times

DLP is more on apps we are using on devices ; hence correct answers
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide#how-compliance-manager-
continuously- assesses-controls
  Melwin86 Highly Voted  6 months, 1 week ago

correct
upvoted 5 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
You can use sensitivity labels to provide protection settings that include encryption of emails and documents to prevent unauthorized people
from accessing this data.
Box 2: Yes -
You can use sensitivity labels to mark the content when you use Office apps, by adding watermarks, headers, or footers to documents that have
the label applied.
Box 3: Yes -
You can use sensitivity labels to mark the content when you use Office apps, by adding headers, or footers to email that have the label applied.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
  FableFa Highly Voted  6 months, 3 weeks ago

For me, wrong Answer. Correct answer is YES-YES-NO because you can't apply water mark to an email, only to documents in Word, Excel and
Powerpoint. https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-markings
upvoted 24 times
  najwa Highly Voted  6 months, 2 weeks ago

yes yes no ,
Watermarks can be applied to documents but not to email.
upvoted 12 times
  Dahamut Most Recent  4 days, 11 hours ago

yes , yes , no
upvoted 1 times

Y Y N is the answer
upvoted 1 times
  Synecdoque19 2 weeks ago

YES YES NO
upvoted 1 times
  chotu007 2 weeks, 1 day ago

Watermarks can be applied to documents but not emails.
Mark the content when you use Office apps, by adding watermarks, headers, or footers to email or documents that have the label applied.
Watermarks can be applied to documents but not email. Example header and watermark:
upvoted 3 times

YES YES NO
upvoted 5 times
  csmoke 2 months, 1 week ago

yyn
upvoted 6 times
  siori 2 months, 1 week ago

The given answer is corret YYY
https://support.microsoft.com/en-us/office/apply-sensitivity-labels-to-your-files-and-email-in-office-2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9
upvoted 1 times

From: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
upvoted 1 times
  siori 2 months, 1 week ago

Sorry but you need t read more detailed, "Apply the label automatically to files and emails, or recommend a label. Choose how to identify
sensitive information that you want labeled, and the label can be applied automatically, or you can prompt users to apply the label that you
recommend. If you recommend a label, the prompt displays whatever text you choose."
that means it can be applied to an emails too

upvoted 1 times
  nthdoctor 3 months, 1 week ago

YYN
Statement is sensitive labels can "apply watermark" to emails. You can't apply a watermark to an email. But you can apply a sensitive label to the
email.
upvoted 2 times
  SVNDVNGEN 3 months, 2 weeks ago

The answer could be either Y, Y, Y, or Y, Y, N,. If the email has an attached document that is a Word, Excel or PowerPoint, then YES, it can be
applied. Because the watermarks will be applied to the emails "contents" per: https://docs.microsoft.com/en-us/microsoft-
365/compliance/sensitivity-labels?view=o365-worldwide
The email itself will NOT get a watermark. So depending on how you read the question, either answer could be acceptable. Given the point of the
test and the fact that under the circumstances a document could be attached, so a security label could be applied, I would say there is a better
argument for a YES answer on the test.
upvoted 4 times
  Saravana12g 3 months, 3 weeks ago

Here in the below link it shows:
"Mark the content when you use Office apps, by adding watermarks, headers, or footers to email or documents that have the label applied.
Watermarks can be applied to documents but not email."
upvoted 2 times
  magdoc 3 months, 3 weeks ago

Yes - Yes - No
"Mark the content when you use Office apps, by adding watermarks, headers, or footers to email or documents that have the label applied.
Watermarks can be applied to documents but not email."
upvoted 2 times
  Bongconnection 3 months, 3 weeks ago

It's YYY.
last one is Y becoz go to the url: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
and find:
"You can use sensitivity labels to:
Provide protection settings that include encryption and content markings. For example, apply a "Confidential" label to a document or email, and
that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and
encryption can also restrict what actions authorized people can take on the content."
upvoted 1 times
  ancamartin2000 3 months, 3 weeks ago

Correct answer is Yes, Yes and No. You can't add a watermark to an email: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-
labels?view=o365-worldwide
Watermarks can be applied to documents but not email.
upvoted 1 times
  Rafael1984 4 months, 1 week ago

