hello and welcome to this new video in this video we're going to cover 140 real exam question answers with explanation for sc900 which is Microsoft security compliance and identity fundamentals exam so before going to the question answers we request you to kindly subscribe to our YouTube channel if you're not already a subscriber and these question answers PDF is also available to download from shaping pixel.com website the full link will be in the description so let's jump on to the questions question number one for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are all aour active directory license editions include the same features you can manage an Azure active directory tenant by using the aour portal you must deploy aour virtual missions to host and aour active directory tenant so the right answers are so the first statement is false the second statement is true and the third statement is false so Microsoft Azure active directory is a comprehensive identity and access management Cloud solution that combines Co directory Services applications access management and advanced identity production azour active directory comes in four editions free Office 365 apps premium P1 and premium P2 the free edition is included with the subscription of a commercial online service example azour Dynamics 365 in tune and Power Platform question number two select the answer that correctly completes the sentence cash provides best practices from Microsoft employees partners and customers including tools and guidance to assist in an aour deployment and you have four options Azure blueprints Azure policy the Microsoft cloud adoption framework for azour resource lock so the right answer is the Microsoft cloud adoption framework for azour the cloud adoption framework is a collection of documentation implementation guidance best practices and tools that are proven guidance from Microsoft designed to accelerate your Cloud adoption Journey question number three select the answer that correctly completes the sentence so Dash is used to identify hold and Export electronic information that might be used in an investigation and you have four options customer logbox data loss prevention DLP ecovery a resource lock so the right answer is option ecovery so electronic Discovery or ecovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases you can use ecovery tools in Microsoft perview to search for content in exchange online one drive for business SharePoint online Microsoft teams Microsoft 365 groups and Yama teams you can search mailboxes and sites in the ecovery search and then export the search results you can use Microsoft perview ecovery cases to identify hold and Export content found in mailboxes and sites if your organization has an office 365 E5 or Microsoft 365 E5 subscription you can further manage custodians and analyze content by using the feature Rich Microsoft perview ecovery solution in Microsoft 365 question number four select the answer that correctly completes the sentence you can manage my Microsoft InTune by using the and you have four options azour active directory admin Center Microsoft 365 comp Center Microsoft 365 Defender portal Microsoft endpoint manager admin Center so the right answer is Microsoft endpoint manager admin Center so the endpoint manager combined Services you may know and already be using including Microsoft in tune configur ation manager desktop analytics Co management and windows autopilot these services are part of the Microsoft 36y stack to help secure access protect data respond to risk and manage risk question number five select the answer that correctly completes the sentence Federation is used to establish that cash between organizations and you have four options multiactor authentication MFA trust relationship user account synchronization a VPN connection so the right answer is a trust relationship so Federation is a collection of domains that have established trust the level of trust may vary but typically includes authentication and almost always include authorization a typical Federation might include a number of organizations that have established trust for shared access to ass set of resources question number six for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are applying system updates in increases an organization secure score in Microsoft Defender for cloud the secure score in Microsoft Defender for cloud can evaluate resources across multiple ajour subscriptions enabling multiactor authentication increases in organization secure score in Microsoft Defender for cloud so the right answers are all the statements are true system updates reduces security vulnerability and provide a more stable environment for end users not applying updates lives unpatched vulnerabilities and results in environments that are suspectable to attacks if you only use a password to authenticate a user it leaves an attack Vector open with MFA enabled your accounts are more secure question number number seven which score measures an organization's progress in completing actions that help reduce risk associated to data protection and regularity standards and we have four options option a Microsoft secure score option b productivity score option C secure score in ajour security Center and option D compliance score so the right answer is option D compliance score so Microsoft perview compellence manager is a feature in the Microsoft perview compliance portal that helps you manage your organization compliance requirements with greater ease and convenience compliance manager can help you throughput your compliance Journey from taking inventory of your data protection risk to managing the complexities of implementing controls staying current with regulations and certifications and repor to Auditors question number eight what do you use to provide realtime integration between ajul Sentinel and another Security Source and you have four options option a aure ad connect option b a log analytics workspace option C Azure information protection and option D a connector so the right answer is option D a connector to onboard aour Sentinel you first need to connect your security sources aure Sentinel comes with a number of connectors for Microsoft Solutions including Microsoft 365 Defender solution and Microsoft 365 sources including Office 365 azour ad Microsoft Defender for identity and Microsoft Cloud app security Etc question number nine which Microsoft portal provides information about how Microsoft cloud services compile with regulatory standard such as International Organization for standardization ISO and you have four options option A the Microsoft endpoint manager admin Center option b the ajour cost manager M agement plus billing option C Microsoft service trust portal and option D the aour active directory admin Center so the right answer is option C Microsoft service trust portal the Microsoft service trust portal contains details about Microsoft implementation of controls and processes that protects our cloud services and the customer data therein Pro provides a wealth of security implementations and design information which the goal of making it easier for you to meet regulatory compilance objectives by understanding how Microsoft cloud services keep your data secure question number 10 in the shared responsibility model for an nure deployment what is Microsoft Solly responsible for managing and you have four options option A the management of mobile devices option b the permissions for the user data stored in ajour option C the creation and management of user accounts and option D the management of the physical Hardware so the right answer is option D the management of the physical Hardware so there's a diagram showing responsibility Jones question number 11 for each of the following statements select yes if the statement is true otherwise select no so each correct selection is worth the one point so the statements are verify explicitly is one of the guidance guiding principle of zero trust assume breach is one of the guiding principle of zero trust and the zero trust security model assumes that if firewall accuse the internal network from external threats so let's see the answers so the first two statements are true and the third statement is false so Z trust is a security strategy it is not a product or service but an approach in designing and implementing the following set of security principles verify explicitly use least privilege access assume breach so this is the core of zero trust instead of be believing everything behind the corporate firewall is safe the zero trust model assumes breach and verifies each request as through it originated from an uncontrolled Network regard regardless of where the request originates or what resources it accesses the zero trust model teaches us to never trust always verify question number 12 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point control is a key privacy principle of Microsoft transparency is a key privacy principle of Microsoft shared responsibility is a key privacy principle of Microsoft so the right answers are so the first two statements are true and the third statement is false so the six privacy principle of Microsoft are so number one control we will put you in control of your privacy with easy to use tools and Clear Choices and number two transparency we will be transparent about data collection and use so you can make informed decisions number three security we will protect the data you address to us through strong security and encryption Number Four Strong legal protections we will respect your local privacy laws and fight for legal protection of your privacy as a fundamental human right number five no content based targeting we will not use your email chat files or other personal content to Target ads to you and number six benefits to you when we do collect data we will use it to benefit you and to make your experience better question number 13 select the answer that correctly completes the sentence Dash a file makes the data in the file readable and usable to viewers that have the appropriate key and you have four options archieving compressing D duplicating encrypting so the right answer is encrypting so encryption is the process of encoding information this process converts the original represent a of the information known as plain text into an alternative form known as CER text ideally only authorized parties can deifer a cyper text back to plain text and access the original information question number 14 for each of the following statement select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are digitally signing a document requires a private key verifying the authenticity of a digitally signed document requires the public key of the signer verifying the authenticity of a digitally signed document requires the private key of the signer so the right answers are so the first statement is true second statement is true and the third statement is false so a certificate is required that provides a private and a public key and the public key is used to validate the private key that is associated with the digital signature so as the private key is only used by the signer to sign the document and the associated publicly is used to verify the authenticity question number 15 select the answer that correctly completes the sentence when users sign in to the aour portal they are first and you have four options assign permissions authenticated authorized resolved so the right answer answer is authenticated authentication is who you say you are and authorization is what permissions to do you have question number 16 select the answer that correctly completes the sentence Dash is the process of identifying whether assigned in user can access a specific resource and the options are authentication authorization Federation and single sign on so the right answer is authorization so legitimacy of a user is checked first authentication later the permissions rules are checked to give him authorization to work on resources question number 17 select the answer that correctly completes the sentence Dash enables collaboration with business partners from external organization such as suppliers partners and vendors external users appear as a guest users in the directory and you have four options