11/11/21, 7:49 PMPrepare Exam SC-900Which Azure Active Directory [Azure AD] feature can you use to provide just-in-time [JIT] access to manage Azure resources?*[1 Point]53.conditional access policiesAzure AD Identity ProtectionAzure AD Privileged Identity Management [PIM]authentication method policies
Which three authentication methods can be used by Azure Multi-FactorAuthentication [MFA]? Each correct answer presents a complete solution.*
Get answer to your question and much more
Which Microsoft 365 feature can you use to restrict communication and thesharing of information between members of two departments at yourorganization?**
Get answer to your question and much more
11/11/21, 7:49 PMPrepare Exam SC-900…15/21YesNoConditional access policies can be used to block access to an application basedon the location of the user*[1 Point]57.YesNoConditional access policies only affect users who have Azure Active DIrectory[Azure AD] joined device*[1 Point]58.YesNoAplication registered in azure active directory are associated automatically to a*[1 Point]59.guest accountmanaged identityservice principaluser accountWhich three authentication methods does Windows Hello for Businesssupport? Each correct answer presents a complete solution.*[1 Point]60.fingerprintfacial recognition
11/11/21, 7:49 PMPrepare Exam SC-900…16/21PINemail verificationsecurity questionWhen you enable security defaults in azure active directory [Azure AD],____________________ will be enabled for all azure AD users*[1 Point]61.Azure AD Identity ProtectionAzure AD Privileged identity Management [PIM]Multi-factor authentication [MFA]________ can user conditional access policies to control session in real time*[1 Point]62.Azure AD Privileged Identity Management [PIM]Azure DefenderAzure SentinelMicrosoft Cloud APP SecurityAzure DDoS Protection Standard can be used to protect*[1 Point]63.Azure AD ApplicationsAzure AD UsersResource GroupsVirtual NetworksWhat should you use in the Microsoft 365 security center to view securitytrends and track the protection status of identities?*[1 Point]64.
11/11/21, 7:49 PMPrepare Exam SC-900…17/21Attack simulatorReportsHuntingIncidentsWhat are two capabilities of Microsoft Defender for Endpoint? Each correctselection presents a complete solution.*[1 Point]65.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-All Azure Active Directory [Azure AD] license editions include the same features.
-You can manage an Azure Active Directory [Azure AD] tenant by using the Azure portal.
-You must deploy Azure virtual machines to host an Azure Active Directory [Azure AD] tenant.
-No
-Yes
-No
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[______] provide best practice from Microsoft employees, partners, and customers including tools and guidance to assist in an Azure deployment.
-Azure Blueprints
-Azure Policy
-The Microsoft Cloud Adoption Framework for Azure
-A resource lock
-The Microsoft Cloud Adoption Framework for Azure
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] is used to identify, hold, and export electronic information that might be used in an investigation.
-Customer Lockbox
-Data loss prevention [DLP]
-eDiscovery
-A resource lock
-eDiscovery
HOTSPOT -Select the answer that correctly
completes the sentence.
Hot Area:
You can manage Microsoft Intune by using the [_____]
-Azure Active Directory admin center
-Microsoft 365 compliance center
-Microsoft 365 Defender portal
-Microsoft Endpoint Manager admin center
-Microsoft Endpoint Manager admin center
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
Federation is used to establish [_____] between organization.
-multi-factor authentication [MFA]
-a trust relationship
-user account synchronization
-a VPN connection
-a trust relationship
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-Applying system updates increases an organization's secure score in Azure Security Center.
-The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions.
-Enabling multi-factor authentication [MFA] increases an organization's secure score in Azure Security Center.
-Yes
-Yes
-Yes
Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?
A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Security Center
D. Compliance score
D. Compliance score
What do you use to provide real-time integration between Azure Sentinel and another security source?
A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector
D. a connector
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization forStandardization [ISO]?
