SC-900 Exam Practice Test

Correct Answer: Compliance Manager Explanation: Compliance Manager in Microsoft Purview helps organizations manage their compliance posture, providing assessments, actionable steps, and a compliance score against various regulations and industry standards.

Correct Answer: Network Security Group (NSG) Explanation: NSGs are fundamental Azure network filters that contain a list of security rules allowing or denying network traffic to resources connected to Azure Virtual Networks (VNets).

Correct Answer: Microsoft Sentinel Explanation: Microsoft Sentinel is a cloud-native SIEM and SOAR solution that collects security data from various sources, detects threats, investigates incidents, and responds automatically.

Correct Answer: It significantly reduces the risk of unauthorized access due to compromised passwords. Explanation: MFA adds an extra layer of security beyond just a password, requiring a second form of verification, making it much harder for attackers to gain access even if they steal a password.

Correct Answer: Sensitivity Labels with Retention Policies Explanation: Sensitivity Labels apply classification and protection (like encryption or visual marking) to content. Retention Policies, often applied via retention labels, dictate how long content should be kept or deleted to meet compliance obligations, including preventing deletion.

Correct Answer: Hybrid identity Explanation: Hybrid identity refers to user accounts that exist both in an on-premises AD DS and are synchronized to Azure AD, allowing users to access both on-premises and cloud resources with a single identity.

Correct Answer: Microsoft Defender for Cloud Explanation: Microsoft Defender for Cloud (formerly Azure Security Center) provides CSPM capabilities, assesses configurations, and offers a Secure Score to help prioritize and remediate security weaknesses.

Correct Answer: Conditional Access Explanation: Conditional Access policies use "if-then" statements to define specific conditions under which users can access resources, allowing for granular control based on context.

Correct Answer: The customer Explanation: In IaaS, the customer is responsible for the operating system, applications, network configurations, and data. The CSP is responsible for the physical infrastructure, virtualization, and network fabric.

Correct Answer: Zero Trust Explanation: Zero Trust is a security model that assumes no implicit trust and requires verification of every access attempt, regardless of whether it originates inside or outside the network perimeter.