active directory domain Services adds active directory Forest trusts aour active directory business to business B2B aour active directory business to Consumer b2c so the right answer is aour active directory business to business B2B so aure active directory business to business collaboration is a feature within external identities that lets you invite guest users to collaborate with your organization with B2B collaboration you can securely share your company's applications and services with guest users from any other organization while maintaining control over your own corporate data question number 18 in the Microsoft cloud adoption framework for ajour which two phases are addressed before the ready phase each correct answer represents a complete solution so each correct selection is worth one point and you have five options option a plan option b manage option C adopt option D govern and option e Define strategy so the right answers are option a plan and option e Define strategy so the cloud adoption framework brings together Cloud adoption best practices from Microsoft employees partners and customers the framework provides tools guidance and narratives the tools it includes helps you shape your technology business and people strategies to achieve the best business outcomes possible through your Cloud adoption effort Cloud adoption framework is strategy plan ready adopt govern and manage question number 19 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are in software is a service applying service packs to Applications is a responsibility of the organization in infrastructure is a service managing the physical network is the responsibility of the cloud provider in all Azure Cloud deployment types managing the security of information and data is the responsibility of the organization so the right answers are so the first statement is false and the second and third statements are true so for all Cloud deployment types you own your data and identities your respons for protecting the security of your data and identities on premises resources and the cloud components you control question number 20 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point aour ad connect can be used to implement hybrid identity hybrid identity requires the implementation of two Microsoft 365 tenants authentication of hybrid identifies requires the synchronization of active directory domain services and aure active directory so the right answers are so the first statement is true and the second statement is false and the third statement is true so hi hybrid identity uses accounts that originate in an on-premises ads and have a copy in the aour ad tenant of Micosoft 365 subscription most changes with the exception of specific account attributes only flow One Way changes that you make to ad DS user accounts are synchronized to their copy in aure ad aour ad connect provides the ongoing account synchronization it runs in a non premises server checks for the changes in the adds and forwards those changes to aour ad ajour ad connect provides the ability to filter which accounts are synchronized and whether to synchronize a hashed version of user passwords known as password hash synchronization when you implement hybrid in identity your on premises adds is the Au authoritative source for account information this means that you perform Administration task mostly on premises which are then synchronized to Azure ad question number 21 select the answer that correctly completes the sentence so Dash provides Benchmark recommendations and guidance for protecting azour services and you have four options azour application insight aour Network Watcher log analytics workspaces security baselines for azour so the right answer is security baselines for ajour the ajour security Benchmark provides recommendations on how you can secure your Cloud Solutions on ajour the content is grouped by the security controls defined by the ajour security Benchmark and the related guidance applicable to cloud services when a feature has relevant Azure policy definitions they are listed in the space line to help you measure complaints to the AO security Benchmark controls and recommendations some recommendations may require a paid Microsoft Defender plan to enable certain security scenarios question number 22 what is an example of encryption at rest and you have four options option A encrypting communication by using a side to side VPN option b encrypting a virtual machine disk option C accessing a website by using an encrypted https connection option D sending an encrypted email so the right answer is option b encrypting a virtual machine disk so encryption is the secure encoding of data used to protect confidentiality of data the encryption at rest design in azour use symmetric encryption to encrypt and decrypt large amount of data quickly according to a simple conceptual Model A symmetric encryption key is used to encrypt data as it is written to storage the same encryption key is used to decrypt that data as it is reded for use in memory data may be partitioned and different Keys may be used for each partition Keys must be stored in a secure location with identity based access control and audit policies data encryption Keys which are stored outside of secure locations are encrypted with a key encryption key kept in a secure location question number 23 which three statements accurately describe the guiding principles of zero trust each correct answer represents a complete solution so each correct selection is worth one point and you have five options option A Define the perimeter by physical locations option b use identity as the primary security Bond option C always verify the permissions of a user explicitly option D always assume that the user system can be breached and option e use the network as the primary security boundary so the right answer is option b c and option D so zero trust is a security strategy it is not a product or a service but an approach in designing and implementing the following set of security principles verify explicitly use least privilege access and assume breach question number 24 which service should you use to view your aure secure score to answer select the appropriate services in the answer area so the right answer area is security Center so Defender for cloud displays your sex score prominently in the portal it's the first main tile the defender for cloud overview page selecting this tile takes you to the dedicated secure score page where you will see the score broken down by subscription select a single subscription to see the detail list of prioritized recommendations and the potential impact that remediating them will have on the subscription score question number 25 you are evaluating the compliance score in compliance manager match the complain score action subcategories to the appropriate actions to answer track the appr rate action subcategory from the column on the left to its actions on the right each action subcategory may be used once more than once or not at all each correct match is worth one point so action subcategories are corrective detective preventative so let's see the right answers are so preventative for encrypt data at rest detective perform a system access audit corrective makes configuration changes in responsive to a security incident so preventative actions address specific risks for example protecting information at rest using encryption is a preventative action against attacks and breaches separation of Duties is a preventative action to manage conflict of interest and guard against fraud and detective actions actively monitor systems to identify irregular conditions or behaviors that represents risk or that can be used to detect intrusions or breaches examples include system access auditing and privileged administrative actions regulatory complains audits are a type of detective actions used to find process issues corrective actions try to keep the adverse effects of a security incident to a minimum take corrective actions to reduce the immediate effect and reverse the damage if possible privacy incident response is a corrective action to limit damage and restore systems to an operational State breach after a breach question number 26 select the answer that correctly completes the sentence complains manager can be directly accessed from the and you have four options Microsoft 365 admin Center Microsoft 365 Defender portal Microsoft 365 complaint center and Microsoft support portal so the right answer is Microsoft 365 complaint center so sign into compilance manager to go to the Microsoft perview compliance portal and sign in with your Microsoft 365 Global administrator account select compliance manager on the left navigation pan you will arrive at a compliance manager dashboard the direct link to access compliance manager is so my note Microsoft 365 compliance is now called Microsoft perview and the solutions within the compliance area have been rebranded question number 37 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are enabling multiactor authentication increases the Microsoft secure score a higher Microsoft secure score means a lower identified risk level in the Microsoft 365 tenant Microsoft secure score measures progress in completing actions based on controls that includes key regulations and standards for data protection and governance so the right answers are so first statement is true second statement is true and the third statement is false so Microsoft secure score is a measurement of an organization security posture with a higher number indicating more recommended actions taken following the accuse score recommendations can protect your organization from threats from a centralized dashboard in the Microsoft 365 Defender portal organizations can monitor and work on the security of their Microsoft 365 identities apps and devices secure scores help organizations report on the current state of the organization security posture improve their security posture by providing discoverability visibility guidance and control compare with benchmarks and establish key performance indicators question number 28 what can you use to provide a user with a 2hour window to complete an administrative task in ajour and you have four options option A aour active directory privileged identity management option b aour multiactor authentication option C Azure active directory identity protection and option D conditional access policies so the right answer is option A aour active directory privileged identity management so Pim is a service in act Azure active directory that enables you to manage control and monitor access to important resources in your organization so privileged identity management provides time base based and approval based rule activation to mitigate the risk of excessive unnecessary or misused access permissions in on resources that you can care about question number 29 in a hybrid identity model what can you use to sync identities between active directory domain services and T active directory and you have four options option A active directory Federation service option b Microsoft Sentinel option C aour ad connect and option D aour ad privileged identity management so the right answer is option C Aur ad connect aure active directory domain services part of Microsoft entra enables you to use managed domain services such as Windows domain join group policy ldap and karos authentication without having to deploy manage or patch domain controls aure ad Connect Health for sync requires aure ad connect sync V2 if you are still using A8 connect V1 you must upgrade to the latest version a ad connect V1 is retired on August 31st 2022 aour ad Connect Health for sync will no longer work with AA DC connect V1 in December 2022 question number 30 for each of the following statement select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are you can create custom roles in azour active directory Global administrator is a role in azour active directory an azour active directory user can be assigned only one rule so the right answers are so the first two statements are true and the third statement is false so Azure ad supports custom roles Global administrator has access to all administrative features in aure active directory and aure active