Microsoft Azure

Microsoft Certified: Information Security Administrator Associate

SC-401

Achieve the SC-401 certification as an Information Security Administrator Associate.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 11–20 of 147

Q11

You are configuring Azure Policy for your organization. What does a policy definition primarily specify?

  • A Allowed or denied actions
  • B Budget limits for subscriptions
  • C Network security group rules
  • D Virtual machine sizes
Explanation A policy definition specifies allowed or denied actions, whereas others pertain to resource governance.
Q12

A company needs to secure its data transit between Azure services. Which protocol should be enforced?

  • A HTTPS
  • B FTP
  • C HTTP
  • D Telnet
Explanation HTTPS encrypts data during transit, while others do not ensure security.
Q13

Which Azure service helps secure application secrets?

  • A Azure Key Vault
  • B Azure Monitor
  • C Azure Active Directory
  • D Azure Blob Storage
Explanation Azure Key Vault is designed specifically for managing secrets, keys, and certificates, whereas other options do not focus solely on secret management.
Q14

A company needs to grant temporary access to an external vendor for specific documents in Azure Storage. Which approach should they use?

  • A Shared Access Signature (SAS)
  • B Azure Role-Based Access Control (RBAC)
  • C Public URL
  • D Storage Account Key
Explanation Shared Access Signatures (SAS) allow temporary access to resources without compromising the Storage Account Key, while the other options either grant permanent access or are less secure for such needs.
Q15

What happens when an Azure policy is assigned to a management group?

  • A Policy applies to all subscriptions.
  • B Only resource groups are affected.
  • C No effect on any resource.
  • D Policy only applies to management group.
Explanation Assigning a policy at the management group level ensures all child subscriptions inherit the policy, while the other options misunderstand the hierarchy and scope of Azure policies.
Q16

Which Azure service is primarily used for threat protection in cloud environments?

  • A Azure Security Center
  • B Azure Virtual Network
  • C Azure DevOps
  • D Azure Blob Storage
Explanation Azure Security Center provides comprehensive threat protection, while the others serve different functions.
Q17

A company needs to restrict access to an Azure resource for users from specific countries only. Which feature should they configure?

  • A Network Security Groups
  • B Azure Policy
  • C Service Endpoints
  • D Geo-filtering in Azure Firewall
Explanation Geo-filtering in Azure Firewall can limit access based on geographic locations; the others do not provide this feature.
Q18

What happens when an Azure Role-Based Access Control (RBAC) role is modified to lower permissions on a resource level?

  • A Permissions are retained at user level
  • B Permissions are erased permanently
  • C Only new users are affected
  • D Previously granted permissions are revoked
Explanation Modifying RBAC roles affects all users immediately by revoking previously granted permissions at that resource level.
Q19

Which Azure service offers unified security management and advanced threat protection?

  • A Azure Security Center
  • B Azure Blob Storage
  • C Azure Logic Apps
  • D Azure Load Balancer
Explanation Azure Security Center provides unified security management.
Q20

A company needs to ensure that its Azure resources are only accessible from specific IP ranges. What should you configure?

  • A Network Security Group (NSG) rules
  • B Azure Active Directory roles
  • C Azure Policy assignments
  • D Resource Locks
Explanation NSG rules allow traffic control based on IP.