CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-900

Free SC-900 Exam Braindumps (page: 17)

Page 16 of 56
PDF with 220 Questions

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

  1. to control how often users must change their passwords
  2. to identify devices to which users can sign in without using multi-factor authentication (MFA)
  3. to encrypt a password by using globally recognized encryption standards
  4. to prevent users from using specific words in their passwords

Answer(s): D

Explanation:

Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization.

With Azure AD Password Protection, default global banned password lists are automatically applied to all users in an Azure AD tenant. To support your own business and security needs, you can define entries in a custom banned password list.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban- bad-on-premises



What is a function of Conditional Access session controls?

  1. enforcing device compliance
  2. enforcing client app compliance
  3. enable limited experiences, such as blocking download of sensitive information
  4. prompting multi-factor authentication (MFA)

Answer(s): C



HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: No

Box 2: Yes
Identity Protection detects risks of many types, including:

Anonymous IP address use
Atypical travel
Malware linked IP address
Unfamiliar sign-in properties
Leaked credentials
Password spray
and more...

Box 3:Yes
The risk signals can trigger remediation efforts such as requiring: perform multifactor authentication, reset their password using self-service password reset, or block access until an administrator takes action.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection



What can you use to ensure that all the users in a specific group must use multi-factor authentication (MFA) to sign to Azure Active Directory (Azure AD)?

  1. Azure Policy
  2. a communication compliance policy
  3. a Conditional Access policy
  4. a user risk policy

Answer(s): C

Explanation:

Conditional Access: Require MFA for all users

Create a Conditional Access policy
The following steps will help create a Conditional Access policy to require all users do multifactor authentication.

1. Sign in to the Azure portal as a Global Administrator, Security Administrator, or Conditional Access Administrator.
2. Browse to Azure Active Directory > Security > Conditional Access.
3. Select New policy.
4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
5. Under Assignments, select Users or workload identities.
Under Include, select All users
Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
6. Under Cloud apps or actions > Include, select All cloud apps.
Under Exclude, select any applications that don't require multifactor authentication.
7. Under Access controls > Grant, select Grant access, Require multifactor authentication, and select Select.
8. Confirm your settings and set Enable policy to Report-only.
9. Select Create to create to enable your policy.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa






Post your Comments and Discuss Microsoft SC-900 exam with other Community members:

SC-900 Discussions & Posts