directory users can be assigned multiple roles question number 31 for each of the following statement select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are aure active directory is deployed to an on premises environment aour active directory is provided as a part of Microsoft 365 subscription aour active directory is an identity and access management service so the right answers are the first statement is true and the second and third statements are false so Aur active directory is a cloud-based user identity and authentication Service Microsoft 365 uses azour active directory aour active directory is included with your Microsoft 365 subscription aour active directory is a cloud-based user identity and authentication Service question number 32 select the answer that correctly completes the sentence with Windows hello for business a users biometric data used for authentication and you have four options is stored to an external device or is stored on a local device only is stored in azour active directory is replicated to all the devices designated by the user so the right answer is is stored on a local device only so Windows hello for business replaces passwords with strong two Factor authentication on devices these authentication consist of a type of user credential that is tied to a device and uses a biometric opin so Windows stores biometric data that is used to implement Windows hello securely on the local device only the biometric data doesn't room and is never sent to external devices or servers because Windows hello Only Stores biometric information data on the device there's no single collection point and attacker can compromise to steal biometric data question number 33 what is the purpose of aour active directory password protection and you have four options option A to control how often users must change the password option b to identify devices to which US users can sign in without using multifactor authentication option C to encrypt a password by using globally recognized encryption standards option D to prevent users from using specific words in their passwords so the right answer is option b to prevent users from using specific words in their password so aour ad password protection detects and blocks known weak passwords and their variants and can also block additional weak terms that are specific to your organization with Azure ad password protection default Global band password list are automatically apply to all users in an Azure ad tenant to support your own business and security needs you can Define entries in a custom band password list question number 34 which aour active directory fasia can you use to evaluate group memberships and automatically remove users that no longer require membership in a group and you have four options option A access reviews option b managed identities option C conditional access policies and option D azour ad identity protection so the right answer is option A access reviews so Microsoft entra Access reviews enable organizations to efficiently manage group membership access to Enterprise applications and role assignments users access can be reviewed on a regular basis to make sure only the right people have continued access question number 35 select the answer that correctly completes the sentence so Dash requires additional verification such as the verification code sent to a mobile phone and you have four options multiactor authentication pass through authentication password write back single sign on so the right answer is multiactor authentication MFA so aure ad multifactor authentication works by requiring two or more of the following authentication methods something you know typically a password something you have such a trusted device that's not easily duplicated like a phone or a Hardware Key something you are biometric like a fingerprint or face scan question number 36 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are conditional access policies can use the device State as a signal conditional access policies apply before first Factor authentication is complete conditional access policies can trigger multiactor authentication MFA if a user attempts to access a specific applications so the right answers are the first statement is true the second statement is false and the third statement is true so conditional access brings signals together to make decisions and enforce organizational policies Aur a conditional access is at a heart of the new identity driven control plane so conditional access policies are enforced after first Factor authentication is completed conditional access isn't intended to be an organizational first line of defense for scenarios like denial of service attacks but it can use signals from these events to determine access so users attempting to access specific applications can trigger different conditional access policies question number 37 select the answer that correctly completes the sentence so Dash is a cloud-based solution that leverages on premises active directory signals to identify detect and investigate Advanced threats and you have four options Microsoft Defender for clouds apps Microsoft Defender for endpoint and Microsoft Defender for identity and Microsoft Defender for Office 365 so the right answer is Microsoft Defender for ident so Microsoft Defender for identity is a cloud-based security solution that leverages your home premises active directory signals to identify detect and investigate Advanced threats compromised identities and malicious Insight actions directed to your organization Defender for identity enable SE op analyst and security professional struggling to detect Advanced attacks in in hybrid environments so to monitor users entity behavior and activities with learning based analytics protect user identities and credentials stored in active directory identify and investigate suspicious user activities and advanced attacks throughout the killchain provide clear incident information on a simple timeline for fast traon question number 38 select the answer that correctly completes the sentence Microsoft Defender for identity can identify Advanced threats from Dash signals and you have three options aure active directory aour ad connect and on premises active directory domain services so the right answer is on premises active directory domain services adds so Microsoft Defender for identity is a cloud-based security solution that leverages your on premises active directory signals to identify detect and investigate Advanced threats compromised identities and malicious Insider actions directed at your organization question number 30 9 select the answer that correctly completes the sentence aour active directory is Dash used for authentication and authorization and you have four options an extended detection and response system an identity provider a Management Group a security information and even management system so the right answer is an identity provider so Azure active directory a part of Microsoft entra is an Enterprise identity service that provides single sign on multifactor authentication and conditional access to guard against 99.9% of cyber security attacks question number 40 which Azure active directory feature can you use to provide just in time access to manage aour resources and you have four options option a conditional access policies option b azour ad identity protection option C azour ad privileged identity management option D authentication method policies so the right answer is option C aour ad privileged identity management Pim so aour ad privileged identity management helps you manage privileged administrative roles across Azure ad Azure resources and other Microsoft online services so Pim provides Solutions like justtin time access request approval workflows and fully integrated access reviews so you can identify uncover and prevent malicious activities of privileged roles in real time question number 41 which three authentication methods can be used by Azure multiactor authentication each correct answer represents a complete solution each correct selection is worth one point so you have five options option a text message SMS option b Microsoft authenticator app option C email verification option D phone call and option e security question so the right answer is option a text message option b Microsoft authenticator app and option D phone call so Azure ad multiactor authentication adds additional security over only using a password when a user signs in the user can be prompted for additional forms of authentication such as to respond to a push notification enter a code from a software or hardware token or respond to a SMS or phone call question number 42 which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization and you have four options option A sensitivity label policies option b customer logbox option C information barriers and option D privileged access management Pam so the right answer is option C information barriers Microsoft perview information barriers is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft teams SharePoint and one drive often used in highly regulated Industries IB can help to avoid conflicts of interest and Safeguard internal information between users and organizational areas question number 43 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are conditional access policies always enforce the use of multiactor authentication MFA conditional access policies can be used to block access to an application based on the location of the user conditional access policies only affect users who have Azure active directory joint devices so the right answers are so the first statement is false the second statement is true and the third statement is false so conditional access brings signals together to make decisions and enforce organizational policies aure ad conditional access is at the heart of the new identity-driven control plan many organizations have common access concerns that conditional access policies can help with such as requiring multiactor authentication for users with administrative roles requiring multiactor authentication for Azure management tasks blocking sign-ins for users attempting to use Legacy authentication protocols requiring trusted locations for azour ad multiactor authentication registration blocking or granting access from specific locations blocking risky signin behaviors requiring organizational manage devices for safe specific applications question number 44 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are conditional access policies can be applied to Global administrators conditional access policies are evaluated before a user is authenticated conditional access policies can use a device platform such as Android or iOS as a sign signal so the right answers are the first statement is true the second statement is false and the third statement is true so conditional access policies can be applied to all users conditional access policies are applied after first first Factor authentication is completed and users with devices of specific platforms are marked with a specific State can be used when enforcing conditional access policies question number 45 select the answer that correctly completes the sentence applications registered in aour active directory are associated automatically to a and you have four options guest account managed identity service principle user account so the right answer is service principal so when an application is given permission to access resources in a tenant a service principal object is created when you registered an application using the azour portal a service principal is created automatically you can also create service principal objects in a tenant using Azure Powershell Azure CLI Microsoft graph and other tools question number 46 which three authentication methods does Windows hello for business support each correct answer represents a complete solution each correct selection is worth one point and you have five options option a fingerprint option b facial recognition option C pin option D email verification and option e security question so the right answer is option a fingerprint and option b facial recognition and option C win so authentication begins when the user dismisses the lock screen which triggers wind log