SC-900 Exam Dumps 2023
Microsoft SC-900 Practice Tests 2023. Contains 380+ exam questions to pass the exam in first attempt.
SkillCertPro offers real exam questions for practice for all major IT certifications.
For a full set of 380+ questions. Go to https://skillcertpro.com/product/microsoft-sc-900-exam-questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Below are the free 10 sample questions.
Question 1:
The audit team needs to conduct compliance investigations across emails. They need access to crucial events, such as when mail items were accessed, when mail items were replied to and forwarded. What capability can the team use?
A. Use Advanced auditing so that you access and investigate those events.
B. Use Core auditing so that you can access and investigate those events.
C. Use alert policies to generate and view alerts on when users perform certain actions on emails.
Answer: A
Explanation:
Advanced Auditing helps organizations to conduct forensic and compliance investigations by providing access to these crucial events.
You won’t be able to access crucial events with Core Auditing. Instead, use Advanced Auditing to access crucial events.
While alerts are helpful, this doesn’t address the problem. Instead, use Advanced Auditing to access crucial events.
Reference: https://docs.microsoft.com/en-us/learn/modules/describe-audit-capabilitiesmicrosoft-365/4-knowledge-check
Question 2:
Within an organization, there are many users who will need to access Azure and perform different actions across various scopes. The admin wants to implement action management at all scopes across Azure for the organization. What can the admin use to address this need?
A. Use Azure role-based access control (RBAC)
B. Use Azure Policy
C. Use Azure action management (AM)
Answer: A
Explanation:
Azure RBAC focuses on user action management at different scopes. If actions need to be controlled, then you would use Azure RBAC.
Azure Policy doesn’t enforce user action management at different scopes. If actions need to be controlled, then you should use Azure RBAC.
Option for Azure AM does not exist
What’s the difference between Azure Policy and Azure role-based access control (RBAC)?
It’s important not to confuse Azure Policy and Azure RBAC. You use Azure Policy to ensure that the resource state is compliant to your organization’s business rules, no matter who made the change or who has permission to make changes. Azure Policy will evaluate the state of a resource, and act to ensure the resource stays compliant.
Azure RBAC focuses instead on managing user actions at different scopes. Azure RBAC manages who has access to Azure resources, what they can do with those resources, and what areas they can access. If actions need to be controlled, then you would use Azure RBAC. If an individual has access to complete an action, but the result is a non-compliant resource, Azure Policy still blocks the action.
Azure RBAC and Azure Policy should be used together to achieve full scope control in Azure.
Reference: https://docs.microsoft.com/en-us/learn/modules/describe-resource-governancecapabilities-azure/4-describe-azure-policy
Question 3:
The compliance admin has been asked to use advanced e-Discovery to help a legal team that is working on a case. What is the workflow the admin will use?
A. Search custodial data, add custodians to a case, add data to a review set, review and analyze data, then finally export and download case data.
B. Add custodians to a case, search custodial sources for relevant data, add data to a review set, review and analyze data, then finally export and download the case data.
C. Add data to a review set, review and analyze data, add custodians to a case, search custodial sources for relevant data, then finally export and download the case data.
Answer: B
Explanation:
You should add data to a review set and review the data, only after you’ve added custodians to your case and searched custodial sources for relevant data.
Reference: https://docs.microsoft.com/en-us/learn/modules/describe-ediscoverycapabilities-of-microsoft-365/5-describe-advanced-ediscovery-workflow
Question 4:
The compliance team wants to control the use privileged admin accounts with standing access to sensitive data, so that admins receive only the level of access they need, when they need it.
How can this requirement be implemented?
A. Use Communication Compliance.
B. Use privileged access management.
C. Use the Audit log.
Answer: B
Explanation:
You can use privileged access management to require users to request just-intime access to complete certain tasks.
Privileged access management allows granular access control over privileged admin tasks in Microsoft 365. It can help protect organizations from breaches that use existing privileged admin accounts with standing access to sensitive data, or access to critical configuration settings.
Incorrect answers:
Communication Compliance won’t enable you to do this.
Audit log helps you monitor user activity, but that won’t be enough.
Reference:
https://docs.microsoft.com/en-us/learn/modules/describe-insider-riskcapabilities-microsoft-365/5-describe-privileged-access-management
Question 5:
Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?
A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure AD Answer: A
Explanation:
As well as defending your Azure environment, you can add Azure Defender capabilities to your hybrid cloud environment:
– Protect your non-Azure servers
– Protect your virtual machines in other clouds (such as AWS and GCP)
You’ll get customized threat intelligence and prioritized alerts according to your specific environment so that you can focus on what matters the most.
https://docs.microsoft.com/en-us/azure/security-center/azure-defender
For a full set of 380+ questions. Go to https://skillcertpro.com/product/microsoft-sc-900-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
Question 6:
Can Privileged Identity Management be used to provide time-bound assignments for Azure AD roles?
A. Yes B. No Answer: A
Explanation: Time-bound assignments
Previously, there were two possible states for role assignments: eligible and permanent. Now you can also set a start and end time for each type of assignment. This addition gives you four possible states into which you can place an assignment:
– Eligible permanently – Active permanently – Eligible, with specified start and end dates for assignment
– Active, with specified start and end dates for assignment
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identitymanagement/azure-ad-roles-features
Question 7: Can Privileged Identity Management be used to provide time-bound assignments for Azure Resources?
Explanation:
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management: – Provide just-in-time privileged access to Azure AD and Azure resources – Assign time-bound access to resources using start and end dates
Question 8:
With _________, the cloud provider manages the hardware and operating systems, and the customer is responsible for applications and data.
A. PaaS
B. SaaS
C. IaaS
Answer: A
Explanation: Platform as a Service (PaaS)
PaaS provides an environment for building, testing, and deploying software applications. The goal of PaaS is to help you create an application quickly without managing the underlying infrastructure. With PaaS, the cloud provider manages the hardware and operating systems, and the customer is responsible for applications and data.
Reference: https://docs.microsoft.com/en-us/learn/modules/describe-security-conceptsmethodologies/3-describe-shared-responsibility-model
Question 9:
The _____ layer can secure access to virtual machines either on-premises or in the cloud by closing certain ports.
A. compute B. perimeter C. Identity & access D. network Answer: A
Explanation:
The compute layer can secure access to virtual machines either on-premises or in the cloud by closing certain ports.
Reference: https://docs.microsoft.com/en-us/learn/modules/describe-security-conceptsmethodologies/4-describe-defense-depth
Question 10:
In the CIA model of security trade-offs, which refers to keeping data or messages correct?
A. Confidentiality
B. Integrity
C. Availability
D. None of the above
Answer: B
Explanation:
Integrity refers to keeping data or messages correct. When you send an email message, you want to be sure that the message received is the same as the message you sent. When you store data in a database, you want to be sure that the data you retrieve is the same as the data you stored. Encrypting data keeps it confidential, but you must then be able to decrypt it so that it’s the same as before it was encrypted. Integrity is about having confidence that data hasn’t been tampered with or altered.
Reference: https://docs.microsoft.com/en-us/learn/modules/describe-security-conceptsmethodologies/4-describe-defense-depth
For a full set of 380+ questions. Go to https://skillcertpro.com/product/microsoft-sc-900-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
