Microsoft SC-900 Exam Practice Test Instant Access

Question 1

Which two types of devices can be managed by using Endpoint data loss prevention (Endpoint DLP)? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

AWindows 11

BLinux

CiOS

DmacOS

EAndroid

Answer : A, D

Question 2

What can you use to ensure that all the users in a specific group must use multi-factor authentication (MFA) to sign in to Azure AD?

AAzure Policy

Ba communication compliance policy

Ca Conditional Access policy

Da user risk policy

Answer : C

Question 3

Which two Azure resources can a network security group (NSG) be associated with? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Aa network interface

Ban Azure App Service web app

Ca virtual network

Da virtual network subnet

Ea resource group

Answer : A, D

You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Question 4

What can you use to view the Microsoft Secure Score for Devices?

AMicrosoft Defender for Cloud Apps

BMicrosoft Defender for Endpoint

CMicrosoft Defender for Identity

DMicrosoft Defender for Office 365

Answer : B

Microsoft Secure Score for Devices

Artikel

12.05.2022

3Minuten Lesedauer

Applies to:

Microsoft Defender for Endpoint Plan 2

Microsoft Defender Vulnerability Management

Microsoft 365 Defender

Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

To sign up for the Defender Vulnerability Management public preview or if you have any questions, contact us (mdvmtrial@microsoft.com).

Already have Microsoft Defender for Endpoint P2? Sign up for a free trial of the Defender Vulnerability Management Add-on.

Configuration score is now part of vulnerability management as Microsoft Secure Score for Devices.

Your score for devices is visible in the Defender Vulnerability Management dashboard of the Microsoft 365 Defender portal. A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories:

Application

Operating system

Network

Accounts

Security controls

Select a category to go to the Security recommendations page and view the relevant recommendations.

Turn on the Microsoft Secure Score connector

Forward Microsoft Defender for Endpoint signals, giving Microsoft Secure Score visibility into the device security posture. Forwarded data is stored and processed in the same location as your Microsoft Secure Score data.

Changes might take up to a few hours to reflect in the dashboard.

In the navigation pane, go to Settings > Endpoints > General > Advanced features

Scroll down to Microsoft Secure Score and toggle the setting to On.

Select Save preferences.

How it works

Microsoft Secure Score for Devices currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.

The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing vulnerability discovery process. It is aggregated with configuration discovery assessments that continuously:

Compare collected configurations to the collected benchmarks to discover misconfigured assets

Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)

Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)

Collect and monitor changes of security control configuration state from all assets

Question 5

What are three uses of Microsoft Cloud App Security? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Ato discover and control the use of shadow IT

Bto provide secure connections to Azure virtual machines

Cto protect sensitive information hosted anywhere in the cloud

Dto provide pass-through authentication to on-premises applications

Eto prevent data leaks to noncompliant apps and limit access to regulated data

Answer : A, C, E

https://docs.microsoft.com/en-us/defender-cloud-apps/what-is-defender-for-cloud-apps

Question 6

Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

AConfigure external access for partner organizations.

BExport risk detection to third-party utilities.

CAutomate the detection and remediation of identity based-risks.

DInvestigate risks that relate to user authentication.

ECreate and automatically assign sensitivity labels to data.

Answer : B, C, D

Question 7

Which type of identity is created when you register an application with Active Directory (Azure AD)?

Aa user account

Ba user-assigned managed identity

Ca system-assigned managed identity

Da service principal

Answer : D

When you register an application through the Azure portal, an application object and service principal are automatically created in your home directory or tenant.

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

Microsoft SC-900 Microsoft Security, Compliance, and Identity Fundamentals Exam Practice Test