SC-900 Exam - Free Actual Q&As, Page 1 - ExamTopics

- Expert Verified, Online, Free.
 Custom View Settings
Topic 1 - Single Topic
Question #1 Topic 1
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question #2 Topic 1
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/
Question #3 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
Question #4 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Question #5 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Federation is a collection of domains that have established trust.

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
Question #6 Topic 1
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
System updates reduces security vulnerabilities, and provide a more stable environment for end users. Not applying updates leaves unpatched
vulnerabilities and results in environments that are susceptible to attacks.
Box 2: Yes -
Box 3: Yes -
If you only use a password to authenticate a user, it leaves an attack vector open. With MFA enabled, your accounts are more secure.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls
Question #7 Topic 1
Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory
standards?
A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Security Center
D. Compliance score
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide https://docs.microsoft.com/en-
us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide
Community vote distribution

D (100%)
Question #8 Topic 1
What do you use to provide real-time integration between Azure Sentinel and another security source?
A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector
Correct Answer: D
To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a number of connectors for Microsoft
solutions, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for
Identity, and Microsoft Cloud App
Security, etc.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview

D (100%)
Question #9 Topic 1
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International
Organization for
Standardization (ISO)?
A. the Microsoft Endpoint Manager admin center
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. the Azure Active Directory admin center
Correct Answer: C
The Microsoft Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services
and the customer data therein.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide

C (100%)
Question #10 Topic 1
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware
Correct Answer: D

D (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Box 2: Yes -
Box 3: No -
The Zero Trust model does not assume that everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies
each request as though it originated from an uncontrolled network.
Reference:
https://docs.microsoft.com/en-us/security/zero-trust/
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://privacy.microsoft.com/en-US/
HOTSPOT -
Hot Area:
Correct Answer:
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
A certificate is required that provides a private and a public key.
Box 2: Yes -
The public key is used to validate the private key that is associated with a digital signature.
Box 3: Yes -
The private key, or rather the password to the private key, validates the identity of the signer.
Reference:
https://support.microsoft.com/en-us/office/obtain-a-digital-certificate-and-create-a-digital-signature-e3d9d813-3305-4164-a820-2e063d86e512
https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/organization-administration/electronic-signature-overview
HOTSPOT -
Hot Area:
Correct Answer:
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a
complete solution.
A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy
Correct Answer: AE
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/overview

AE (100%)
HOTSPOT -
Hot Area:
Correct Answer:
HOTSPOT -
Hot Area:
Correct Answer:
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline
What is an example of encryption at rest?
A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

B (100%)
Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer presents a complete solution.
A. Define the perimeter by physical locations.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
E. Use the network as the primary security boundary.
Correct Answer: BCD

Reference:
https://docs.microsoft.com/en-us/security/zero-trust/

BCD (100%)
HOTSPOT -
Which service should you use to view your Azure secure score? To answer, select the appropriate service in the answer area.
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. Azure Multi-Factor Authentication (MFA)
C. Azure Active Directory (Azure AD) Identity Protection
D. conditional access policies
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common

A (98%)
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory
(Azure AD)?
A. Active Directory Federation Services (AD FS)
B. Azure Sentinel
C. Azure AD Connect
D. Azure Ad Privileged Identity Management (PIM)
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect

C (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Azure AD supports custom roles.
Box 2: Yes -
Global Administrator has access to all administrative features in Azure Active Directory.
Box 3: No -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles https://docs.microsoft.com/en-us/azure/active-
directory/roles/permissions-reference
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Box 2: Yes -
Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your Microsoft 365 subscription.
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
HOTSPOT -
Hot Area:
Correct Answer:
Biometrics templates are stored locally on a device.