Correct answers.
You can apply sensitivity labels to your files and emails to keep them compliant with your organization's information protection policies.
https://support.microsoft.com/en-us/office/apply-sensitivity-labels-to-your-files-and-email-in-office-2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9
upvoted 3 times
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
A. Content Search
B. sensitivity labels
C. retention policies
D. eDiscovery
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide

B (100%)
  Andrephv Highly Voted  5 months, 4 weeks ago

Correcto
upvoted 5 times
  Beng_ali Most Recent  1 week, 2 days ago

Selected Answer: B
Correct Answer is B
upvoted 1 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Compliance Manager tracks Microsoft managed controls, customer-managed controls, and shared controls.
Box 2: Yes -
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide

Correct!
upvoted 5 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
  Juancho Highly Voted  4 months, 3 weeks ago

(Y, Y, N) - Correct
1.- Azure Policy supports automatic remediation (Y) R/=
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity. Azure Policy creates a
managed identity for each assignment, but must have details about what roles to grant the managed identity. If the managed identity is missing
roles, an error is displayed during the assignment of the policy or an initiative. When using the portal, Azure Policy automatically grants the
managed identity the listed roles once assignment starts. When using SDK, the roles must manually be granted to the managed identity. The
location of the managed identity doesn't impact its operation with Azure Policy.
upvoted 9 times
  nipsey Most Recent  2 months, 2 weeks ago

3. N
Understand evaluation outcomes
Resources are evaluated at specific times during the resource lifecycle, the policy assignment lifecycle, and for regular ongoing compliance
evaluation. The following are the times or events that cause a resource to be evaluated:
A resource is created, updated, or deleted in a scope with a policy assignment.

A policy or initiative is newly assigned to a scope.
A policy or initiative already assigned to a scope is updated.
During the standard compliance evaluation cycle, which occurs once every 24 hours.
For detailed information about when and how policy evaluation happens, see Evaluation triggers.
upvoted 2 times
What is a use case for implementing information barrier policies in Microsoft 365?
A. to restrict unauthenticated access to Microsoft 365
B. to restrict Microsoft Teams chats between certain groups within an organization
C. to restrict Microsoft Exchange Online email between certain groups within an organization
D. to restrict data sharing to external email recipients
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policies?view=o365-worldwide

B (100%)
  RiXXX Highly Voted  6 months, 3 weeks ago

wrong
is B
C is ethical walls
upvoted 26 times
  vani009 Highly Voted  5 months, 2 weeks ago

correct answer is B:Information barriers are supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. A compliance
administrator or information barriers administrator can define policies to allow or prevent communications between groups of users in Microsoft
Teams. Information barrier policies can be used for situations like these:
upvoted 12 times
  mmNYC Most Recent  1 day, 14 hours ago

b CORRECT FOR EXCHANGE DIFFERENT PANEL
Go to the Microsoft 365 admin center.
In the Microsoft 365 admin center, in the lower-left navigation pane, expand Admin centers and select Exchange.
Your screen might look like one of the following images:
Microsoft 365 admin centers
In the Exchange admin center, navigate to Recipients > Mailboxes.
Double-click the user and go to the Mailbox features page. Under Mobile Devices, click Disable Exchange ActiveSync and Disable OWA for Devices,
and answer Yes to both when prompted.
Under Email Connectivity, click Disable and answer Yes when prompted.
upvoted 1 times

B is the correct answer
nformation barriers are supported in solutions like Microsoft Teams, OneDrive for Business, SharePoint Online, and more.
Information barriers in Microsoft Teams

In Microsoft Teams, information barrier policies determine and prevent the following kinds of unauthorized communications:
Searching for a user

Adding a member to a team
Starting a chat session with someone
Starting a group chat
Inviting someone to join a meeting
Sharing a screen
Placing a call
Sharing a file with another user
Access to file through sharing link
If the people involved are included in an information barrier policy to prevent the activity, they cannot continue. Potentially, everyone included in
an information barrier policy can be blocked from communicating with others in Microsoft Teams. When people affected by information barrier
policies are part of the same team or group chat, they might be removed from those chat sessions and further communication with the group
might not be allowed.
To learn more about the user experience with information barriers, see information barriers in Microsoft Teams.
upvoted 1 times