A. the Microsoft Endpoint Manager admin center
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. the Azure Active Directory admin center
C. Microsoft Service Trust Portal
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware
D. the management of the physical hardware
HOTSPOT -For each of the following
statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-Verify explicitly is one of the guiding principles of Zero Trust.
-Assume breach is one of the guiding principles of Zero Trust.
-The Zero Trust security model assumes that a firewall secures the internal network from external threats.
-Yes
-Yes
-No
HOTSPOT
-For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-Control is a key privacy principle of Microsoft
-Transparency is a key privacy principle of Microsoft
-Shared responsibility is a key privacy principle of Microsoft
-Yes
-Yes
-No
HOTSPOT -Select the answer that correctly completes
the sentence.
Hot Area:
[_____] a file makes the data in the file readable and usable to viewers that have the appropriate key.
-Archiving
-Compressing
-Deduplicating
-Encrypting
-Encrypting
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-Digitally signing a document requires a private key.
-Verifying the authenticity of a digitally signed document requires the public key of the signer.
-Verifying the authenticity of a digitally signed document requires the private key of the singer.
-Yes
-Yes
-No
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
When users sign in to the Azure portal, they are first [_____]
-assigned
permissions
-authenticated
-authorized
-resolved
-authenticated
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] is the process of identifying whether a signed-in user can access a specific resource.
-Authentication
-Authorization
-Federation
-Single sign-on [SSO]
-Authorization
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] enables collaboration with business partners from external organization such as suppliers, partners, and vendors. External users appear as guest users in the directory.
-Active Directory Domain Services [AD DS]
-Active Directory forest trusts
-Azure Active Directory [Azure AD] business-to-business [B2B]
-Azure Active Directory business-to-consumer B2C [Azure AD
B2C]
-Azure Active Directory [Azure AD] business-to-business [B2B]
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy
A. Plan
E. Define Strategy
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-In software as a service [SaaS], applying service packs to applications is the responsibility of the organization.
-In infrastructure as a service [IaaS], managing the physical network is the responsibility of the cloud provider.
-In all Azure cloud deployment types, managing the security of information and data is the responsibility of the organization.
-No
-Yes
-Yes
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-Azure AD Connect can be used to implement hybrid identity.
-Hybrid identity requires the implementation of two Microsoft 365 tenants.
-Hybrid identity refers to the synchronization of Active Directory Domain Services [AD DS] and Azure Active Directory [Azure AD].
-Yes
-No
-Yes
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] provide benchmark recommendation and guidance for protecting Azure services.
-Azure Application
Insights
-Azure Network Watcher
-Log Analytics workspace
-Security baselines for Azure
-Security baselines for Azure
What is an example of encryption at rest?
A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email
B. encrypting a virtual machine disk
Which three statements accurately describe the guiding principles of Zero Trust?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Define the perimeter by physical locations.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
E. Use
the network as the primary security boundary.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
A. Azure Active Directory [Azure AD] Privileged Identity Management [PIM]
B. Azure
Multi-Factor Authentication [MFA]
C. Azure Active Directory [Azure AD] Identity Protection
D. conditional access policies
A. Azure Active Directory [Azure AD] Privileged Identity Management [PIM]
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services [AD DS] and Azure Active Directory [Azure AD]?
A. Active Directory Federation Services [AD FS]
B.
Azure Sentinel
C. Azure AD Connect
D. Azure Ad Privileged Identity Management [PIM]
C. Azure AD Connect
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-You can create custom roles in Azure Active Directory [Azure AD].
-Global administrator is a role in Azure Active Directory [Azure AD].
-An Azure Active Directory [Azure AD] user can be assigned only one role.
-Yes
-Yes
-No
HOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
Hot Area:
-Azure Active Directory [Azure AD] is deployed to an on-premises environment.
-Azure Active Directory [Azure AD] is provided as part of a Microsoft 365 subscription.
-Azure Active Directory [Azure AD] is an identity and access management service.
