Microsoft SC-900 Microsoft Security, Compliance, and Identity Fundamentals Exam Practice Test
Question 1
What can you specify in Microsoft 365 sensitivity labels?
Ahow long files must be preserved
Bwhen to archive an email message
Cwhich watermark to add to
files
Dwhere to store files
Question 2
What can you protect by using the information protection solution in the Microsoft 365 compliance center?
Acomputers from zero-day exploits
Busers from phishing attempts
Cfiles from malware and
viruses
Dsensitive data from being exposed to unauthorized users
Question 3
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
AMicrosoft Service Trust Portal
BCompliance Manager
CMicrosoft
365 compliance center
DMicrosoft Support
Question 4
In a Core eDiscovery workflow, what should you do before you can search for content?
ACreate an eDiscovery hold.
BRun Express Analysis.
CConfigure attorney-client privilege detection.
DExport and download results.
Question 5
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?
Aretention policies
Bdata loss prevention (DLP) policies
Cconditional
access policies
Dinformation barriers
Question 6
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
Anetwork security groups (NSGs)
BAzure AD Privileged Identity Management (PIM)
Cconditional
access policies
Dresource locks
Question 7
What can you use to provide threat detection for Azure SQL Managed Instance?
AMicrosoft Secure Score
Bapplication security groups
CAzure Defender
DAzure
Bastion
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer :
Reference:
//docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot
Area:
Answer :
Explanation:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network
security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
Reference:
//docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
HOTSPOT -
For each of the following statements, select Yes if
the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Reference:
//docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune //docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-device-management
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Reference:
//docs.microsoft.com/en-us/azure/bastion/bastion-overview //docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
- A. automated remediation
- B. automated investigation
- C. advanced hunting
- D. network protection
Answer : D
Explanation:
Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability.
Reference:
//docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide
HOTSPOT -
Select the answer that correctly completes the
sentence.
Hot Area:
Answer :
Reference:
//docs.microsoft.com/en-us/azure/sentinel/overview
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Azure virtual machines
- B. Azure Active Directory (Azure AD) users
- C. Microsoft Exchange Online inboxes
- D. Azure virtual networks
- E. Microsoft SharePoint Online sites
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?
- A. threat modeling
- B. identity as the security perimeter
- C. defense in depth
- D. the shared responsibility model
Answer : C
Reference:
//docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth
HOTSPOT -
For each of the following statements, select Yes if
the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
What can you use to scan
email attachments and forward the attachments to recipients only if the attachments are free from malware?
- A. Microsoft Defender for Office 365
- B. Microsoft Defender Antivirus
- C. Microsoft Defender for Identity
- D. Microsoft Defender for Endpoint
Answer : A
Reference:
//docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
- A. integration with the Microsoft 365 compliance center
- B. support for threat hunting
- C. integration with Microsoft 365 Defender
- D. support for Azure Monitor Workbooks
Answer : C
Reference:
//docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide
What can you use to provide threat detection
for Azure SQL Managed Instance?
- A. Microsoft Secure Score
- B. application security groups
- C. Microsoft Defender for Cloud
- D. Azure Bastion
HOTSPOT -
For each of the following statements, select Yes if the statement is true.
Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Which Azure Active Directory (Azure AD) feature can
you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
- A. network security groups (NSGs)
- B. Azure AD Privileged Identity Management (PIM)
- C. conditional access policies
- D. resource locks
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer :
Reference:
//docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security