B is the correct answer emails are not supported
upvoted 1 times
  dmacdonald82 1 week, 2 days ago

Selected Answer: B
Direct from MS Learn docs
upvoted 2 times

Selected Answer: B
Information Barriers work in Teams
upvoted 1 times
  JayBee65 1 week, 5 days ago

FRom https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-solution-overview?view=o365-worldwide: "Information
barriers are supported in Microsoft Teams, SharePoint Online, and OneDrive for Business."
upvoted 2 times

Selected Answer: B
B is the correct answer for this question
upvoted 3 times
  stingerrr 1 month, 1 week ago

Selected Answer: B
Microsoft Teams, SharePoint Online, and OneDrive for Business support information barriers.
Information barriers applies to Microsoft Teams (chats and channels), SharePoint Online and OneDrive.
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers?view=o365-worldwide
upvoted 3 times
  kevinirl 1 month, 2 weeks ago

Selected Answer: B
B is correct
upvoted 4 times
  juanchv 1 month, 2 weeks ago

Selected Answer: B
In the documentation clearly describes that information barriers are supported for Microsoft teams, Sharepoint and one drive:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers?view=o365-worldwide
upvoted 5 times
  TP447 2 months ago

I agree with B.
C would require transport rules and can be done without implementing info barriers.
upvoted 1 times

I concur with those who said the correct answer is B.
upvoted 1 times

I concur with those who said the correct answer is B.
upvoted 1 times
  magdoc 3 months, 3 weeks ago

"Currently, information barriers do not apply to email communications. In addition, information barriers are independent from compliance
boundaries."
so the answer is B.
upvoted 1 times

B is correct answer.
Answer on Microsoft Learn: "This module examines how Microsoft 365 supports ways to restrict communication and collaboration, including the
use of information barriers in Microsoft Teams, SharePoint Online, and OneDrive for Business, and ethical walls in Exchange Online."
https://docs.microsoft.com/en-us/learn/modules/create-information-barriers-microsoft-365/
upvoted 2 times
What can you use to provision Azure resources across multiple subscriptions in a consistent manner?
A. Azure Defender
B. Azure Blueprints
C. Azure Sentinel
D. Azure Policy
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
  Hrishisam Highly Voted  5 months, 1 week ago

Correct
upvoted 8 times
  AKYK Most Recent  3 months ago

Correct Answer!
upvoted 2 times
  Andrephv 5 months, 4 weeks ago

Correcto
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
The MailItemsAccessed event is a mailbox auditing action and is triggered when mail data is accessed by mail protocols and mail clients.
Box 2: No -
Basic Audit retains audit records for 90 days.
Advanced Audit retains all Exchange, SharePoint, and Azure Active Directory audit records for one year. This is accomplished by a default audit
log retention policy that retains any audit record that contains the value of Exchange, SharePoint, or AzureActiveDirectory for the Workload
property (which indicates the service in which the activity occurred) for one year.
Box 3: yes -
Advanced Audit in Microsoft 365 provides high-bandwidth access to the Office 365 Management Activity API.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide https://docs.microsoft.com/en-
us/microsoft-365/compliance/auditing-solutions-overview?view=o365-worldwide#licensing-requirements https://docs.microsoft.com/en-
us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/ microsoft-365-
security-compliance-licensing-guidance#advanced-audit
  mavexamtops Highly Voted  4 months, 2 weeks ago

Correct!
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
upvoted 6 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Box 2: Yes -
Leaked Credentials indicates that the user's valid credentials have been leaked.
Box 3: Yes -
Multi-Factor Authentication can be required based on conditions, one of which is user risk.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection https://docs.microsoft.com/en-
us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/azure/active-
directory/authentication/tutorial-risk-based-sspr-mfa
  lgab Highly Voted  5 months, 1 week ago

The third question I think is YES
"These risk detections can trigger actions such as requiring users to provide multifactor authentication, reset their password, or block access until
an administrator takes action."
https://docs.microsoft.com/en-us/learn/modules/describe-identity-protection-governance-capabilities/5-describe-azure?ns-enrollment-
type=LearningPath&ns-enrollment-id=learn.wwl.describe-capabilities-of-microsoft-identity-access-management-solutions
upvoted 7 times
  Cookiekaikai Highly Voted  6 months, 1 week ago

