Microsoft Security, Compliance, and Identity Fundamentals v1.0
Question 1
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
- A. access reviews
- B. managed identities
- C. conditional access policies
- D. Azure AD Identity Protection
Answer : A
Explanation:
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
Question 2
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer : 
Explanation:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Question 3
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Explanation:
Box 1: Yes -
Box 2: No -
Conditional Access policies are enforced after first-factor authentication is completed.
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 4
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer : 
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
Question 5
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer : 
Explanation:
Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
Question 6
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer : 
Explanation:
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide
Question 7
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
- A. conditional access policies
- B. Azure AD Identity Protection
- C. Azure AD Privileged Identity Management (PIM)
- D. authentication method policies
Answer : C
Explanation:
Azure AD Privileged Identity Management (PIM) provides just-in-time privileged access to Azure AD and Azure resources
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Question 8
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. text message (SMS)
- B. Microsoft Authenticator app
- C. email verification
- D. phone call
- E. security question
Answer : ABD
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
Question 9
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
- A. sensitivity label policies
- B. Customer Lockbox
- C. information batteries
- D. Privileged Access Management (PAM)
Answer : C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers
Question 10
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 11
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Explanation:
Box 1: Yes -
Conditional access policies can be applied to all users
Box 2: No -
Conditional access policies are applied after first-factor authentication is completed.
Box 3: Yes -
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 12
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer : 
Explanation:
When you register an application through the Azure portal, an application object and service principal are automatically created in your home directory or tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
Question 13
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. fingerprint
- B. facial recognition
- C. PIN
- D. email verification
- E. security question
Answer : ABC
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication
Question 14
HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:
Answer : 
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
Question 15
You have an Azure subscription.
You need to implement approval-based, time-bound role activation.
What should you use?
- A. Windows Hello for Business
- B. Azure Active Directory (Azure AD) Identity Protection
- C. access reviews in Azure Active Directory (Azure AD)
- D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Answer : D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure