[December-2021]SC-900 VCE and SC-900 PDF Dumps are Free Shared by Braindump2go[Q52-Q82]

December/2021 Latest Braindump2go SC-900 Exam Dumps with PDF and VCE Free Updated Today! Following are some new SC-900 Real Exam Questions!

QUESTION 52
A company wants to make use of Windows Hello for business when it comes to authentication.
Which of the following are the authentication techniques available for Windows Hello for business? Choose 3 answers from the options given below

A. PIN
B. Facial Recognition
C. Email message
D. Password
E. Fingerprint recognition

Answer: ABE
Explanation:
The entire purpose of Windows Hello for business is to ensure passwords are not used in the authentication process. Here uses can use other techniques for authentication via the usage of PIN’s and biometric recognition.
Options C and D are incorrect since Windows Hello for Business tries to ensure that secure measures are used for the authentication process.
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview

QUESTION 53
Which of the following can be used to provide a secure score for the resources defined as part of your Azure account?

A. Azure Security Center
B. Azure key Vaults
C. Azure Sentinel
D. Azure Information Protection

Answer: A
Explanation:
You can accomplish this with the help of Azure Security Center
If you go to Azure Security Center, in the Overview you can see the secure score.

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction

QUESTION 54
Your company has just setup an Azure subscription. They have the following requirements
– Be able to deploy a set of resources, resource groups, role assignments to a set of subscriptions.
– Be able to ensure no one can delete resources defined in a resource group named lead2pass-staging
– Ensure that all Windows Servers defined as Azure virtual machines should have the Microsoft IaaS Antimalware extension installed
Which of the following can be used for the following requirement?
– Be able to ensure no one can delete resources defined in a resource group named lead2pass-rg

A. Azure Policy
B. Azure Blueprints
C. Azure AD Identity Protection
D. Azure Resource locks

Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

QUESTION 55
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels can be used to encrypt the contents in documents?

A. Yes
B. No

Answer: A
Explanation:
When you apply a “Confidential” label to a document, the label will encrypt the content in the document.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

QUESTION 56
You are planning on making use of the Azure Bastion service. Can you use the Azure Bastion service to restrict traffic from the Internet onto an Azure virtual machine?

A. Yes
B. No

Answer: A
Explanation:
You cannot use the Azure Bastion service to restrict traffic into an Azure virtual machine. For this you will need to use Network Security groups. The Azure Bastion service is used to RDP/SSH into an Azure virtual machine via the Azure portal and the browser.
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

QUESTION 57
You are looking at the capabilities of Azure Active Directory. Can you use Azure Active Directory to manage device registrations in Azure Active Directory?

A. Yes
B. No

Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview

QUESTION 58
Your company is planning on using Azure Cloud services. Which of the following can be used to ensure that data can be read only by authorized users?

A. Encryption
B. Deduplication
C. Archiving
D. Compression

Answer: A
Explanation:
You can ensure data is encrypted. Then only authorized users would have the encryption key. The encryption key can then be used to decrypt and read the data.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview?view=o365-worldwide

QUESTION 59
Your company is planning on using Azure Active Directory for the storage of identities. They want to make use of the self-service password reset feature.
Which of the following authentication methods are available for self-service password reset? Choose 3 answers from the options given below

A. Email
B. A passport identification number
C. A picture message
D. Mobile app notification
E. Mobile app code

Answer: ADE
Explanation:
Below are the authentication methods available for self-service password reset:
Mobile app notification
Mobile app code
Email
Mobile phone
Office phone
Security questions
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

QUESTION 60
Your company wants to start making use of Azure. They are looking at different security aspects when it comes to using Azure.
Which of the following could be used for the following requirement?
– Enforce Multi-Factor authentication based on the sign-in risk

A. Azure AD Identity Management
B. Azure Conditional Access
C. Azure AD Roles
D. Azure AD Connect

Answer: A
Explanation:
In Azure AD Identity Protection, you can configure the Sign-in risk policy to allow access and enforce the use of Multi-Factor Authentication.

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

QUESTION 61
Which of the following is a scalable, cloud-native, security information event management and security orchestration automated response solution?

A. Azure Sentinel
B. Azure Security Center
C. Azure Active Directory
D. Azure AD Identity Protection

Answer: A
Explanation:
You can use Azure Sentinel as a scalable, cloud-native, security information event management and security orchestration automated response solution. Azure Sentinel has the capability to ingest data from a variety of sources and performance threat monitoring on that data.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview

QUESTION 62
Which of the following provides advanced and intelligent protection of Azure and hybrid resources and workloads?

A. Azure Defender
B. Azure Policies
C. Azure Blueprints
D. Azure Active Directory

Answer: A
Explanation:
With Azure Defender , you can enable intelligent protection of your resources that are defined in Azure and also in your on-premises infrastructure.
This is an additional security feature that comes as part of Azure Security Center as shown below

Reference:
https://docs.microsoft.com/en-us/azure/security-center/azure-defender

QUESTION 63
Which of the following is available for the Azure Application Gateway service that helps to protect web applications from common exploits and vulnerabilities?