-No
-Yes
-Yes
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
With Windows Hello for Business, a user's biometric data used for authentication [_____]
-is stored on an external device
-is stored on a local device only
-is
stored in Azur Active Directory [Azure AD]
-is replicated to all devices designated by the user
-is stored on a local device only
What is the purpose of Azure Active Directory [Azure AD] Password Protection?
A. to control how often users must change their passwords
B. to identify devices to which users can sign in without using multi-factor authentication [MFA]
C. to encrypt a password by using
globally recognized encryption standards
D. to prevent users from using specific words in their passwords
D. to prevent users from using specific words in their passwords
Which Azure Active Directory [Azure AD] feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
A. access reviews
B. managed identities
C. conditional access
policies
D. Azure AD Identity Protection
A. access reviews
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] requires additional verification, such as a verification code sent to a mobile phone.
-Multi-factor authentication [MFA]
-Pass-through authentication
-Password wrtieback
-Single sign-on [SSO]
-Multi-factor authentication [MFA]
HOTSPOT
Yes/No
-Conditional access policies can use the device state as a signal.
-Conditional access policies apply before first-factor authentication is complete.
-Conditional access policies can trigger multi-factor authentication [MFA] if a user attempts to access a specific application.
-Yes
-No
-Yes
HOTSPOT
-Select the answer that correctly completes the sentence.
Hot Area:
[_____] is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advance threats.
-Microsoft Cloud App Security
-Microsoft Defender for Endpoint
-Microsoft Defender for Identity
-Microsoft Defender for Office 365
-Microsoft Defender for Identity
HOTSPOT -Select
the answer that correctly completes the sentence.
Hot Area:
Microsoft Defender for Identity can identify advance threats from [_____] signals.
-Azure Active Directory [Azure AD]
-Azure AD Connect
-on-premises Active Directory Domain Servies [AD DS]
-on-premises Active Directory Domain Servies [AD DS]
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
Azure Active Directory [Azure AD] is [_____] used for authentication and authorization.
-and extended detection and response [XDR] system
-an identify provider
-a management group
-a security information and event management [SIEM] system
-an identify provider
Which Azure Active Directory [Azure AD] feature can you use to provide just-in-time [JIT] access to manage Azure resources?
A.
conditional access policies
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management [PIM]
D. authentication method policies
C. Azure AD Privileged Identity Management [PIM]
Which three authentication methods can be used by Azure Multi-Factor Authentication [MFA]?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. text
message [SMS]
B. Microsoft Authenticator app
C. email verification
D. phone call
E. security question
A. text message [SMS]
B. Microsoft Authenticator app
D. phone call
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
A. sensitivity label policies
B. Customer Lockbox
C.
information batteries
D. Privileged Access Management [PAM]
C. information batteries
HOTSPOT
Yes/No
-Conditional access policies always enforce the use of multi-factor authentication [MFA].
-Conditional access policies can be used to block access to an application based on the location of the user.
-Conditional access policies only affect users who have Azure Active Directory [Azure AD] - joined devices
-No
-Yes
-No
HOTSPOT
Yes/No
-Conditional access policies can be applied to global administrators.
-Conditional access policies are evaluated before a user is authenticated.
-Conditional access can use a device platform, such as Android or iOS, as a signal.
-Yes
-No
-Yes
HOTSPOT
-Select the answer that correctly completes the sentence.
Hot Area:
Applications registered in Azure Active Directory [Azure AD] are associated automatically to a [_____].
-guest account
-managed identity
-service principal
-user account
-service principal
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete
solution.
NOTE: Each correct selection is worth one point.
A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question
A. fingerprint
B. facial recognition
C. PIN
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
When you enable security defaults in Azure Directory [Azure AD], [_____] will be enabled for all Azure AD users.
-Azure AD Identity Protection
-Azure AD Privileged Identity Management [PIM]
-multi-factor authentication [MFA]
-multi-factor authentication [MFA]
You have an Azure subscription.You need to implement approval-based, time-bound role activation.What should you use?