Should be N, Y, N
user risk policy access control requires password change
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies#user-risk-with-
conditional-access
upvoted 5 times

I believe given answer is correct as first one is for protection not adding users creation
NYY
upvoted 1 times

Correct. The last on is YES - the user risk can trigger different Conditional Access policies, like MFA, change password, etc. (tested on my tenant)
upvoted 1 times
  alopezme 3 months, 2 weeks ago

"Require MFA for users with medium or high sign-in risk"
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
So last one is YES

upvoted 2 times
  RH10 5 months, 1 week ago

Answer is No, Yes, Yes :https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
upvoted 4 times
  hapai 5 months, 4 weeks ago

for the third question I feel it is Y : "Organizations can choose to block access when risk is detected. Blocking sometimes stops legitimate users
from doing what they need to. A better solution is to allow self-remediation using Azure AD Multi-Factor Authentication (MFA) and self-service
password reset (SSPR)."
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies
upvoted 3 times
Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a
specific key word?
A. Audit
B. Compliance Manager
C. Content Search
D. Alerts
Correct Answer: C
The Content Search tool in the Security & Compliance Center can be used to quickly find email in Exchange mailboxes, documents in SharePoint
sites and
OneDrive locations, and instant messaging conversations in Skype for Business.
The first step is to starting using the Content Search tool to choose content locations to search and configure a keyword query to search for
specific items.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide
  Ford_658 5 months ago

Correct
upvoted 4 times
  kingrouj 5 months, 1 week ago

correct
upvoted 2 times
  Breino 6 months ago

Correct
upvoted 4 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide
  gustangelo 2 months ago

The key word here is "governance"
upvoted 2 times

Correct!
upvoted 1 times
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated
credit card numbers?
A. retention policies
B. data loss prevention (DLP) policies
D. information barriers
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
  Aashiq1 1 month, 1 week ago

correct
upvoted 2 times

correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview

correct
upvoted 4 times
In a Core eDiscovery workflow, what should you do before you can search for content?
A. Create an eDiscovery hold.
B. Run Express Analysis.
C. Configure attorney-client privilege detection.
D. Export and download results.
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide

From https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide:
Create an eDiscovery hold. The first step after creating a case is placing a hold (also called an eDiscovery hold) on the content locations of the
people of interest in your investigation. ... While this step is optional,...
upvoted 1 times

correct
upvoted 2 times
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
A. Microsoft Service Trust Portal
B. Compliance Manager
C. Microsoft 365 compliance center
D. Microsoft Support
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide

key word is portal, trust as well , answer is correct
upvoted 1 times
  aims123456 2 months, 1 week ago

keyword is privacy = Trust
upvoted 1 times

correct
upvoted 1 times
What can you protect by using the information protection solution in the Microsoft 365 compliance center?
A. computers from zero-day exploits
B. users from phishing attempts
C. files from malware and viruses
D. sensitive data from being exposed to unauthorized users
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide

correct
upvoted 4 times
What can you specify in Microsoft 365 sensitivity labels?
A. how long files must be preserved
B. when to archive an email message
C. which watermark to add to files
D. where to store files
Correct Answer: C
Reference:

Correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Advanced Audit helps organizations to conduct forensic and compliance investigations by increasing audit log retention.
Box 2: No -
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide

Correct
upvoted 2 times
HOTSPOT -
Hot Area:
Correct Answer:
  Tewhenua Highly Voted  2 months, 2 weeks ago

I believe it is YNN
You can't delete a resource group containing locked resources
upvoted 27 times
  defy2020 Highly Voted  2 months, 4 weeks ago

You cannot delete a resource group containing resources with lock. I tested it in my Azure subscription. I created a Resource Group with 2 Storage
Accounts. I created a Delete lock for one of them and a Read-only lock for the other one. First you have to delete the 2 storage account's locks, and
then you will be able to delete the Resource Group.
upvoted 8 times

Even if we delete resource group resource lock will take precedence meaning we have to delete lock first and then delete resource group
answer is YNN
upvoted 2 times