A. Azure Firewall
B. Azure Web Application Firewall
C. Azure Policy
D. Azure Identity Protection

Answer: B
Explanation:
The Azure Web Application Firewall can be used along with the Azure Application Gateway resource to protect web applications from common exploits and vulnerabilities. It can help to protect against attacks such as SQL injection attacks or cross-site scripting attacks.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

QUESTION 64
You are evaluating the different services available in Azure when it comes to security. Which of the following can be accomplished with the use of the Azure Privileged Identity Managed service?

A. Filter traffic to Azure virtual machines
B. Enable Multi-Factor Authentication for users based on detected sign-in risks
C. Provide just-in-time access to resource roles in Azure
D. Measure the security posture of resources defined in an Azure environment

Answer: C
Explanation:
With Azure Privileged Identity Managed , you can provide just-in-time access to Azure AD roles and resource roles. Here users can request for access whenever required. And the access can be granted or denied accordingly.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

QUESTION 65
You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the tool that can be used for desired requirement below:
– Be able to quickly find email in Exchange mailboxes
Which of the following would you use for this requirement?

A. Core eDiscovery
B. Advanced eDiscovery
C. Sensitivity labels
D. Content search

Answer: D
Explanation:
The Content search tool can be used to quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide

QUESTION 66
You are evaluating the different discovery tools that are available with Microsoft 365. You need to map the tool that can be used for desired requirement below:
– Provide basic capabilities on searching and exporting of content in Microsoft 365
Which of the following would you use for this requirement?

A. Core eDiscovery
B. Privileged Access Management
C. Sensitivity labels
D. Content search

Answer: A
Explanation:
The Core eDiscovery tool helps you to find and export content in Microsoft 365 and Office 365. You can also use the tool to place an eDiscovery hold on certain content locations.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide

QUESTION 67
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy

Answer: AE
Explanation:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/overview

QUESTION 68
What is an example of encryption at rest?

A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

QUESTION 69
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?

A. sensitivity label policies
B. Customer Lockbox
C. information batteries
D. Privileged Access Management (PAM)

Answer: C
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers

QUESTION 70
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question

Answer: ABC
Explanation:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication

QUESTION 71
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection

Answer: D
Explanation:
Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

QUESTION 72
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Azure virtual machines
B. Azure Active Directory (Azure AD) users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E. Microsoft SharePoint Online sites

Answer: DE

QUESTION 73
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?

A. threat modeling
B. identity as the security perimeter
C. defense in depth
D. the shared responsibility model

Answer: C
Explanation:
https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth

QUESTION 74
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?

A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint

Answer: A
Explanation:
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description

QUESTION 75
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?

A. integration with the Microsoft 365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks

Answer: C
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide

QUESTION 76
What can you use to provide threat detection for Azure SQL Managed Instance?

A. Microsoft Secure Score
B. application security groups
C. Azure Defender
D. Azure Bastion

Answer: C

QUESTION 77
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?

A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
C. conditional access policies
D. resource locks

Answer: C

QUESTION 78
Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?

A. retention policies
B. data loss prevention (DLP) policies
C. conditional access policies
D. information barriers

Answer: B
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

QUESTION 79
In a Core eDiscovery workflow, what should you do before you can search for content?

A. Create an eDiscovery hold.
B. Run Express Analysis.
C. Configure attorney-client privilege detection.
D. Export and download results.

Answer: A
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide

QUESTION 80
Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?

A. Microsoft Service Trust Portal
B. Compliance Manager
C. Microsoft 365 compliance center
D. Microsoft Support

Answer: A
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide

QUESTION 81
What can you protect by using the information protection solution in the Microsoft 365 compliance center?

A. computers from zero-day exploits
B. users from phishing attempts
C. files from malware and viruses
D. sensitive data from being exposed to unauthorized users

Answer: D
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide

QUESTION 82
What can you specify in Microsoft 365 sensitivity labels?

A. how long files must be preserved
B. when to archive an email message
C. which watermark to add to files
D. where to store files

Answer: C
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide


Resources From:

1.2021 Latest Braindump2go SC-900 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/sc-900.html

2.2021 Latest Braindump2go SC-900 PDF and SC-900 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1lBjx9vxksSKq1-ok4CmD-HBgZND4cDno?usp=sharing

3.2021 Free Braindump2go SC-900 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/SC-900-PDF(42-62).pdf
https://www.braindump2go.com/free-online-pdf/SC-900-PDF-Dumps(1-20).pdf
https://www.braindump2go.com/free-online-pdf/SC-900-VCE(63-85).pdf
https://www.braindump2go.com/free-online-pdf/SC-900-VCE-Dumps(21-41).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!