A. Windows Hello for Business
B. Azure Active Directory [Azure AD] Identity Protection
C. access reviews in Azure Active
Directory [Azure AD]
D. Azure Active Directory [Azure AD] Privileged Identity Management [PIM]
D. Azure Active Directory [Azure AD] Privileged Identity Management [PIM]
HOTSPOT
Yes/No
-Global administrators are exempt from conditional access policies.
-A conditional access policy can add users to Azure Active Directory [Azure AD] roles
-Conditional access policies can force the user of multi factor authentication [MFA] to access cloud apps.
-No
-No
-Yes
When security defaults are enabled for an Azure Active Directory [Azure AD] tenant, which two requirements are enforced?
Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. All users must authenticate from a registered device.
B. Administrators must always use Azure
Multi-Factor Authentication [MFA].
C. Azure Multi-Factor Authentication [MFA] registration is required for all users.
D. All users must authenticate by using passwordless sign-in.
E. All users must authenticate by using Windows Hello.
B. Administrators must always use Azure Multi-Factor Authentication [MFA].
C. Azure Multi-Factor Authentication [MFA] registration is required for all users.
Which type of identity is created when you register an application with Active Directory [Azure AD]?
A. a user account
B. a user-assigned managed identity
C. a system-assigned managed identity
D. a service principal
D. a service principal
Which three tasks can be performed by using Azure Active Directory [Azure AD] Identity Protection?
Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. Configure external access for partner organizations.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
You can use [_____] in Microsoft 365 security center to identify devices that are affected by an alert.
-classifications
-incidents
-policies
-Secure score
-incidents
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
NOTE: Each correct selection is worth one point.
A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction
A. automated investigation and remediation
D. attack surface reduction
DRAG DROP -Match the Azure networking
service to the appropriate description.T
o answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.Select and Place:
Services:
-Azure Bastion
-Azure Firewall
-Network Security Group [NSG]
Answers:
-Provides Network Address Translation [NAT] services.
-Provides secure and seamless Remote Desktop connectivity to Azure virtual machines.
-Provides traffic filtering that can be applied to specific network interface on a virtual network.
-Azure Firewall - Provides Network Address Translation [NAT] services.
-Azure Bastion - Provides secure and seamless Remote Desktop connectivity to Azure virtual machines.
-Network Security Group [NSG] - Provides traffic filtering that can be applied to specific network interface on a virtual network.
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] is a cloud-native security information and event management [SIEM] and security orchestration automated response [SOAR] solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.
-Azure Advisor
-Azure Bastion
-Azure Monitor
-Azure Sentinel
-Azure Sentinel
HOTSPOT -
Yes/No
-Azure Defender can detect vulnerabilities and threats for Azure Storage
-Cloud Security Posture Management [CSPM] is available for all Azure subscriptions.
-Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises.
-Yes
-Yes
-Yes
HOTSPOT -Select the answer that
correctly completes the sentence.
Hot Area:
You can use [_____] in the Microsoft 365 Security Center to view an aggregation of alerts that relate to the same attack.
-Reports
-Hunting
-Attack simulator
-Incidents
-Incidents
HOTSPOT -
Yes/No
-Network security groups [NSGs] can deny inbound traffic from the internet.
-Network security groups [NSGs] can deny outbound traffic to the internet
-Network security groups [NSGs] can filter traffic based on IP address, protocol, and port.
-Yes
-Yes
-Yes
HOTSPOT -
Yes/No
-Microsoft Intune can be used to manage Android devices.
-Microsoft Intune can be used to provision Azure subscriptions.
-Microsoft Intune can be used to can be used to manage organization-owned devices and personal devices
-Yes
-No
-Yes
HOTSPOT -
Yes/No
-You can create on Azure Bastion per virtual network.
-Azure Bastion provides secure user connections by using RDP.
-Azure Bastion provides a secure connection to an Azure virtual machine by using the Azure portal.
