SC-900 Practice Test Video Answers

1. B
Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management service. Its primary purpose is to manage identities and enable secure access to resources in the cloud and on-premises.

2. C
Verify explicitly is a core Zero Trust principle that requires always authenticating and authorizing based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

3. B
Conditional Access is a feature in Microsoft Entra ID that allows administrators to enforce policies based on signals such as user location, device state, real-time risk detection, and application sensitivity to control access to resources.

4. C
FIDO2 security keys provide the highest level of security as they are phishing-resistant, passwordless authentication methods based on public key cryptography. They are more secure than SMS, passwords, or security questions.

5. B
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) solution that provides security recommendations, threat protection, and compliance management for cloud resources.

6. B
In the shared responsibility model, the customer is always responsible for securing their data, identities, and access management regardless of the service model (IaaS, PaaS, or SaaS).

7. B
Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution that provides intelligent security analytics and threat intelligence.

8. B
SOC 2 Type 2 reports provide independent third-party verification of Microsoft’s security controls and their operating effectiveness over a specified period, offering assurance to customers about security practices.

9. B
The principle of least privilege access means granting users only the minimum level of access rights and permissions necessary to perform their job functions, reducing the potential attack surface.

10. B
Microsoft Defender for Office 365 protects against email-based threats including malicious attachments, phishing links, and business email compromise through features like Safe Attachments and Safe Links.

11. B
Azure DDoS Protection is specifically designed to protect Azure resources against distributed denial-of-service attacks by detecting and automatically mitigating attacks at the Azure network edge.

12. C
Data classification and labeling in Microsoft Purview helps organizations discover, classify, and protect sensitive information across their environment using built-in and custom classifiers and sensitivity labels.

13. B
Microsoft Entra Privileged Identity Management (PIM) provides time-based and approval-based role activation to manage, control, and monitor access for privileged administrative roles, reducing the risk of excessive, unnecessary, or misused access permissions.

14. C
The General Data Protection Regulation (GDPR) is an EU regulation that requires organizations to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

15. C
Microsoft Defender for Endpoint is an enterprise endpoint security platform that provides endpoint detection and response (EDR), automated investigation and remediation, and vulnerability management for devices.

16. A
An administrative unit in Microsoft Entra ID is a container that can hold users, groups, or devices, allowing organizations to delegate administrative permissions to manage only specific portions of their directory.

17. B
Microsoft Secure Score is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. It provides recommendations to improve security across Microsoft 365 services.

18. B
Azure Key Vault is a cloud service for securely storing and accessing secrets, including API keys, passwords, certificates, and cryptographic keys used by cloud applications and services.

19. B
Sensitivity labels in Microsoft Purview allow organizations to classify and protect data based on its sensitivity level by applying encryption, access restrictions, and visual markings to documents and emails.

20. C
SAML 2.0, OAuth 2.0, and OpenID Connect are modern authentication protocols commonly used for single sign-on (SSO) in cloud and web applications, providing secure authentication and authorization.

21. B
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that provides visibility, data control, and threat protection for cloud applications through discovery, investigation, and governance capabilities.

22. B
Retention policies and retention labels in Microsoft Purview help organizations meet regulatory, legal, and business data retention requirements by automatically retaining or deleting content based on specified rules.

23. B
Passwordless authentication eliminates traditional passwords by using more secure authentication methods such as biometrics (Windows Hello), FIDO2 security keys, or the Microsoft Authenticator app.

24. B
Security groups in Microsoft Entra ID are used to manage access to resources for multiple users collectively, allowing administrators to assign permissions to a group rather than to each user individually.

25. B
Microsoft Defender Threat Intelligence provides insights about cyber threats, threat actors, their tactics, techniques, and procedures (TTPs), helping organizations understand and defend against current and emerging threats.

26. C
eDiscovery in Microsoft Purview allows organizations to search for, preserve, analyze, and export content across Microsoft 365 services for legal investigations, regulatory requests, and internal investigations.

27. B
Microsoft Entra ID Protection uses machine learning to detect identity-based risks such as compromised credentials, unfamiliar sign-in properties, and anonymous IP usage, allowing organizations to investigate and remediate these risks.

28. B
Encryption in transit protects data while it is being transmitted over a network by encrypting the data during transmission using protocols like TLS/SSL, preventing interception and tampering.

29. B
Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual Network resources with built-in high availability and unrestricted cloud scalability.

30. B
Insider risk management in Microsoft Purview helps organizations detect, investigate, and act on risky activities performed by internal users, such as data theft, data leaks, or security violations.

31. B
Multi-factor authentication (MFA) requires users to provide two or more verification methods (something you know, something you have, something you are) to prove their identity, significantly improving security over password-only authentication.

32. B
Microsoft Intune is a cloud-based unified endpoint management (UEM) service that manages and secures devices including mobile devices, desktops, and virtual endpoints across an organization.

33. B
Data loss prevention (DLP) policies help prevent sensitive information from being inappropriately shared, transferred, or used by detecting and protecting sensitive content based on rules and conditions.