Y N N is right
upvoted 1 times
  Synecdoque19 1 week, 6 days ago

It is yes no no
upvoted 1 times

I think it is YYN also
upvoted 2 times

Mistake it is YNN
upvoted 3 times
  Tazmania98 2 months ago

Correct answer for me YNN
upvoted 2 times

It should be:
YES - As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally
deleting or modifying critical resources. The lock overrides any permissions the user might have.
NO - The most restrictive lock in the inheritance takes precedence.
NO - If you delete a resource group with a locked resource, the portal UI will give you an error and no resources are deleted.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
upvoted 5 times
  bador 3 months ago

IT is wrong, it should be NO, YES, NO
upvoted 3 times
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide
  wyindualiizer Highly Voted  2 months, 4 weeks ago

correct
upvoted 7 times
  sas000 Most Recent  14 hours, 10 minutes ago

correct I passed today above 900 almost same questions
upvoted 1 times

correct answer
upvoted 1 times

"Each item that supports sensitivity labels can have a single sensitivity label applied to it. " From: https://docs.microsoft.com/en-us/microsoft-
365/compliance/sensitivity-labels?view=o365-worldwide
upvoted 2 times
  Khumo 2 months, 2 weeks ago

Correcto
upvoted 3 times

yes...correct...
upvoted 3 times
  dadageer 2 months, 3 weeks ago

Correct
upvoted 3 times

SC-900 Exam - With Discussions

Uploaded by

Copyright:

Available Formats

SC-900 Exam - With Discussions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SC-900 Exam - With Discussions

Uploaded by

Copyright:

Available Formats

- Expert Verified, Online, Free.

 Custom View Settings

Topic 1 - Single Topic

  AKYK Highly Voted  5 months ago

  prabhjot Most Recent  2 days, 13 hours ago

  fasttony77 2 days, 19 hours ago

  TJ001 4 days, 22 hours ago

  Chris_Chen 6 days, 3 hours ago

  Billbob 4 months ago

  zic04 6 months, 1 week ago

  78ro 5 months, 3 weeks ago

  gills 6 months, 3 weeks ago

  AKYK Highly Voted  5 months ago

  TJ001 Most Recent  4 days, 22 hours ago

  Chris_Chen 6 days, 3 hours ago

  mcsank 1 month, 3 weeks ago

  Melwin86 6 months, 3 weeks ago

  Rada89 Highly Voted  6 months, 3 weeks ago

  PrajnaRao Highly Voted  6 months, 3 weeks ago

  sas000 Most Recent  1 day, 20 hours ago

  TJ001 4 days, 22 hours ago

  Train4vcap 1 week ago

  dobriv 1 week, 3 days ago

  Shanti 1 week, 3 days ago

  Nikita96 2 weeks, 1 day ago

  odbjegli 2 weeks, 3 days ago

  TH75 2 weeks, 5 days ago

  DChilds 3 weeks, 3 days ago

  agnaou 1 month ago

  mithundevender 1 month, 1 week ago

  Krunalgupta 1 month, 1 week ago

  phatboi 1 month, 1 week ago

  aims123456 2 months, 3 weeks ago

  Master_of_Cloud 2 months, 3 weeks ago

  PrajnaRao Highly Voted  6 months, 3 weeks ago

  Ronald88 Most Recent  1 month, 1 week ago

  Charles 4 months, 2 weeks ago

Federation is a collection of domains that have established trust.

  Melwin86 Highly Voted  6 months, 3 weeks ago

  TJ001 Most Recent  4 days, 22 hours ago

  RamazanInce 3 months, 1 week ago

  phatboi 1 month, 1 week ago

  Marski 1 month, 4 weeks ago

  j3xmkr 3 months ago

  Shaowei 3 months, 1 week ago

  necs 3 months, 1 week ago

  MohitRao 5 months, 3 weeks ago

  Shreyas2811 6 months ago

A. Microsoft Secure Score

C. Secure score in Azure Security Center

Community vote distribution

  qdam 3 weeks, 5 days ago

  Gtese 1 month, 2 weeks ago

  eddie_network_jedi 2 months, 4 weeks ago

  Takloy 6 months ago

  Sukhi4fornet 6 months, 3 weeks ago

B. a Log Analytics workspace

C. Azure Information Protection

  Melwin86 Highly Voted  6 months, 3 weeks ago