-Yes
-Yes
-Yes
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection
D. network protection
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
In Azure Sentinel, you can automate common tasks by using [_____]
-deep investigation
tool
-hunting serch-and-query tools
-playbooks
-workboos
-playbooks
Which two types of resources can be protected by using Azure Firewall?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure virtual machines
B. Azure Active Directory [Azure AD] users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E.
Microsoft SharePoint Online sites
A. Azure virtual machines
D. Azure virtual networks
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.Which security methodology does this represent?
A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model
C. defense in depth
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint
A. Microsoft Defender for Office 365
HOTSPOT -
Yes/No
-Microsoft Defender for Endpoint can protect Android devices.
-Microsoft Defender for Endpoint can protect Azure virtual machines that run Windows 10.
-Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses
-Yes
-Yes
-No
Which feature provides the extended detection and response [XDR] capability of Azure Sentinel?
A. integration with the Microsoft
365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks
C. integration with Microsoft 365 Defender
What can you use to provide threat detection for Azure SQL Managed Instance?
A. Microsoft Secure Score
B. application security groups
C. Azure Defender
D. Azure Bastion
C. Azure Defender
Which Azure Active Directory [Azure AD] feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
A. network security groups [NSGs]
B. Azure AD Privileged Identity Management [PIM]
C. conditional access policies
D. resource locks
C. conditional access policies
HOTSPOT
Yes/No
-Microsoft Secure Score in the Microsoft 365 security center can provide recommendations for Microsoft Cloud App Security.
-From the Microsoft 365 Defender portal, you can view how your Microsoft Secure Score compares to the score of organizations like yours.
-Microsoft Secure Score in the Microsoft 365 security center gives you points if you address the improvement action by using a third-party application or software.
-Yes
-Yes
-Yes
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] can use conditional access policies to control sessions in real time.
-Azure Active Directory [Azure AD] Privileged Identity Management [PIM]
-Azure Defender
-Azure Sentinel
-Microsoft Cloud App Security
-Microsoft Cloud App Security
HOTSPOT -Select the answer that
correctly completes the sentence.
Hot Area:
Azure DDoS Protection Standard can be used to protect [_____]
-Azure Active Directory [AAD] applications
-Azure Active Directory [AAD] users
-resource groups
-virtual networks
-virtual networks
What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
A. Attack
simulator
B. Reports
C. Hunting
D. Incidents
B. Reports
You have a Microsoft 365 E3 subscription.You plan to audit user activity by using the unified audit log and Basic Audit.For how long will the audit records be retained?
A. 15 days
B. 30 days
C. 90 days
D. 180 days
C. 90 days
To which type of resource can Azure Bastion provide secure access?
A. Azure Files
B. Azure SQL Managed Instances
C. Azure virtual machines
D. Azure App Service
C. Azure virtual machines
HOTSPOT -
Yes/No
-Azure Policy supports automatic remediation
-Azure Policy can be used to ensure that new resources adhere to corporate standard
-Compliance evaluation in Azure Policy occurs only when a target resources is created or modified
-Yes
-Yes
-No
What is a use case for implementing information barrier policies in Microsoft 365?
A. to restrict unauthenticated access to Microsoft 365
B. to restrict Microsoft Teams chats between certain groups within an organization
C. to restrict Microsoft Exchange Online email between certain groups within an organization
D. to restrict data
sharing to external email recipients
B. to restrict Microsoft Teams chats between certain groups within an organization
What can you use to provision Azure resources across multiple subscriptions in a consistent manner?
A. Azure Defender
B. Azure Blueprints
C. Azure Sentinel
D. Azure Policy
B. Azure Blueprints
HOTSPOT -
Yes/No
-With advance audit in Microsoft 365, you can identify when email items were accessed
-Advance audit in Microsoft 365 supports the same retention period of audit logs as core auditing
-Advance audit in Microsoft 365 allocates customer-dedicated bandwidth for accessing audit data
-Yes
-No
-Yes
HOTSPOT -
Yes/No
-Azure Active Directory [Azure AD] Identity Protection can add users to groups based on the user's risk level
-Azure Active Directory [Azure AD] Identity Protection can detect whether user credentials were leaked in public
-Azure Active Directory [Azure AD] Identity Protection can be used to invoke Multi-Factor Authentication based on user's risk level
-No
-Yes
-Yes
Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?
