Microsoft Azure

Microsoft Certified: Information Security Administrator Associate

SC-401

Achieve the SC-401 certification as an Information Security Administrator Associate.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 131–140 of 147

Q131

A company needs to monitor compliance across Azure resources. Which service should they use?

  • A Azure Monitor
  • B Azure Policy
  • C Azure Firewall
  • D Azure Sentinel
Explanation Azure Policy enforces compliance at scale; other services serve different monitoring or security roles.
Q132

You are configuring a user to have only necessary permissions in Azure. What should you apply?

  • A Role-Based Access Control (RBAC)
  • B Azure AD Connect
  • C Multi-Factor Authentication (MFA)
  • D Azure Bastion
Explanation RBAC grants least privilege access; other options do not directly manage permissions.
Q133

Which Azure service provides DDoS protection?

  • A Azure DDoS Protection
  • B Azure Firewall
  • C Network Security Groups
  • D Azure Bastion
Explanation Azure DDoS Protection specifically protects applications from DDoS attacks, while the other options provide different types of security.
Q134

A company needs to audit access to sensitive data in Azure Blob Storage. Which feature can help?

  • A Azure Monitor Logs
  • B Storage Account Access Keys
  • C Azure Data Lake
  • D Azure Blob Storage Lifecycle Management
Explanation Azure Monitor Logs can track and audit access, while the other options do not audit access effectively.
Q135

What happens when you set an Azure subscription to 'Disabled'?

  • A All resources are deleted
  • B You cannot create new resources
  • C Billing is still charged
  • D Resources continue running from it
Explanation Setting a subscription to 'Disabled' prevents new resource creation, while existing resources remain unaffected and charges may still apply.
Q136

Which service is designed for threat detection in Azure?

  • A Azure Security Center
  • B Azure Monitor
  • C Azure Backup
  • D Azure Logic Apps
Explanation Azure Security Center offers comprehensive threat detection, while others focus on monitoring, backup or workflows.
Q137

A company needs to restrict access to Azure files based on user identity. What should they implement?

  • A Azure Network Security Groups
  • B Azure Role-Based Access Control
  • C Azure Firewall
  • D Azure ExpressRoute
Explanation Azure Role-Based Access Control manages user access based on roles, unlike the other options which focus on network security or connection types.
Q138

You are configuring Azure Key Vault. What happens if a secret expires?

  • A It automatically deleted
  • B Access is denied
  • C It remains accessible
  • D Provides a warning
Explanation Expired secrets remain accessible, but are not recommended for use, unlike incorrect options which suggest deletion or access issues.
Q139

Which service helps protect Azure resources from DDoS attacks?

  • A Azure DDoS Protection
  • B Azure Security Center
  • C Azure Firewall
  • D Azure VPN Gateway
Explanation Azure DDoS Protection specifically safeguards against DDoS attacks, whereas others serve different security functions.
Q140

A company needs to manage user access to Azure resources based on their job roles. Which Azure service should they implement?

  • A Azure Policy
  • B Azure RBAC
  • C Azure Key Vault
  • D Azure Monitor
Explanation Azure RBAC (Role-Based Access Control) is designed for role-based access management, unlike the other options.