Microsoft Azure

Microsoft Certified: Information Security Administrator Associate

SC-401

Achieve the SC-401 certification as an Information Security Administrator Associate.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 61–70 of 147

Q61

Which Azure service can be used to manage and monitor access to resources?

  • A Azure Active Directory
  • B Azure Blob Storage
  • C Azure Function Apps
  • D Azure DevOps
Explanation Azure Active Directory is designed for identity management, while others do not manage access.
Q62

A company needs to limit access to certain data in Azure Storage based on the user's roles. What should they use?

  • A Shared Access Signatures
  • B Azure Role-Based Access Control
  • C Network Security Groups
  • D Service Endpoints
Explanation Azure Role-Based Access Control enables role-specific access over Azure resources, unlike the other options.
Q63

What happens when a user tries to access a resource they have no permissions for?

  • A Access is granted with warnings
  • B An error stating insufficient permissions
  • C System reboots
  • D User data is deleted
Explanation An error indicating insufficient permissions is returned, as the system denies unauthorized access.
Q64

Which Azure service helps implement identity as a service?

  • A Azure Active Directory
  • B Azure Blob Storage
  • C Azure Functions
  • D Azure SQL Database
Explanation Azure Active Directory provides identity as a service, while the others serve different purposes.
Q65

A company needs to segment network traffic to improve security. What should they configure?

  • A Network Security Groups
  • B Virtual Network Peering
  • C Azure Monitor
  • D Private Link
Explanation Network Security Groups allow for traffic segmentation, while the others serve different functions.
Q66

What happens when Azure Policy evaluates an initiative with a denied effect?

  • A It denies the resource creation.
  • B It logs the event only.
  • C It alerts administrators.
  • D It allows the resource creation.
Explanation A denied effect in Azure Policy prevents resource creation, while the other options are incorrect behavior.
Q67

Which Azure service is designed for secure key management?

  • A Azure Key Vault
  • B Azure Blob Storage
  • C Azure VPN Gateway
  • D Azure SQL Database
Explanation Azure Key Vault is specifically designed for managing cryptographic keys, while the others serve different purposes.
Q68

A company needs to control access strictly based on user roles and ensure users can only perform actions permitted by their roles. Which Azure feature should they implement?

  • A Azure RBAC
  • B Azure AD Join
  • C Azure Policy
  • D Azure Firewall
Explanation Azure RBAC (Role-Based Access Control) allows management of permissions based on user roles, unlike the others.
Q69

You are configuring a network security group (NSG) in Azure. What happens when conflicting rules exist with the same priority?

  • A Only the first rule is applied
  • B Both rules are ignored
  • C The last rule takes effect
  • D The lowest priority rule is applied
Explanation In Azure NSGs, the last rule defined takes effect when rules with the same priority conflict, while other options misunderstand priority application.
Q70

Which Azure service provides threat detection and response?

  • A Azure Sentinel
  • B Azure Logic Apps
  • C Azure Functions
  • D Azure Blob Storage
Explanation Azure Sentinel is designed for threat detection; the others do not offer this capability.