Microsoft Azure

Microsoft Security, Compliance, and Identity Fundamentals

SC-900
Popular

Prepare for the SC-900 exam to validate your knowledge in Security, Compliance, and Identity Fundamentals.

150 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 111–120 of 150

Q111

You are configuring a conditional access policy in Azure. What happens if a user's location is classified as risky?

  • A Access is granted without any restrictions
  • B User is prompted for MFA
  • C Access is immediately denied
  • D User must reset their password
Explanation Conditional access generally prompts for MFA with risky locations to bolster security, unlike the other options which do not fit policy behavior.
Q112

Which Azure service provides advanced threat protection for workloads?

  • A Azure Defender
  • B Azure Monitor
  • C Azure Sentinel
  • D Azure Security Center
Explanation Azure Defender offers threat protection and security management, while others focus on monitoring and compliance.
Q113

A company needs to allow users to access resources while enforcing least privilege principles, which Azure feature should they use?

  • A Role Assignment
  • B Azure Active Directory Groups
  • C Conditional Access
  • D Multi-Factor Authentication
Explanation Role Assignment allows granular access control, unlike the others which enhance security but do not enforce privileges.
Q114

What happens when an Azure Policy is assigned to a scope?

  • A Policy is automatically applied.
  • B Only applicable resources are evaluated.
  • C All resources are excluded.
  • D Policies are ignored at higher scopes.
Explanation The policy is enforced at that scope for compliance and resource management, contrary to B, C, and D.
Q115

Which service provides advanced threat protection for Azure resources?

  • A Azure Security Center
  • B Azure DevOps
  • C Azure Advisor
  • D Azure Monitor
Explanation Azure Security Center offers threat protection, while others focus on different functionalities.
Q116

A company needs to ensure compliance with GDPR when storing customer data in Azure. Which feature should they use?

  • A Azure Blob Storage
  • B Azure SQL Database
  • C Azure Policy
  • D Azure Monitor
Explanation Azure Policy helps maintain compliance, whereas the others are storage or monitoring solutions.
Q117

What happens when a user is assigned multiple Azure roles?

  • A Roles are summed for permissions
  • B Conflicting roles cancel each other out
  • C User receives lowest permissions only
  • D User has combined permissions of all roles
Explanation Users aggregate permissions from all assigned roles for access.
Q118

Which Azure service is specifically designed for DDoS protection?

  • A Azure DDoS Protection
  • B Azure Firewall
  • C Azure Sentinel
  • D Azure Traffic Manager
Explanation Azure DDoS Protection specifically mitigates DDoS attacks, while others serve different functions.
Q119

A company needs to ensure that only authorized users can access sensitive data stored in Azure Blob Storage. What should they implement?

  • A Network Security Groups
  • B Azure Role-Based Access Control (RBAC)
  • C Azure Active Directory (Azure AD)
  • D Azure Policy
Explanation Azure RBAC allows fine-grained permissions, while the others do not specifically control access to storage data.
Q120

You are configuring Azure Active Directory Conditional Access policies. What happens when the 'Deny access' condition is met?

  • A User can still access resources
  • B User receives a warning message
  • C User is blocked from accessing resources
  • D User is prompted for two-factor authentication
Explanation Deny access blocks users completely, while the other options imply continued access or alerts.