SC-900 EXAM QUESTIONS WITH 100% CORRECT
ANSWERS
Which of the following is a feature of Azure AD? - ANSWER Azure AD
provides SSO. Azure AD is providing federation. Azure AD is one layer in
depth in depth. Azure AD doesn't provide file services. Azure AD isn't
providing data encryption in transport.
Which of the following are the two ways authentication can be performed by an
Azure AD user signing in? Each correct selection presents a complete solution.
- ANSWER Passwords are the most common form of authentication and are
supported in Azure AD. Text messaging can be used as a primary form of
authentication. The Google Authenticator app can be used as a primary form of
authentication to sign into any Azure AD account. Calling the Microsoft
Helpdesk is not valid for authentication in Azure AD. Security questions are not
used at sign in.
An organization is planning to move to Microsoft cloud and intends to
implement a hybrid identity model.
What is used to sync identities between AD DS and Azure AD? - ANSWER
Azure AD Connect is designed to meet and accomplish hybrid identity goals.
ADFS cannot be used for hybrid identity models. Microsoft Sentinel is not an
identity product. PIM is used for managing and monitoring access to important
resources.
Which of the following authentication methods can use a time-based, one-time
password? - ANSWER OATH hardware tokens use time-based, one-time
passwords. Strong passwords are not one-time passwords. Password hash
,synchronization syncs hashes across Active Directory and Azure AD. Windows
Hello uses a camera or passcode for authentication.
What will you use to prevent users from using an organization's name, or the
names of the organization's products, as passwords in Azure AD? - ANSWER
Azure AD Password Protection - The global banned password list does not
include your own organizational and product names. Azure AD Password
Protection safeguards against password spray. MFA doesn't handle password
entries.
Following this, an organization's administrator uses a Microsoft Azure Security
Score recommendation to improve identify security.
Which offers the most protection for user identities? ANSWER With the
Microsoft Authenticator app, phone sign in is the strongest authentication
method. Forcing a password change or forcing a complex password will not
offer the most protection on its own. Using soft tokens does not provide as
much protection as Microsoft Authenticator.
What are three things that can be used by a user for Azure AD Multi-Factor
Authentication (MFA)? Each correct answer presents a complete solution. -
ANSWER something the claimant knows, something the claimant has,
something the claimant is. - Azure AD MFA works by requiring something you
know (such as a password), and something you have (such as a phone), or
something you are (biometrics).
Which Azure AD feature will help decrease help desk calls along with
productivity loss when a user cannot sign in to their device or to an application?
- ANSWER SSPR is a feature of Azure AD that allows users to change or
reset their password without administrator or help desk involvement. Without
enabling SSPR, Identity protection cannot provide the requested solution.
Conditional Access brings the signals together, to make the decisions, and
, enforce organizational policies but not SSPR. Azure AD Password Protection
reduces the risk when users set weak passwords.
Which three actions should be performed to enable self-service password reset
(SSPR) for a user? Each correct answer presents part of the solution. -
ANSWER Assign an Azure AD license, Enable SSPR for the user, Register an
authentication method, To use SSPR, users must be assigned an Azure AD
license that is enabled for SSPR by an administrator and registered with the
authentication methods they want to use. Two or more authentication methods
are recommended in case one is unavailable.
What would you use in Azure AD to provide users the capability to perform
administrative tasks? - ANSWER roles - Roles in Azure AD have permission
to perform certain administrative tasks. You assign these roles to users.
Which Azure feature provides network-level filtering, application-level
filtering, and outbound SNAT? - ANSWER
What are the types of DDOS attacks- resource layer attack, protocol attacks,
volumetric attacks etc resource layer attacks, protocol attacks volumetric attack-
all these three basic natures to DDOS, spraying password or even MITM does
not come under DDOS attack
What can you use in Azure to segment a network by department? Answer
virtual networks The main reasons for the segmentation of the network are to
group connected assets that take part in supporting workload operations:
resources isolation; to utilize policies of governance specified by an
organization. Virtual Network provides you the capability to segment networks
in Azure. Virtual private networks can connect the networks but aren't necessary
for the connection between Azure virtual networks.
