Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-900

Free Microsoft SC-900 Exam Questions (page: 9)

Page 9 of 58
PDF with 226 Questions

DRAG DROP (Drag and Drop is not supported)
Match the types of compliance score actions to the appropriate tasks.
To answer, drag the appropriate action type from the column on the left to its task on the right. Each type may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Preventative
Preventative actions address specific risks. For example, protecting information at rest using encryption is a preventative action against attacks and breaches. Separation of duties is a preventative action to manage conflict of interest and guard against fraud.
Box 2: Detective
Detective actions actively monitor systems to identify irregular conditions or behaviors that represent risk, or that can be used to detect intrusions or breaches. Examples include system access auditing and privileged administrative actions. Regulatory compliance audits are a type of detective action used to find process issues.
Incorrect:
Corrective actions try to keep the adverse effects of a security incident to a minimum, take corrective action to reduce the immediate effect, and reverse the damage if possible. Privacy incident response is a corrective action to limit damage and restore systems to an operational state after a breach.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365- worldwide



Which pillar of identity relates to tracking the resources accessed by a user?

  1. authorization
  2. auditing
  3. administration
  4. authentication

Answer(s): B

Explanation:

Audit logs in Microsoft Entra ID
As an IT administrator, you want to know how your IT environment is doing. The information about your system’s health enables you to assess whether and how you need to respond to potential issues.
To support you with this goal, the Microsoft Entra portal gives you access to three activity logs: Sign-ins – Information about sign-ins and how your resources are used by your users.
Audit – Information about changes applied to your tenant such as users and group management or updates applied to your tenant’s resources.
Provisioning – Activities performed by the provisioning service, such as the creation of a group in ServiceNow or a user imported from Workday.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs



What can be created in Active Directory Domain Services (AD DS)?

  1. line-of-business (LOB) applications that require modern authentication
  2. computer accounts
  3. software as a service (SaaS) applications that require modern authentication
  4. mobile devices

Answer(s): B

Explanation:

What is computer account in Active Directory?
A computer account represents your desktop or laptop computer to the Active Directory.


Reference:

https://commons.lbl.gov/display/itfaq/Active+Directory



HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Authentication
What is the difference between authentication and authorization in Azure?
In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.


Reference:

https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization



Viewing page 9 of 58



Post your Comments and Discuss Microsoft SC-900 exam prep with other Community members:

SC-900 Exam Discussions & Posts