SC-900 Online Practice Questions and Answers

Correct Answer:

Biometrics templates are stored locally on a device.

Reference: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview

Correct Answer:

Box 1: No

Box 2: Yes

Leaked Credentials indicates that the user's valid credentials have been leaked.

Box 3: Yes

Multi-Factor Authentication can be required based on conditions, one of which is user risk.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa

Correct Answer:

Correct Answer:

Authentication

What is the difference between authentication and authorization in Azure?

In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

Reference: https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

Correct Answer:

Box 1: No

Box 2: Yes

Identity Protection detects risks of many types, including:

Anonymous IP address use

Atypical travel

Malware linked IP address

Unfamiliar sign-in properties

Leaked credentials

Password spray

and more...

Box 3:Yes

The risk signals can trigger remediation efforts such as requiring: perform multifactor authentication, reset their password using self-service password reset, or block access until an administrator takes action.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

Correct Answer:

Compliance score How to read your compliance score The Compliance Manager dashboard displays your overall compliance score. This score measures your progress in completing recommended improvement actions within controls. Your score can help you understand your current compliance posture. It can also help you prioritize actions based on their potential to reduce

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide

Correct Answer: AC

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

Correct Answer: B

Information barriers are supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. A compliance administrator or information barriers administrator can define policies to allow or prevent communications between groups of users in Microsoft Teams. Information barrier policies can be used for situations like these:

Correct Answer: AB

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide

Correct Answer: ABC

Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If a user's account is locked or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.

Authentication methods When a user is enabled for SSPR, they must register at least one authentication method. We highly recommend that you choose two or more authentication methods so that your users have more flexibility in case they're unable to access one method when they need it. For more information, see What are authentication methods?.

The following authentication methods are available for SSPR:

Mobile app notification Mobile app code Email Mobile phone Office phone (available only for tenants with paid subscriptions) Security questions Users can only reset their password if they have registered an authentication method that the administrator has enabled.

Note: Select authentication methods and registration options When users need to unlock their account or reset their password, they're prompted for another confirmation method. This extra authentication factor makes sure that Azure AD finished only approved SSPR events. You can choose which authentication methods to allow, based on the registration information the user provides.

1.

From the menu on the left side of the Authentication methods page, set the Number of methods required to reset to 2.

To improve security, you can increase the number of authentication methods required for SSPR.

2.

Choose the Methods available to users that your organization wants to allow. For this tutorial, check the boxes to enable the following methods:

Mobile app notification Mobile app code Email Mobile phone You can enable other authentication methods, like Office phone or Security questions, as needed to fit your business requirements.

3.

To apply the authentication methods, select Save.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr