QUESTION: 21

What is an example of encryption at rest?

encrypting communications by using a site-to-site VPN
encrypting a virtual machine disk
accessing a website by using an encrypted HTTPS connection
sending an encrypted email

Answer(s): B

Reference:

https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

Show Answer Next Question

QUESTION: 22

Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

Define the perimeter by physical locations.
Use identity as the primary security boundary.
Always verify the permissions of a user explicitly.
Always assume that the user system can be breached.
Use the network as the primary security boundary.

Answer(s): B,C,D

Reference:

https://docs.microsoft.com/en-us/security/zero-trust/

Show Answer Next Question

QUESTION: 23

HOTSPOT (Drag and Drop is not supported)
Which service should you use to view your Azure secure score? To answer, select the appropriate service in the answer area.
Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track

Show Answer Next Question

DRAG DROP (Drag and Drop is not supported)
You are evaluating the compliance score in Microsoft Purview Compliance Manager. Match the compliance score action subcategories to the appropriate actions.
To answer, drag the appropriate action subcategory from the column on the left to its action on the right. Each action subcategory may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:

See Explanation section for answer.

Answer(s): A

Explanation:

Box 1: Preventative
Preventative actions address specific risks. For example, protecting information at rest using encryption is a preventative action against attacks and breaches. Separation of duties is a preventative action to manage conflict of interest and guard against fraud.
Box 2: Detective
Detective actions actively monitor systems to identify irregular conditions or behaviors that represent risk, or that can be used to detect intrusions or breaches. Examples include system access auditing and privileged administrative actions. Regulatory compliance audits are a type of detective action used to find process issues.
Box 3: Corrective
Corrective actions try to keep the adverse effects of a security incident to a minimum, take corrective action to reduce the immediate effect, and reverse the damage if possible. Privacy incident response is a corrective action to limit damage and restore systems to an operational state after a breach.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation

Show Answer Next Question

Free Microsoft SC-900 Exam Questions (page: 7)

QUESTION: 21

Reference:

QUESTION: 22

Reference:

QUESTION: 23

Explanation:

Reference:

QUESTION: 24

Explanation:

Reference:

SC-900 Exam Discussions & Posts