Intro
This is the second free SC-100 practise test I have created, if you haven’t done the first one, please go do that first here: Microsoft Cybersecurity Architect (SC-100) Practise Test Questions #1
In this test, there is only one correct answer to each question.
If there is any issues that you spot, please leave a comment.
Questions
- How can you see a list of security recommendations, the impact of those recommendations and the current state of security according to Microsoft best-practice?
a) Security Suggestions
b) Microsoft Secure Score
c) Intune
- How do you ensure administrative access can be maintained during an MFA outage or being unable to reach a person holding an important role to implement key changes and ensure security during an emergency?
a) Contact Microsoft Support
b) Break-Glass/Emergency Access Accounts
c) Microsoft Emergency Control Service
- Which Microsoft service can fulfil Security Orchestration, Automation and Response capabilities?
a) Microsoft Cloud-App Security
b) Defender for Cloud
c) Microsoft Sentinel
- A Salesperson has accidentally sent a spreadsheet containing a list of customers and their main contact to a competitor, what type of security technology would help prevent this happening?
a) DLP
B) DHCP
C) SIEM
- What is meant by defence-in-depth?
a) Having a firewall to protect your network
b) Conditional Access
c) Multiple layers of security controls
- Which example is considered two different factors of authentication?
a) Password and a PIN code
b) PIN code and security question
c) Password and push notification response
d) Hardware token
- What is a great way of securing use of Entra ID accounts with a lot of administrative power?
a) Privileged Access Workstations
b) Defender for Identity
c) Defender for Cloud-Apps
- What is Privileged Identity Management (PIM)?
a) Allows for administrative roles to be explicitly turned on for a limited time (just-in-time) and for approvals to be applied to the be used for turning on the administrative roles
b) Allows you to scan for group membership misconfiguration and apply a regular access review regime
c) Allows users to be assigned roles based on their role by requesting them in a group of permissions (Access Package) by be approved by a group of package owners
- What is the acronym for the Microsoft threat modelling elements of security breach?
a) STRAFE
b) SROMPE
C) STRIDE
- Which Microsoft service provides DLP functionality?
a) Microsoft Purview
b) Microsoft Priva
Answers Below:
Answers
- B – Microsoft Secure Score provides you an easy to follow dashboard of Microsoft best-practises
- B – Break-Glass accounts are suggested as security best-practise by Microsoft: Manage emergency access admin accounts | Microsoft Learn
- C – Sentinel can be configured to automatically take actions based off of alerts from a wide range of sources.
- A – DLP is Data Loss Prevention, more on DLP can be found here: What is Data Loss Prevention (DLP)?
- C – Multiple layers of security is what is meant by defence in depth; you can learn more here: What is defense in depth?
- C – Password and push notification is the only listed answer with two distinct types of authentication, read more here: multi-factor authentication – Glossary | CSRC (nist.gov)
- A – Privileged Access Workstations, are computers which are used only to do administrative functions such as a using a Global Administrator account, this means that if the user cannot be phished with a malicious email, as they shouldn’t receive email on their privileged access workstation as well as other things, which reduces the attack surface, read more here: Why are privileged access devices important
- A – You can read more on PIM here: What is Privileged Identity Management? | Microsoft Learn
- C – STRIDE, you can find more on STRIDE here: STRIDE (security) – Wikipedia
- A – Microsoft Purview provides DLP functionality read more here: Learn about data loss prevention