A. Audit
B. Compliance Manager
C. Content Search
D. Alerts
C. Content Search
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] provides a central location for managing information protection, information governance, and data loss prevention [DLP] policies.
-Azure
Defender
-The Microsoft 365 Compliance Center
-The Microsoft 365 Security Center
-Microsoft Endpoint Manager
-The Microsoft 365 Compliance Center
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?
A. retention policies
B. data loss prevention [DLP] policies
C. conditional access
policies
D. information barriers
B. data loss prevention [DLP] policies
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
[_____] can be used to provide Microsoft Support Engineers with access to an organization's data stored in Microsoft Exchange Online, Sharepoint Online, and OneDrive for Business.
-Customer Lockbox
-Information barrier
-Privileged Access
Management [PAM]
-Sensitivity label
-Customer Lockbox
In a Core eDiscovery workflow, what should you do before you can search for content?
A. Create an eDiscovery hold.
B. Run Express Analysis.
C. Configure attorney-client privilege detection.
D. Export and download results.
A. Create an eDiscovery hold.
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
A. Microsoft Service Trust Portal
B. Compliance Manager
C. Microsoft 365 compliance center
D. Microsoft Support
A. Microsoft Service Trust Portal
What can you protect by using the information protection solution in the Microsoft 365 compliance center?
A. computers from zero-day exploits
B.
users from phishing attempts
C. files from malware and viruses
D. sensitive data from being exposed to unauthorized users
D. sensitive data from being exposed to unauthorized users
What can you specify in Microsoft 365 sensitivity labels?
A. how long files must be preserved
B. when to archive an email message
C. which watermark to add to files
D. where to store files
C. which watermark to add to files
HOTSPOT
Yes/No
-You can use Advanced Audit in Microsoft 365 to view billing details
-You can use Advanced Audit in Microsoft 365 to view contents of email messages
-You can use Advanced Audit in Microsoft 365 to identify when a user uses the search bar in Outlook on the web to search for items in a mailbox
-No
-No
-Yes
HOTSPOT
Yes/No
-You can add a resource lock to Azure subscription
-You can add only one resource lock to an Azure resource
-You can delete a resource group containing resources that have a resource lock
-Yes
-Yes
-No
HOTSPOT
Yes/No
-Users can apply sensitivity labels manually
-Multiple sensitivity labels can be applied to the same file
-A sensitivity label can apply a watermark to Microsoft Word document
-Yes
-No
-Yes
Which two tasks can you implement by using data loss prevention [DLP] policies in Microsoft 365? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. Display policy tips to users who are about to violate your organization's policies.
B. Enable disk
encryption on endpoints.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
D. Apply security baselines to devices.
A. Display policy tips to users who are about to violate your organization's policies.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
HOTSPOT -Select the answer that correctly completes the sentence.
Hot Area:
Compliance Manager assesses compliance data [_____] for an organization.
-continually
-monthly
-on-demand
-quarterly
-continually
HOTSPOT
Yes/No
-Sensitivity labels can be used to encrypt documents
-Sensitivity labels can add headers and footers to a document
-Sensitivity labels can add watermarks to email
-Yes
-Yes
-Yes
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
A. Content Search
B. sensitivity labels
C. retention policies
D. eDiscovery
B. sensitivity labels
HOTSPOT
Yes/No
-Compliance Manager tracks only customer-managed controls
-Compliance Manager provides predefined templates for creating assessments
-Compliance Manager can help you assess whether data adheres to specific data protection standards
-No
-Yes
-Yes
HOTSPOT
Yes/No
-You can use the insider risk management solution to detect phishing scams
-You can access the insider risk management solution from the Microsoft 365 compliance center
-You can use the insider risk management solution to detect data leaks by unhappy employees
-No
-Yes
-Yes