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview
What is the purpose of Azure Active Directory (Azure AD) Password Protection?
A. to control how often users must change their passwords
B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
C. to encrypt a password by using globally recognized encryption standards
D. to prevent users from using specific words in their passwords
Correct Answer: D
Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are
specific to your organization.
With Azure AD Password Protection, default global banned password lists are automatically applied to all users in an Azure AD tenant. To
support your own business and security needs, you can define entries in a custom banned password list.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises

D (100%)
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require
membership in a group?
A. access reviews
B. managed identities
C. conditional access policies
D. Azure AD Identity Protection
Correct Answer: A
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise
applications, and role assignments.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

A (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to
enter a code on their cellphone or to provide a fingerprint scan.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Box 2: No -
Conditional Access policies are enforced after first-factor authentication is completed.
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
HOTSPOT -
Hot Area:
Correct Answer:
Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect,
and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
A. conditional access policies
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. authentication method policies
Correct Answer: C
Azure AD Privileged Identity Management (PIM) provides just-in-time privileged access to Azure AD and Azure resources
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

C (100%)
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
A. text message (SMS)
B. Microsoft Authenticator app
C. email verification
D. phone call
E. security question
Correct Answer: ABD

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

ABD (89%) 11%
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your
organization?
A. sensitivity label policies
B. Customer Lockbox
C. information batteries
D. Privileged Access Management (PAM)
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers

C (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Conditional access policies can be applied to all users
Box 2: No -
Conditional access policies are applied after first-factor authentication is completed.
Box 3: Yes -
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Reference:
HOTSPOT -
Hot Area:
Correct Answer:
When you register an application through the Azure portal, an application object and service principal are automatically created in your home
directory or tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question
Correct Answer: ABC

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication

ABC (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
You have an Azure subscription.

You need to implement approval-based, time-bound role activation.
What should you use?
A. Windows Hello for Business
B. Azure Active Directory (Azure AD) Identity Protection
C. access reviews in Azure Active Directory (Azure AD)
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

D (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-
directory/conditional-access/howto-conditional-access-policy-admin-mfa
When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced? Each correct answer
presents a complete solution.
A. All users must authenticate from a registered device.
B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.
D. All users must authenticate by using passwordless sign-in.
E. All users must authenticate by using Windows Hello.
Correct Answer: BC
Security defaults make it easy to protect your organization with the following preconfigured security settings:
✑ Requiring all users to register for Azure AD Multi-Factor Authentication.
✑ Requiring administrators to do multi-factor authentication.
✑ Blocking legacy authentication protocols.
✑ Requiring users to do multi-factor authentication when necessary.
✑ Protecting privileged activities like access to the Azure portal.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

BC (100%)
Which type of identity is created when you register an application with Active Directory (Azure AD)?
A. a user account
B. a user-assigned managed identity
C. a system-assigned managed identity
D. a service principal
Correct Answer: D
When you register an application through the Azure portal, an application object and service principal are automatically created in your home
directory or tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

D (100%)
Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete
solution.
A. Configure external access for partner organizations.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.
Correct Answer: CDE

BCD (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction
Correct Answer: AD
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide

AD (100%)
DRAG DROP -
Match the Azure networking service to the appropriate description.
To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than
once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:
Correct Answer:
Box 1: Azure Firewall -

Azure Firewall provide Source Network Address Translation and Destination Network Address Translation.
Box 2: Azure Bastion -

Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS.
Box 3: Network security group (NSG)
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/networking/fundamentals/networking-overview https://docs.microsoft.com/en-
us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/firewall/features https://docs.microsoft.com/en-us/azure/virtual-
network/network-security-groups-overview
HOTSPOT -
Hot Area:
Correct Answer:
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated
response (SOAR) solution.
Reference:
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your
network, your storage, and more
Box 2: Yes -
Cloud security posture management (CSPM) is available for free to all Azure users.
Box 3: Yes -
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and
provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/azure-defender https://docs.microsoft.com/en-us/azure/security-center/defender-for-
storage-introduction https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide
HOTSPOT -
Hot Area:
Correct Answer:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network
security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure
resources. For each rule, you can specify source and destination, port, and protocol.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune https://docs.microsoft.com/en-
us/mem/intune/fundamentals/what-is-device-management
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection
Correct Answer: D
Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

