Microsoft Azure

Microsoft Certified: Information Security Administrator Associate

SC-401

Achieve the SC-401 certification as an Information Security Administrator Associate.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 81–90 of 147

Q81

You are configuring Azure Conditional Access. What happens when a sign-in is blocked due to a policy?

  • A User is notified, then allowed access
  • B User cannot sign in at all
  • C Access is granted with limited permissions
  • D Evaluation continues with other policies
Explanation When blocked, the user is denied access completely; others suggest alternative access scenarios.
Q82

Which service should you use to identify vulnerabilities in Azure resources?

  • A Azure Security Center
  • B Azure Active Directory
  • C Azure Monitor
  • D Azure DevOps
Explanation Azure Security Center provides vulnerability assessments; others do not specialize in this area.
Q83

A company needs to secure its Azure storage account access. What should they enable first?

  • A Azure Private Link
  • B Storage Account Firewall
  • C Encryption at Rest
  • D Shared Access Signatures
Explanation Enabling the Storage Account Firewall restricts access; others are secondary controls.
Q84

You are configuring user roles in Azure IAM. What happens if a user is assigned multiple overlapping roles?

  • A Role conflicts will block access
  • B Permissions will merge
  • C User will inherit least privilege
  • D Access denied for all resources
Explanation Azure IAM merges permissions from overlapping roles, providing cumulative access rights.
Q85

Which Azure service is specifically used for Identity Protection?

  • A Azure Active Directory
  • B Azure Firewall
  • C Azure Key Vault
  • D Azure Monitor
Explanation Azure Active Directory includes Identity Protection to manage identity risks, while the others focus on security controls or monitoring.
Q86

A company needs to secure sensitive data in Azure Storage. What is a recommended method?

  • A Use TLS for data transfer
  • B Replicate data to another region
  • C Allow open access to Blob containers
  • D Limit access based on geographic regions
Explanation Using TLS for data transfer encrypts data in transit, while the other options do not adequately secure data.
Q87

You are configuring Azure Security Center. What happens when you enable alerts?

  • A All alerts are removed
  • B You stop receiving recommendations
  • C Security alerts are generated
  • D Costs will increase significantly
Explanation Enabling alerts generates security alerts based on activity, while the other choices incorrectly state consequences.
Q88

Which Azure service is used for DDoS protection?

  • A Azure DDoS Protection
  • B Azure Traffic Manager
  • C Azure Firewall
  • D Azure Load Balancer
Explanation Azure DDoS Protection specifically offers DDoS mitigation, while others serve different purposes.
Q89

A company needs to store sensitive patient health information in Azure. What should they implement for data compliance?

  • A General Blob Storage
  • B Azure Confidential Ledger
  • C Azure Information Protection
  • D Azure Virtual Network
Explanation Azure Information Protection helps ensure compliance for sensitive data, while the others do not provide specific compliance features.
Q90

You are configuring an Azure Key Vault. What happens if you do not set access policies?

  • A No access for any user
  • B Access for all Azure users
  • C Only the creator can access
  • D Access granted based on Azure AD metrics
Explanation Without access policies, Key Vault denies access to all users, preventing any unauthorized access.