on to show the windows hello for business credential provider the user provides their window hello guesture wiin or Biometrics the credential provider packages these credentials and returns them to win log on so when log on passes the collected credentials to isas SSR lsas SS passes the collected credentials to the cloud authentication security support provider referred to as the cloud AB provider question number 47 select the answer that correctly completes the sentence when you enable security defaults in azour active directory Dash will be enabled for all azour ad users and you have three options aure ad identity protection aure ad privileged identity management Pim and multiactor authentication MFA so the right answer is multiactor authentication MFA so security defaults make it easier to help protect your organization from these identity related attacks which Pon pre-configured security settings so requ requiring all users to Reg for Azure ad multiactor authentication requiring administrators to do multiactor authentication requiring users to do multiactor authentication when necessary blocking Legacy authentication protocols protecting privileged activities like access to the aour portal question number 48 you have an AO subscription you need to imp Implement approval based time bound role activation what should you use and you have four options option a Windows Hof business option b azour active directory identity protection option C access reviews in azour active directory option D azour active directory privileged identity management so the right answer is option D Azure active direct privileged identity management so privileged identity management provides time based and approval based role activation to mitigate the risk of excessive unnecessary or misused access permissions on resources that you care about question number 49 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are Global administrators are exempt from conditional access policies a conditional access policy can add users to adure active directory roles conditional access policies can force the use of multiactor authentication to access Cloud apps so the right answers are the first two statements are false and the third statement is true so accounts that are assigned administrative rights are targeted by attackers requiring multiactor authentication on those accounts is an easy way to reduce the risk of those accounts being compromised question number 50 when security defaults are enabled for an aour active directory tenant which two requirements are enforced each correct answer represents a complete solution each correct selection is worth one point and you have five options option A all users must authenticate from a registered device option b administrator must always use aure multiactor authentication option C Azure multiactor authentication registration is required for all users option D all users must authenticate by using passwordless signin option e all users must authenticate by using Windows hello the right answer is option b and option C so security defaults make it easy to protect your organization with the following preconfigured security settings so requiring all users to register to ajour ad multifactor authentication requiring administrators to do multiactor authentication blocking Legacy authentication protocols requiring users to do multiactor authentication when necessary and protecting privileged activities like access to the AO portal question number 51 which three tasks can be performed by using aour active directory identity production each correct answer represents a complete solution each correct selection is worth one point and you have five option itions option A configure external access for partner organizations option b export risk detection to third party utilities option C automate the detention and Remediation of identity based risks option D investigate risk that relate to user authentication option e create an automatically assigned sensitivity labels to data so the right answers is option C D and and option e so to protect your users you can configure risk-based policies in aure active directory that automatically respond to risky behaviors aour ad identity protection policies can automatically block a sign in attempt or require additional actions such as require a password change or prompt for aure ad multiactor authentication these policies work with existing aour ad conditional access policies as an extra layer of protection for your your organization users may never trigger a risk behavior in one of these policies but your organization is protected if an attempt of to compromise your security is made aure active directory part of Microsoft intra supports applying sensitivity labels published by the Microsoft perview compliance portal to Microsoft 365 groups sensitivity labels applied to group across services like Outlook Microsoft teams and SharePoint for more information about Microsoft 365 app support see the Microsoft 365 support for sensitivity labels question number 52 select the answer that correctly completes the sentence so when using multiactor authentication a password is considered something you and you have four options so let's see the right answer here so the right answer is no so multiactor authentication combines two or more independent credentials what the users knows such as a password what the users has such as a security token and what the user is by using biometric verification methods question number 53 so for each of the following statements select yes if the statement is true otherwise select no so each correct selection is worth one point so the statements are windows hello for business can use the Microsoft authenticator app as an authentication method Windows hello for business can use a pin code as an authentication method Windows hello for business authentication information syncs across all the devices registered by a user so the first statement is false second statement is true and the third statement is false so the Microsoft authenticator app helps you sign into your accounts when you are using two Factor verification two Factor verification helps you to use your accounts more securely because password can be forgotten stolen or compromised two Factor verification uses a second Factor like your phone to make it harder for other people to break it into your account so in Windows 10 Windows hello business replaces passwords with a strong two-factor authentication on device this authentication consist of a new type of user credentials that is tied to a device and uses a biometric or pin Windows hello credentials are based on certificate or asymmetrical keyar Windows hello credentials can be bound to the device and to the Token that is obtained using the credential is also P to the device question number 54 select the answer that correctly completes the sentence an aure resource can use a system assigned Dash to access aour services and you have four options aour active directory join devices managed identity service principle user identity so the right answer is managed identity so managed identities provide an identity for applications to use when connecting to resources that support aour active directory authentication so here are some of the benefits of using managed identities you don't need to manage credentials credentials aren't even accessible to you you can use managed identities to authenticate to any resource that supports azour ad authentication including your own applications question number 55 select the answer that correctly completes the sentence you can use Dash in the Microsoft 365 Defender portal to identify devices that are affected by an alert and you have four options classifications incidents policies secure score so so the right answer is incidence so an incidence in Microsoft 365 Defender is a collection of correlated alerts and Associated data that make up the story of an attack Microsoft 365 services and apps create alerts when they detect a suspicious or malicious event or activity individual alert provide valuable clues about a completed or ongoing attack however the attack typically employ various techniques against different types of entities such as devices users and mailboxes the result is multiple alerts for multiple entries in your tenant because facing the individual alerts together to gain insight into an attack can be challenging and time consuming Microsoft 365 Defender automatically Aggregates the alerts and their Associated information into an incident question number 56 what are two capabilities of Microsoft Defender for endp Point each correct selection presents a complete solution each correct selection is worth one point and you have four options option A automated investigation and Remediation option B Transport encryption option C Shadow it detection and option D attacked surface reduction so the right answer is option A and option D authenticated investigation remediation and attack surface reduction so endpoint detection and response capabilities in Defender for endpoint provide Advanced attack detections that are near real time and actionable security analyst can prioritize alerts effectively gain visibility into the full scope of a bridge and take response actions to remediate threats when a threat is detected alerts are created in the system for an analyst to investigate alerts with the same attack techniques or attributes to the same attacker are aggregated into an entity called an incident aggregating alerts in this manner makes it easy for an list to collectively investigate and respond to threats question number 57 match the aour networking service to the appropriate description to answer drag the appropriate services from the column on the left to its description on the right each service may be used once more than once or not at all each correct match is worth one point so the services are aour basan Aur firewall Network Security Group NSG so the right answers are for aul firewall provides Network address translation services aour Bastion provide secure and seamless remote desktop connectivity to azour Virtual machines Network Security Group NSG provides traffic filtering that can be applied to specific Network inter phace on a virtual Network so aour firewall provides service network address translation and destination Network add translations and azour Baston provides secure and seamless RDP SSH connectivity to your virtual machines directly from the ajour portal over TLS and you can use an ajour Network Security Group to filter Network traffic to and from aour resources to an aour virtual Network question number 58 say select the answer that correctly completes the sentence so Dash is a cloud native security information and event management and security orchestration automated response solution used to provide a single solution for alert detection threat visibility proactive hunting and threat response and you have four options Aur advisor aour Bastion azour Monitor and aour Sentinel so the right answer is aour Sentinel so Microsoft Aur Sentinel is a scalable Cloud native security information even management and security orchestration automated response solution question number 59 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point so the statements are Azure Defender can detect vulnerabilities and threats for Azure storage Cloud security posture management is available for all aour subscriptions aour security Center can evaluate the security of workloads deployed to aour or on premises so the right answers are all the statements are true so Microsoft Defender for cloud provides security alerts and advanced threat prot action for virtual machines SQL databases containers web applications your network your storage and more and Cloud security posture management is available for free for all azour users and azour security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides Advanced threat protection across your hybrid workloads in the cloud whether they are in aure or not as well as on premises question number 60 for each of the following statements select yes if the statement is true otherwise select no so the statements are an aour subscription can be Associated to multiple aure active directory tenants you can change the aour active directory