D (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
A. Azure virtual machines
B. Azure Active Directory (Azure AD) users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E. Microsoft SharePoint Online sites
Correct Answer: DE

AD (100%)
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?
A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth

C (100%)
HOTSPOT -
Hot Area:
Correct Answer:
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description

A (100%)
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
A. integration with the Microsoft 365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide
What can you use to provide threat detection for Azure SQL Managed Instance?
A. Microsoft Secure Score
B. application security groups
C. Azure Defender
D. Azure Bastion
Correct Answer: C

C (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
D. resource locks
Correct Answer: C
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
A. Attack simulator
B. Reports
C. Hunting
D. Incidents
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-
worldwide

B (100%)
You have a Microsoft 365 E3 subscription.

You plan to audit user activity by using the unified audit log and Basic Audit.
For how long will the audit records be retained?
A. 15 days
B. 30 days
C. 90 days
D. 180 days
Correct Answer: C

C (100%)
To which type of resource can Azure Bastion provide secure access?
A. Azure Files
B. Azure SQL Managed Instances
C. Azure virtual machines
D. Azure App Service
Correct Answer: C
Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS.
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

C (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
What is a use case for implementing information barrier policies in Microsoft 365?
A. to restrict unauthenticated access to Microsoft 365
B. to restrict Microsoft Teams chats between certain groups within an organization
C. to restrict Microsoft Exchange Online email between certain groups within an organization
D. to restrict data sharing to external email recipients
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policies?view=o365-worldwide

B (100%)
What can you use to provision Azure resources across multiple subscriptions in a consistent manner?
A. Azure Defender
B. Azure Blueprints
C. Azure Sentinel
D. Azure Policy
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

B (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
The MailItemsAccessed event is a mailbox auditing action and is triggered when mail data is accessed by mail protocols and mail clients.
Box 2: No -
Basic Audit retains audit records for 90 days.
Advanced Audit retains all Exchange, SharePoint, and Azure Active Directory audit records for one year. This is accomplished by a default audit
log retention policy that retains any audit record that contains the value of Exchange, SharePoint, or AzureActiveDirectory for the Workload
property (which indicates the service in which the activity occurred) for one year.
Box 3: yes -
Advanced Audit in Microsoft 365 provides high-bandwidth access to the Office 365 Management Activity API.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide https://docs.microsoft.com/en-
us/microsoft-365/compliance/auditing-solutions-overview?view=o365-worldwide#licensing-requirements https://docs.microsoft.com/en-
us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/ microsoft-365-
security-compliance-licensing-guidance#advanced-audit
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Box 2: Yes -
Leaked Credentials indicates that the user's valid credentials have been leaked.
Box 3: Yes -
Multi-Factor Authentication can be required based on conditions, one of which is user risk.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection https://docs.microsoft.com/en-
us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/azure/active-
directory/authentication/tutorial-risk-based-sspr-mfa
Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a
specific key word?
A. Audit
B. Compliance Manager
C. Content Search
D. Alerts
Correct Answer: C
The Content Search tool in the Security & Compliance Center can be used to quickly find email in Exchange mailboxes, documents in SharePoint
sites and
OneDrive locations, and instant messaging conversations in Skype for Business.
The first step is to starting using the Content Search tool to choose content locations to search and configure a keyword query to search for
specific items.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated
credit card numbers?
A. retention policies
B. data loss prevention (DLP) policies
D. information barriers
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

B (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
In a Core eDiscovery workflow, what should you do before you can search for content?
A. Create an eDiscovery hold.
B. Run Express Analysis.
C. Configure attorney-client privilege detection.
D. Export and download results.
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
A. Microsoft Service Trust Portal
B. Compliance Manager
C. Microsoft 365 compliance center
D. Microsoft Support
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide
What can you protect by using the information protection solution in the Microsoft 365 compliance center?
A. computers from zero-day exploits
B. users from phishing attempts
C. files from malware and viruses
D. sensitive data from being exposed to unauthorized users
Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide
What can you specify in Microsoft 365 sensitivity labels?
A. how long files must be preserved
B. when to archive an email message
C. which watermark to add to files
D. where to store files
Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Advanced Audit helps organizations to conduct forensic and compliance investigations by increasing audit log retention.
Box 2: No -
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
HOTSPOT -
Hot Area:
Correct Answer:
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide
Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete
solution.
A. Display policy tips to users who are about to violate your organization's policies.
B. Enable disk encryption on endpoints.
C. Protect documents in Microsoft OneDrive that contain sensitive information.
D. Apply security baselines to devices.
Correct Answer: AC
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

