Microsoft Azure

Microsoft Certified: Information Security Administrator Associate

SC-401

Achieve the SC-401 certification as an Information Security Administrator Associate.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 71–80 of 147

Q71

A company needs to control access to sensitive data for specific user roles. Which Azure feature should they use?

  • A Network Security Groups
  • B Role-Based Access Control (RBAC)
  • C Azure Virtual Network
  • D Geo-Replication
Explanation RBAC directly controls user access based on roles, while the others do not manage user permissions effectively.
Q72

You are configuring an Azure Logic App to track unauthorized access attempts. What happens when you set a trigger for this app?

  • A It stops all unauthorized access attempts.
  • B It starts executing for each access attempt.
  • C It requires manual approval for each attempt.
  • D It logs access attempts without alerting.
Explanation Triggers in Logic Apps execute per defined criteria, gathering data on unauthorized attempts; the others do not describe trigger behavior accurately.
Q73

Which Azure service can help automate security assessments?

  • A Microsoft Defender for Cloud
  • B Azure Monitor
  • C Azure Sentinel
  • D Azure Security Center
Explanation Microsoft Defender for Cloud automates assessments, unlike others focused on monitoring or incident response.
Q74

A company needs to restrict user access based on their geographic location. What Azure feature should they use?

  • A Conditional Access Policies
  • B Identity Protection
  • C Network Security Groups
  • D Azure Firewall
Explanation Conditional Access Policies allow geographic restrictions, while others focus on different aspects of security.
Q75

You are configuring Azure Key Vault. What happens when you set a secret to disabled?

  • A Secret becomes non-retrievable
  • B Only admins can access it
  • C Secret remains retrievable
  • D Key Vault is automated to delete it
Explanation Disabling a secret makes it non-retrievable, whereas others suggest ongoing accessibility or deletion which is incorrect.
Q76

Which Azure service provides security management for your Azure resources?

  • A Azure Security Center
  • B Azure Sentinel
  • C Azure Information Protection
  • D Azure Active Directory
Explanation Azure Security Center offers security management features for Azure resources, while others focus on specific areas.
Q77

A company needs to store large amounts of confidential documents and manage access based on user roles. Which Azure service should they utilize?

  • A Azure Blob Storage
  • B Azure Files
  • C Azure Databases
  • D Azure Key Vault
Explanation Azure Blob Storage allows for document storage and role-based access, unlike the others that serve different purposes.
Q78

You are configuring Azure Network Security Groups. What happens if conflicting rules are applied?

  • A The first rule takes precedence
  • B All rules are ignored
  • C The most permissive rule applies
  • D Explicit deny rules override allows
Explanation Explicit deny rules will always override any allow rules, while the other options misinterpret the rule processing order.
Q79

Which service provides advanced threat protection for Azure resources?

  • A Azure Security Center
  • B Azure Firewall
  • C Azure Monitor
  • D Azure AD
Explanation Azure Security Center offers threat detection, while the others serve different purposes.
Q80

A company needs to ensure data encryption at rest in Azure Storage. What should they enable?

  • A Azure Data Lake
  • B Storage Service Encryption
  • C Private Link
  • D Monitoring Alerts
Explanation Storage Service Encryption automatically encrypts data at rest; the others are unrelated.