tenant to which an aour subscription is associated when an azour subscription expires the associated azour active directory tenant is deleted automatically so the right answers are the first statement is false the second statement is true and the last statement is false so an azour ad tenant can have multiple subscriptions but an Azure subscription can only be associated with one azour ad tenant and if your subscription expires you lose access to all other resources associated with subscription however the aour ad directory remains in aour you can associate and manage the directory using a different Azure subscription question number 61 which type of identity is created when you register an application with active directory aour ad and we have four options a user account option b a user assigned managed identity option C A system assigned managed Identity or option D a service principal so the right answer here is option D a service principal when you register an application through the aour portal an application object and service principle are automatically created in your home directory or tenant so question number 62 select the answer that correctly completes the sentence you can use Dash in the Microsoft 365 security Center to view an aggregation of alerts that relate to the same attack and we have following four options reports hunting attack simulator incidents so the right answer here is option D incidents an incident in Microsoft 365 Defender is a collection of correlated alerts and Associated data that make up the story of an attack question number 63 for each of the following statements select yes if the statement is true otherwise select no so each correct selection is worth one point so we have the following statements network security groups can deny inbound traffic from the internet network security groups can deny outbound traffic to the internet network security groups can filter network based on IP address protocol and Port so the right answers for the statements are so all of the statements are true you can use an aju Network Security Group to filter Network traffic to and from aour resources in an aour virtual Network a network security group contains security rules that allow or deny inbound traffic to or outbound traffic from several types of aour resources for each rule you can specify resource and destination port and protocol question number 64 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point Microsoft in tune can be used to manage Android devices Microsoft in tune can be used to provision aour subscriptions Microsoft in tune can be used to manage organization own devices and personal devices so let's see the right selection here so the first statement is true so the second statement is false and the third statement is true question number 65 for each of the following statements select yes if the statement is true otherwise select no so the statements are you can create one ajur Bast per virtual Network Aur Baston provides secure user Connection by using RTP and aour Baston provides a secure connection to an ajour virtual machines by using the ajour portal so all of the statements are true so question number 66 what feature in Microsoft Defender for endpoint provides the first line of defense against cyber threats by reducing the attack surface and we have four options option A automated remediation option b automated investigation option C Advanced hunting and option D Network protection so the right answer here is option D Network production Network protection helps protects devices from internet based events Network production is an attack surface production capability so question number 67 select the answer that correctly completes the sentence in Microsoft s Sentinel you can automate common task by using and we have four options deep investigation tools hunting search and query tools playbooks workbooks so the right answer here is playbooks question number 68 which two types of resources can be protected by using aour firewall each correct answer represents a complete solution each correct selection is worth one point and we have following five options aour virtual machines aour active directory users Microsoft Exchange online inboxes and ajour virtual Network and option e Microsoft SharePoint online sites so the the right answer here is option A and option D aour virtual missiones and ajour virtual networks so question number 69 you plan to implement a security strategy and place multiple layers of Defense throughout a network infrastructure which security methodology does these represents and we have four options thread modeling option b identity as the security parameter option C defense in depth and option D the shared responsibility model so the right answer here is option C defense in depth defense in depth uses a layered approach to security rather than relaying on a single perimeter a defense and depth strategy uses a series of mechanisms to slow the advaned of an attack each layer provides protection so that if one layer is breached a subsequent layer will prevent an attacker getting unauthorized access to data question number 170 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point Microsoft Defender for endpoint can protect Android devices Microsoft Defender for endpoint can protect aure virtual machines that run Windows 10 Microsoft Defender for endpoint can protect Microsoft SharePoint online sites and content from viruses so the first statement is true the second one is true and the third statement is false question number 71 what can you use to scan email attachments and forward the attachment to recipents only if the attachments are free from malware and we have four options option a Microsoft Defender for Office 365 option b Microsoft Defender antiviruses option C Microsoft Defender for identity and option D Microsoft Defender for endpoint so the right answer here is option a Microsoft Defender for Office 365 Microsoft Defender for Office 365 safeguards your organization against malicious threat posed by email messages links and collaboration tools question number 72 which feature provides the extended detection and response capability of aour Sentinel we have four options option A integration with the Microsoft 365 compliance Center option b support for threat hunting option C integration with Microsoft 365 Defender and option D support for aour monitor workbooks so the right answer here is option C integration with Microsoft 365 Defender Microsoft 365 Defender is an xdr solution that automatically collects correlates and analyzes signal threat and alert data from various from across your Microsoft 365 environment Microsoft Sentinel is a Cloud native solution that provides security information and event management and security orchestration Automation and response capabilities together Microsoft Sentinel and Microsoft 365 Defender provide a comprehensive solution to help organizations defend against modern attacks so question number 73 what can you use to provide the threat detection for aour SQL managed instance and we have four options Microsoft secure score application security groups Microsoft Defender for cloud Aur Baston so the right answer here is option C Microsoft Defender for cloud question number 74 for each of the following statement select yes if the statement is true true otherwise select no each correct selection is worth one point Microsoft secure score in the Microsoft 365 security Center can provide recommendations for Microsoft Cloud app security from the Microsoft 365 Defender portal you can view how your Microsoft secure score compares to the score of my organizations like yours Microsoft secure score in the Microsoft 365 Defender portal gives you points if your address and Improvement action by using a third party application or software so the right answer here is option yes for the first statement and the second statement is as well true and the third statement is true so question number 75 which Azure active directory feature can you use to restrict my moft in tune manage devices from accessing corporate resources and we have four options network security groups aour a privileged identity management conditional access policies resource logs so the right answer here is option C conditional access policies question number 76 select the answer that correctly completes the sentence so Nash can use conditional access policies to control sessions in real time and we have the following four options aure active directory privileged identity management aour Defender aour Sentinel Microsoft Cloud app security so the right option here is Microsoft Cloud app security can use conditional access policies to control sessions in real time so question number 77 select the answer that correctly completes the sentence Aur Doos protection standard can be used to protect and we have the following four options aure active directory applications aure active directory users resource groups virtual networks so the right answer answer here is option virtual networks question number 78 what should you use in the Microsoft 365 Defender portal to view security Trends and track the protection status of identities and we have four options option A attack simulator option b reports option option C hunting and option D incidents so the right answer here is option b reports so question number 79 you have a Microsoft 365 E3 subscription you plan to audit user activity by using the Unified audit log and basic audit for how long will the audit records be retained and we have the following four options so the right answer here is option C 90 days question number 188 to which type of resource can aour Bastion provide secure access and we have the following four options aour files aour SQL managed instances aour virtual machines aour app service so the right answer here is option C aju virtual machines AUD Baston provides secure and seamless RTP SSH connectivity to your virtual machines directly from the aour portal over TLS so question number 81 what are three uses of Microsoft Cloud app security each correct answer represents a complete solution each correct selection is worth one point and we have following five options option A to discover and control the use of Shadow ID option b to provide secure connections to azour Virtual machines option C to protect sensitiv sensitive information hosted anywhere in the cloud option D to provide pass through authentication to on premises applications option e to prevent data leaks to non-compliant apps and limmit access to regulated data so the right answer here is option a c and e question number 82 select the answer that correctly completes the sentence in the Microsoft 365 Defender portal an incident is a collection of correlated and we have the following four options alerts events vulnerabilities Microsoft secure score Improvement actions so the right option here is vulnerabilities so in the Microsoft 365 Defender portal an incident is a collection of correlated vulnerabilities so Microsoft 365 Defender portal is the new home for monitoring and managing security across your identities data devices and apps you will need to access various portals for certain specialized tasks it used to Monitor and respond to threat activity and strengthen security postures across your identities email data endpoints and apps with Microsoft 3605 question number 83 you need to connect to an ajour Virtual Machine by using ajour passion what should you use and we have four options option a power shell remoting option b the aour portal option C the remote desktop connection client and option D N SSH client so the right answer here is option b the portal you can create a RTP connection to a Windows VM using ajour Bastion question number 84 which service includes the attack simulation training feature and we have four options option a Microsoft Defender for cloud apps option b Microsoft Defender for identity option C Microsoft Defender for SQL and option D Microsoft Defender for Office 365 so the right answer here is option D Microsoft Defender for Office 365 attack simulation training in Microsoft Defender for Office 365 plan 2 or Microsoft 365 E5 lets you run running Cyber attack simulations in your organization these simulation test your security policies and practices as well as