ANSWERS
Which of the following is a feature of Azure AD? - ANSWER Azure AD
provides SSO. Azure AD is providing federation. Azure AD is one layer in
depth in depth. Azure AD doesn't provide file services. Azure AD isn't
providing data encryption in transport.
Which of the following are the two ways authentication can be performed by an
Azure AD user signing in? Each correct selection presents a complete solution.
- ANSWER Passwords are the most common form of authentication and are
supported in Azure AD. Text messaging can be used as a primary form of
authentication. The Google Authenticator app can be used as a primary form of
authentication to sign into any Azure AD account. Calling the Microsoft
Helpdesk is not valid for authentication in Azure AD. Security questions are not
used at sign in.
An organization is planning to move to Microsoft cloud and intends to
implement a hybrid identity model.
What is used to sync identities between AD DS and Azure AD? - ANSWER
Azure AD Connect is designed to meet and accomplish hybrid identity goals.
ADFS cannot be used for hybrid identity models. Microsoft Sentinel is not an
identity product. PIM is used for managing and monitoring access to important
resources.
Which of the following authentication methods can use a time-based, one-time
password? - ANSWER OATH hardware tokens use time-based, one-time
passwords. Strong passwords are not one-time passwords. Password hash
,synchronization syncs hashes across Active Directory and Azure AD. Windows
Hello uses a camera or passcode for authentication.
What will you use to prevent users from using an organization's name, or the
names of the organization's products, as passwords in Azure AD? - ANSWER
Azure AD Password Protection - The global banned password list does not
include your own organizational and product names. Azure AD Password
Protection safeguards against password spray. MFA doesn't handle password
entries.
Following this, an organization's administrator uses a Microsoft Azure Security
Score recommendation to improve identify security.
Which offers the most protection for user identities? ANSWER With the
Microsoft Authenticator app, phone sign in is the strongest authentication
method. Forcing a password change or forcing a complex password will not
offer the most protection on its own. Using soft tokens does not provide as
much protection as Microsoft Authenticator.
What are three things that can be used by a user for Azure AD Multi-Factor
Authentication (MFA)? Each correct answer presents a complete solution. -
ANSWER something the claimant knows, something the claimant has,
something the claimant is. - Azure AD MFA works by requiring something you
know (such as a password), and something you have (such as a phone), or
something you are (biometrics).
Which Azure AD feature will help decrease help desk calls along with
productivity loss when a user cannot sign in to their device or to an application?
- ANSWER SSPR is a feature of Azure AD that allows users to change or
reset their password without administrator or help desk involvement. Without
enabling SSPR, Identity protection cannot provide the requested solution.
Conditional Access brings the signals together, to make the decisions, and
, enforce organizational policies but not SSPR. Azure AD Password Protection
reduces the risk when users set weak passwords.
Which three actions should be performed to enable self-service password reset
(SSPR) for a user? Each correct answer presents part of the solution. -
ANSWER Assign an Azure AD license, Enable SSPR for the user, Register an
authentication method, To use SSPR, users must be assigned an Azure AD
license that is enabled for SSPR by an administrator and registered with the
authentication methods they want to use. Two or more authentication methods
are recommended in case one is unavailable.
What would you use in Azure AD to provide users the capability to perform
administrative tasks? - ANSWER roles - Roles in Azure AD have permission
to perform certain administrative tasks. You assign these roles to users.
Which Azure feature provides network-level filtering, application-level
filtering, and outbound SNAT? - ANSWER
What are the types of DDOS attacks- resource layer attack, protocol attacks,
volumetric attacks etc resource layer attacks, protocol attacks volumetric attack-
all these three basic natures to DDOS, spraying password or even MITM does
not come under DDOS attack
What can you use in Azure to segment a network by department? Answer
virtual networks The main reasons for the segmentation of the network are to
group connected assets that take part in supporting workload operations:
resources isolation; to utilize policies of governance specified by an
organization. Virtual Network provides you the capability to segment networks
in Azure. Virtual private networks can connect the networks but aren't necessary
for the connection between Azure virtual networks.