AC (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide#how-compliance-manager-
continuously- assesses-controls
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: Yes -
You can use sensitivity labels to provide protection settings that include encryption of emails and documents to prevent unauthorized people
from accessing this data.
Box 2: Yes -
You can use sensitivity labels to mark the content when you use Office apps, by adding watermarks, headers, or footers to documents that have
the label applied.
Box 3: Yes -
You can use sensitivity labels to mark the content when you use Office apps, by adding headers, or footers to email that have the label applied.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
A. Content Search
B. sensitivity labels
C. retention policies
D. eDiscovery
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide

B (100%)
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Compliance Manager tracks Microsoft managed controls, customer-managed controls, and shared controls.
Box 2: Yes -
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide
HOTSPOT -
Hot Area:
Correct Answer:
Box 1: No -
Phishing scams are external threats.
Box 2: Yes -
Insider risk management is a compliance solution in Microsoft 365.
Box 3: Yes -
Insider risk management helps minimize internal risks from users. These include:
✑ Leaks of sensitive data and data spillage
✑ Confidentiality violations
✑ Intellectual property (IP) theft
✑ Fraud
✑ Insider trading
✑ Regulatory compliance violations
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide https://docs.microsoft.com/en-
us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide

SC-900 Exam - Free Actual Q&As, Page 1 - ExamTopics

Uploaded by

Copyright:

Available Formats

SC-900 Exam - Free Actual Q&As, Page 1 - ExamTopics

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SC-900 Exam - Free Actual Q&As, Page 1 - ExamTopics

Uploaded by

Copyright:

Available Formats

- Expert Verified, Online, Free.

 Custom View Settings

Topic 1 - Single Topic

Federation is a collection of domains that have established trust.

A. Microsoft Secure Score

C. Secure score in Azure Security Center

Community vote distribution

B. a Log Analytics workspace

C. Azure Information Protection

Community vote distribution

A. the Microsoft Endpoint Manager admin center

B. Azure Cost Management + Billing

C. Microsoft Service Trust Portal

D. the Azure Active Directory admin center

Community vote distribution

A. the management of mobile devices

B. the permissions for the user data stored in Azure

C. the creation and management of user accounts

D. the management of the physical hardware

Community vote distribution

Question #11 Topic 1

Question #13 Topic 1

Question #16 Topic 1

Question #18 Topic 1

Community vote distribution

Question #22 Topic 1

What is an example of encryption at rest?

A. encrypting communications by using a site-to-site VPN

B. encrypting a virtual machine disk

C. accessing a website by using an encrypted HTTPS connection

D. sending an encrypted email

Community vote distribution

A. Define the perimeter by physical locations.

B. Use identity as the primary security boundary.

C. Always verify the permissions of a user explicitly.

D. Always assume that the user system can be breached.

E. Use the network as the primary security boundary.

Correct Answer: BCD

Community vote distribution

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

B. Azure Multi-Factor Authentication (MFA)

C. Azure Active Directory (Azure AD) Identity Protection

D. conditional access policies

Community vote distribution

Question #26 Topic 1

A. Active Directory Federation Services (AD FS)

D. Azure Ad Privileged Identity Management (PIM)

Community vote distribution

Biometrics templates are stored locally on a device.

Question #30 Topic 1

A. to control how often users must change their passwords

C. to encrypt a password by using globally recognized encryption standards

D. to prevent users from using specific words in their passwords

Community vote distribution

C. conditional access policies

D. Azure AD Identity Protection

Community vote distribution

Question #32 Topic 1

Question #35 Topic 1