train your employees to increase their awareness and decrease their suspect ability to attacks question number 85 which type of alert can you manage from the the Microsoft 365 Defender portal and we have four options Microsoft Defender for storage Microsoft Defender for SQL Microsoft Defender for endpoint and Microsoft Defender for iot so the right answer here is option C Microsoft Defender for endpoint the alert Q shows the current set of alerts you get the alerts Q for incidents and alerts alerts on the quick launch of the Microsoft 365 Defender portal alerts from different Microsoft Security Solutions like Microsoft Defender for endpoint Microsoft Defender for Office 365 and Microsoft 365 Defender appear here so question number 86 for each of the following statements select yes if the statement is true otherwise select no Microsoft Sentinel data connectors supports only Microsoft services and the second statement you can use Azure monitor workbooks to monitor data collected by Microsoft Sentinel hunting provides you with the ability to identify security threats before an alert is triggered so the first statement is false and the third and second and the third statement is true question number 87 which two aure resources can a network security group be associated with each correct answer represents presents a complete solution each correct selection is worth one point and we have five options a virtual Network subnet a network interface a resource Group a virtual Network and aure app service web app so the the right options are a and b a virtual Network subnet and a network interface ass Association of network security groups you can associate a network security group with virtual machines n's and subnets depending on the deployment model you use so question number 88 what is a use case for implementing information barrier policies in Microsoft 365 and we have four options to restrict unauthenticated access to Microsoft 365 option b to restrict Microsoft teams chats between certain groups with an organization option C to restrict Microsoft Exchange online email between certain groups within an organization an option option D to restrict data sharing to external email recipients so the right answer here is option b to restrict Microsoft teams chats between certain groups within an organization Microsoft P viiew information barriers is a compl solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft teams SharePoint and one drive often used in highly regulated Industries IB can help to avoid conflicts of interest and Safeguard internal information between users and organization organizational areas question number 89 what can you use to deploy aour resources across multiple subscriptions in a consistent Manner and we have four options Microsoft Defender for cloud aour blueprints Microsoft Sentinel and aure policy so the right answer here is option b aour blueprints so question number 90 for each of the following statements select yes if the statement is true otherwise select no so each correct selection is worth one point with Advanced audit in Microsoft 365 you can identify when email items were accessed Advanced audit in Microsoft 365 supports the same retention period of audit logs as core auditing Advanced audit in Microsoft 365 allocates customer dedicated bandwidth for accessing audit data so the solution is first statement is true the second one is false and the third statement is true so question number 91 for each of the following statements select yes if the statement is true otherwise select no each correct selection is worth one point we have the following statements aour active directory identity production can add users to groups based on the users risk level aour active d Dory identity protection can detect whether user credentials were leaked to the public aure active directory identity prodection can be used to invoke multiactor authentication based on a user risk level so the first statement is false and the third and the second statement is true so question number 92 which Microsoft 365 compliance Center feature can you use to identify all the documents on a Microsoft SharePoint online site that can contain a specific keyword and we have the following four options audit compliance manager content search alerts so the right answer here is option C content search the content Search tool in the security and compliance Center can be used to quickly find email in exchange mailboxes documents in SharePoint sites and one drive locations an instant messaging conversation in Skype for business the first step is to starting using the content Search tool to choose content locations to search and configure a keyword query to search for specific items question number 93 select the answer that correctly completes the sentence Dash provides a central location for managing information protection information governments governance and data loss protection policies and we have the following four options aour Defender the Microsoft 365 compliance Center the Microsoft Defender portal and Microsoft Point manager so the right option here is the Microsoft 365 compliance Center so question number 94 what is the benefit of custom roles in Microsoft inra ID forly aour ad and we have four options option A they allow unlimited access to all administrative features in entra idid option option b they provide the ability to modify the fixed set of permissions and built-in roles option C they offer flexibility in granting access by allowing the selection of specific permissions option D to eliminate the need for a premium P1 or P2 license for entra ID so the right answer here is option C they offer flexibility in granting access by allowing the selection of specific permissions question number 95 which Microsoft security solution lets you find and control the use of Shadow ID and we have the following four options option a Microsoft Defender for cloud apps option b Microsoft Defender for endpoint option C aure WF and option D Azure application Gateway so the right answer here is option a Microsoft Defender for cloud apps Microsoft Defender for cloud apps is a cloud access security broker that lets you find uses of Shadow it and control its uses this is the process of identifying Cloud apps and IAS and pass services not authorized by an organization's it Department this means that without a tool like Microsoft Defender for cloud apps and apps and services are not managed or controlled question number 96 which authentication method allows user to sign in Microsoft entra ID Services formerly aour ad using the same username and password they use for their on premises active directory and we have the following four options option a entra ID password hash synchronization option b entra ID pass through authentication option C Federated authentication option D enter ID connect so the right answer here is option a entra ID password hash synchronization entra ID password hash synchronization with entra ID password hash synchronization users can sign sign in to enter ID services using the same username and password they use for their on premises active directory the password hash is synchronized to enter ID and the user's password is verified during the signin process question number 97 what allows you to monitor Microsoft Sentinel data using built-in workbook templates and custom workbooks and we have the following four options option a aour monitor workbooks option b playbooks based on aour logic apps option C Microsoft Defender for cloud and option D Microsoft Defender for app service so the right answer here is option A Aur monitor workbooks you can use Azure monitor workbooks to monitor Microsoft Sentinel data using built-in workbook templates and custom workbooks this is possible because Microsoft Sentinel is integrated with azour monitor workbooks this includes the ability to create interactive reports through aour monitor workbook this functionality enables you to gain insights across your data as soon as you connect the data source question number 98 you are a Microsoft security admin with an organization you need to make sure that remote employees can be identified when logging into SharePoint from personal devices which of the following security action should you apply and we have the following four options authorization authentication principle of least privilege session management so the right answer here is option b Authentication authentication is the process through which you Pro you say you are traditionally the primary method for authentication ver verification of a username and password other authentication method has come into use including require multiple authentication methods through multiactor authentication MFA and the use of passwordless authentication methods such as Microsoft authenticator app and Windows hello question number 9 you are configuring the aure environment for a credit card company the environment needs to be compliant with payment card in Industry data security standard what should use to ensure the minimum requirement set for the standard and we have the following four options aour blueprints aour policy communication complains inside risk management so the right answer here is option A aour blueprints Azure blueprints azour is a service that lets you define a repeatable set of aour resources to implement your organization standards patterns and requirements you will use Azure blueprints in a declarative way to build and deploy new environments with a set of buil-in components so question number 100 which of these provides recommendations to reduce risk around data protection and Regulatory standards choose two answers and we have the following four options option a Microsoft 365 admin Center option b Microsoft Defender for endpoint option C Microsoft perview compliance portal and option D Microsoft Defender ATP so the right answer here is option b Microsoft Defender for endpoint and option C Microsoft perview compliance portal so Microsoft perview compliance portal is especially designed to provide recommendations and help organization reduce risk around data protection and Regulatory standards it is a part of the Microsoft perview solution which focuses on data governance cataloging and compliance the perview compliance portal assist in managing data privacy complying with regulatory requirements and implementing data protection measures question number 101 what is the benefit of azour key W for managing certificates option A encryption for Windows and Linux Ias virtual machine desk in AO option b Secure Storage of tokens in an on premises server option C organizational responsibility for configuring patching and maintaining Hardware security modules hsms option D provisioning management and deployment of public and private SSL TLS certificates for aure resources so the right answer here is option D provisioning management and deployment of public public and private ssltls certificates for aour resources so azour kyol facilitates certificate management by allowing you to provision manage and deploy public and private secure sockets layers transport layer security certificates for aour resources it provides a centralized solution for certificate management making it easier to handle and secure SSL TLS certificates within your aure environment so question number 102 which of the following is a correct statement about network security groups nsgs in aour choose three answers option a network security groups filter traffic to and from aour resources in an aour virtual Network Reit option b you can associate 0 1 or more network security groups to each virtual subnet or virtual machine network interface option C you can associate one network security group with multiple virtual subnets and virtual machines networks interfaces option D network security groups apply to intra subnet traffic in a virtual Network so the right answer here is option A C and option D so let's jump on to the next question so question number 103 which authentication method allows users to authenticate directly against the on premises active directory without storing passwords in Microsoft inra ID formally aured option A intra ID password hash synchronization option b intra ID pass through authentication option C Federated authentication and option D entra ID connect so the right answer here is option b entra ID pass through authentication so let's jump on to the next question so question number 104 what should you use to prevent unauthorized communication with the user including searching for them starting a chat session or sending a meeting invitation in Microsoft team option A privileged access management option b data loss prevention option C information barriers and option D privileged identity management so the right answer here is option C information barriers you should use information barriers information barriers are used to establish two-way restrictions to prevent IND individuals are groups from communicating information barrier support Microsoft teams one drive for business SharePoint online as well as other Microsoft products information barriers for Microsoft teams let you restrict several types of activity related to meetings chats screens sharing and file sharing so question number 105 you need to describe Microsoft privacy principles to management which of the following principles applies to individuals use of an access to their personal data so the options are transparency security control legal protection so the right answer here is option C control the principle of control is an essential part of Microsoft approach to privacy it focuses on putting the customer in control of of their data and privacy through easy to use tools and Clear Choices Microsoft ensures that individuals have the ability to access modify or delete the data at any time it also emphasizes using data only with the customers agreement and providing Services based on the customer's choice this principle is enforced by compliance with privacy laws and standards so question number 106 which signals can conditional access policies take into account when making access decisions in Microsoft entra ID option a date and time of access attempt option b users's job title option C user created password and option D user or group membership so the right answer here is option D user or group memberships conditional access policies can take into account the user or group membership as a signal when making access decisions these allows administrators to Target policies to specific groups of users are external guest users providing fine grained control over access so question number 107 you are evaluating Microsoft's security policies because of recent leak of sensitive data from within the organization what should you use to mitigate the further loss of sensitive data option A Insider risk management option b information barriers option C privileged access management and option D rule based access control so the right answer here is option A Insider risk management Insider risk management can can be used to minimize internal risk through the detection investigation and Mitigation Of intentional and unintentional breaches of your organization Insider policies it can help you to minimize or avoid risks of sensitive data leaks intellectual property theft insider trading and fraud so the question number 108 which of the following protects your Organization for malicious threats presented in email messages web links and collaboration tools option a Microsoft Defender for endpoint option b Microsoft Defender for identity option C Microsoft Defender for Office 365 and option D Microsoft Defender for cloud apps so the right answer here is option C Microsoft Defender for Office 365 is a seamless integration into to your Office 365 subscription that provides protection against threat that arrive in emails links attachment or collaboration tools like SharePoint teams and Outlook with realtime views of threats and tools like threat Explorer you can threat hunt and stay ahead of potential threats so question number 109 what is Microsoft secur SEC information event management and security orchestration automated Response Security solution and the options are Microsoft InTune Microsoft Sentinel Microsoft Defender for cloud and Microsoft 365 Defender so the right answer here is option b Microsoft Sentinel Microsoft Sentinel is Microsoft Sim s o a r security solution Microsoft Sentinel collect prots data from on premises and multiple clouds for all uses devices applications and infrastructure detects previously uncovered threats and minimizes false positives investigates threats and hunts suspicious activities at scale responds to incidents and built-in orchestration and security task automation so question number 110 you're working with customers data using Microsoft perview which of the following which of these allow you to use artificial intelligence and machine learning to categorize the data option A extract data match classification option b custom sensitive information types option C sensitive information types option D trainable classifiers so the right answer here is option D trainable classifiers trainable classifiers in Microsoft perview utilize artificial intelligence and machine learning to intelligently classify data unique to an organization this method focuses on training and the classifiers to identify items based on their content rather than specific patterns trainable classifiers can be pre-trained classifiers provided by Microsoft are custom classifiers created and trained by organizations these classifiers are particularly useful for classifying organization specific data such as specific types of contracts inves are customer records so let's jump on to the next question question number 111 which of these provides recommendations to reduce risk around data protection and Regulatory standards option a Microsoft 365 admin Center option b Microsoft Defender for endpoint option C Microsoft perview compliance portal and option D Microsoft Defender ATP so the right answer here is option b and option C the Microsoft perview compliance portal is specially designed to provide recommendations and help organizations reduce risk data production and Regulatory standards it is a part of the Microsoft perview solution which focuses on data governance cataloging and compliance the purview compliance portal assist in managing data privacy complying with regulatory requirements and implementing data protection measures question number 112 which of these tools are Concepts allow you to make choices about how and why your Microsoft data is collected and used option A compliance manager option b privacy principles of Microsoft option C shared responsibility model and option D zero trust methodology so the right answer here is option b privacy principles of Microsoft the Privacy principles of Microsoft are about making meaningful choices for how and why data is collected and used they ensure that you have the information you need to make the right choices for your organization Microsoft privacy principles include information about where your data is located and how Microsoft collects and protects data so question number 113 you are an ajour Security administrator you have been asked to identify a tool that will continuously analyze and security status of your a resources for network security best practices what would you recommend option a Microsoft cloud security Benchmark option b Microsoft Defender for cloud option C aure Monitor and option D Regulatory Compliance so the right answer here is option b Microsoft Defender for cloud a network map is provided with Microsoft Defender for cloud as a way to continuously monitor your network security status including Network topology node connections and node configurations so question number 114 you are a Microsoft admin for a company you need to implement an effective data loss prevention policy structure before you begin planning DLP policies you need to describe to management the steps you have taken to ensure your DLP policies will be effective which steps would you describe the options are option A encrypt all sensitive data option b describe discover and classify ify sensitive data option C plan the DLP implementation option D design and create DLP policies so the right answer here is option b describe discover and classify sensitive data data loss prevention helps you prevent an unintentional or accidental sharing of sensitive information DLP examines email messages and files for sensitive information like credit card numbers using DLP you can detect sensitive information and take action such as log the event for audit purpos purposes display a warning to the end user who is sending the email or sharing the file actively block email or file sharing from taking please question number 115 which of these describes the concept of data privacy option a governing the physical locations where data can be stored and how and when it can be transferred processed or accessed internationally option b providing notice and being transparent about the collection processing use and sharing of personal data or fundamental principles of privacy laws and regulations option C understanding that data is subject to the laws and regulations of the country region in which it's physically collected held are processed option D collecting data in one location stored in it in another and processing it in still another location so the right answer here is option b so let's jump on to the next question question number6 which authentication method provides highly available Cloud authentication allowing all on premises users to authenticate with Microsoft entra ID even if the on premises active directory goes down option a entra ID password hash synchronization option b entra ID pass through authentication option C Federated authentication and option D entra ID connect so the right answer here is option a entra ID password hash synchronization password hash synchronization ation provides highly available Cloud authentication even if the on premises active directory goes down on premises users can still authenticate with entra ID to access cloud-based applications so question number 117 you want to find out how Microsoft cloud services protect your data and how you can manage cloud data security and compliance for your organization what should you use option a aure security Center option b Microsoft compliance manager option C Service trust portal and option D Microsoft InTune so the right answer here is option C Service trust portal service trust portal is the primary platform that offers a variety of content tools and resources related to Microsoft cloud services data protection cloud data security and compliance management it provides access to audit reports compliance related information Microsoft authored white papers and other resources to help organizations understand how Microsoft safeguards data and manages cloud data security and compliance so let's jump on to the next question question number 118 you plan to connect an application to Azure resources that support and inra ID authentication you want to avoid managing any credentials or in Aur extra cost which identity type should you choose for the application and the options are managed identity user assigned identity service principle shared access signature so the right answer here is option A managed identity managed identity is a feature in AO that provides an automatically man managed identity for aure resources with managed identity the application can authenticate with ar aour resources that support Microsoft entra ID and the tation without needing to manage itting credentials it eliminates the need for storing and managing Secrets or passwords within the application code or configuration managed identity is a no cost option meaning there are no additional charges for using this feature so let's jump on to the next question question number 190 what is the main purpose of aure AD B2B collaboration option A managing customer identities option b sharing apps and resources with external users option C handling authentication for Consumer facing apps option D enabling self-service sign up for employees so the right answer here is option b sharing apps and resources with external users aure ad B2B collaboration allows organizations to share their applications and services with guest users from other organizations while maintaining control over their own data it enables collaboration and access control for external users so let's jump on to the next question question number 120 what should you use to encrypt the windows and Linux IAS virtual machine dis in a option A a transparent data encryption option b Azure disk encryption and option C Azure storage service encryption and option D always encrypted so the right answer here is option B azour Storage service encryption is used to automatically encrypt data rest in azour Blob storage and aure file shares it ensures that the data is encrypted before it is stored and automatically decrypts it and retrieved so let's jump on to the next question so question number 121 which of these ensures that the data has not been tampered within Transit so the options are hashing encryption authentication authorization so the right answer here is option A hashing hashing is a Security operation that can use mathematically functions or algorithm to map Source data to a fixed size value you can use it for example to generate a hash for your file REITs of that file can then use the same hashing algorithm to compare it with the original hash value as a proof that the file was not tempered with while in transit so question number 122 which statement describes data sity option A the physical or geographic location of an organization I ation data or information option b providing notice and being transparent about the collection processing use and sharing of personal data are fundamental principles of privacy laws and regulations option C data including personal data is subjected to the laws and regulations of the country region in which it is physically collected held or processed option D trust no one verify everything so the right answer here is option C so let's jump on to the next question so question number 123 which enhanced security feature of Microsoft Defender for cloud provides unified view of security across on premises and Cloud workloads option a comprehensive endpoint detection and response option b vulnerability scanning for virtual machines option C multicloud security and option D hybrid security so the right answer here is option D hybrid security so let's jump on to the next question so question number 124 which of these is true of conditional access policies in Microsoft entra ID option A if they are configured to apply all users they will apply to aure ad B2B collaboration guest users option b they let you apply time sensitive access permissions that can be configured to automatically expire option C they require access to Azure identity production in order to evaluate signin risk and user risk option D if they are configured within azour Sentinel you can evaluate sign in risk and user risk so the right answer here is option A and option C so let's jump on to the next question so question number 125 you are a Microsoft 365 security admin you need to apply sensitivity labels to your organization's data which of these actions can you take when applying sensitivity labels option A apply multiple sensitivity labels to emails and documents option b specify that a default label is to be applied to all items in a container through a label policy option C include multiple sensitivity labels in the same label policy option D classify content without adding protection settings so the right answer here is option b c and option D question number 126 which feature of Microsoft entra ID can you use to manage user access throughout the users organizational life and the options are identity life cycle access life cycle authentication conditional access policy so the right answer here is option b access life cycle access life cycle is managing access throughout the users organizational life users require different access levels from the point at which they join an organization to when they leave it at various stages in between they will need access rights to different resources depending on their role and responsibilities so let's jump on to the next question question number 127 what is the basis of your compliance score in compliance manager option A completed Microsoft actions only option b your current Microsoft secure score option C the default Microsoft 365 data protection Baseline assessment option D automated testing monitored improvements actions only so the right answer here is option C the default Microsoft 365 data protection Baseline assessments your initial compliance manager compliance score is based on the Marx of 365 by data protection Baseline this is a set of controls that include regulations and standards for data protection and data governance you can view an overall compliance score based on these data protection standards so question number 128 what statement best describes the concept of data residency option a trust no one verify everything option b regulations govern the physical locations where data can be stored and how and when it can be transferred processed and accessed internationally option C The Collection processing usage and sharing of personal data should be a transparent process and our fundamental principles of privacy laws and regulations option D data particularly personal data is subject to the laws and regulations of the country region in which it is physically collected held or processed so the right right answer here is option b so let's jump on to the next question so question number 129 which enhanced security feature of Microsoft Defender for cloud reduces exposure to brute force and other network attacks by controlling access to management boards on Azor vams option a threat protection alerts option b compliance tracking option C adaptive application controls and option D hybrid security so the right answer here is option C adaptive application controls adaptive application controls are an intelligent and automated solution for defining allow list of known safe applications for your machines let's jump on to the next question question number 130 which category in the service portal provides certifications regulations and standards related to Microsoft cloud services option A certifications regulations and standards option b reports white papers and artifacts option C industry and Regional resources option D resources for your organization so the right answer here is option A certifications regulations and standards so let's jump on to the next question question number 131 which feature of Microsoft entra ID helps reduce the risk of users setting weak passwords the options are multiactor authentication password protection Global band password list custom band password list so the right answer here is option b password protection entra ID's password protection is a feature that helps reduce the risk of users setting weak passwords by detecting and blocking known weak passwords and then variants it enforces the use of strong passwords during password change or reset process so question number 132 which tool provides a secure score by continually accessing your organizations aure hybrid and multicloud resources option a Microsoft Defender for cloud option b Microsoft cloud security Benchmark option C Microsoft Sentinel and option D Cloud security posture management so the right answer here is option a Microsoft Defender for cloud Microsoft Defender for cloud provides a secure score by continually accessing your organizations ajour hybrid and multi Cloud resources so let's jump on to the next question so question number 133 which of these describes Microsoft entra ID option A it is a set of directory services that connect users with the on premises network resources option b it provides the special class of identity to manage external identities option C it supports software the service apps natively option D it provides real-time monitoring and alerting for security incidents in the Aur Cloud environment so the right answer here is option a Microsoft inra ID is a set of directory services that connect users with on premises network resources ad connects consist of different directory services such as active directory domain Services active directory lightweight directories Services active directory certificate services and others it was designed for on premises domain based networks and it contains information about users and devices their credentials and defined access to the relevant network resources so question number 134 your organization has multiple AO virtual machines deployed in AO virtual networks you want to enhance the security of these VMS and reduce exposure to attacks while providing easy access to connect to the VMS when needed a team member needs to access one of the VMS for maintenance purposes what should you do option A use just in time access option b enable multiactor authentication for administrators option C disable the administrator user account and only enable them when needed with power shell option D Block outbound traffic from the V M temporarily until maintenance is complete so the right answer here is option A use just in time axis just in time AIS allows lock down of the inbound traffic in your VMS reducing exposure to attacks while providing easy access to connect to VM when needed question number 135 which Access Control decisions can be made by conditional access policies option a grant access to Microsoft entra ID admin Center option B Block access option C Grant access or option D force a password change so the right answer here is option b c and d so let's jump on to the next question question number 136 you're planning your organization Security Management rules and guidelines for its aour resources what should you use and the options are aour policy role based Access Control ajour monitor network security group so the right answer here is option a ajour policy so ajour policy is a service that allows users to Define and enforce policies for resource consistency compliance security cost and management in aour it enables organizations to establish rules and guidelines for their ajour resources so let's jump on to the next question question number 137 you are a Microsoft 365 security admin you want to see a historical view of what is being done with content labels such as labels being applied or changed what should you use options are content Explorer compliance score activity Explorer Aur secure score so the right answer here is option C activity Explorer so let's jump on to the next question so question number 138 what category of cards in the Microsoft 365 Defender portal provides insights into how Cloud apps are being used in your organization options are identities data devices apps so the right answer here is option D apps the apps category in the Microsoft 365 Defender portal provides insights into how Cloud apps are being used in your organization it helps you understand the monitor the usage of various Cloud applications within your organization's environment question number 139 what is the lowest cost edition of Microsoft entra ID needed to support multiactor authentication conditional access and privileged identity management the options are Office 365 apps inra ID free inra ID premium P1 inra ID premium P2 so the right answer here is option D entra ID premium P2 so entra ID premium P2 is required to support Pim and therefore inra ID premium P2 would be required in this scenario entra ID premium P2 also supports MFA and conditional access so let's jump on to the next question question number 140 which encryption method is used to protect Azure SQL database and aure data warehouse against malicious activities option a transparent data encryption option B Ajo disk encryption option C AO storage service encryption and option D always encrypted so the right answer here is option a transparent data encryption so transparent data encryption is used to protect azour SQL database and Azure data warehouse against malicious activity it performs real-time encryption and decryption of the database Associated backups and transaction log fils at rest without requiring changes to the application so that's all in this video guys thank you for watching while going through the question and answers if you think any of the answer is incorrect please let me know in the comment section with a question number and the right answer and your explanation please and these question answers PDF is also available to download from shaping pixel.com website the full link will be in the description I'll see you in the next video Until then keep learning