Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Describe the capabilities of Microsoft security solutions practice sets

SC-900 Describe the capabilities of Microsoft security solutions • Complete Question Bank

SC-900 Describe the capabilities of Microsoft security solutions — All Questions With Answers

Complete SC-900 Describe the capabilities of Microsoft security solutions question bank — all 0 questions with answers and detailed explanations.

470
Questions
Free
No signup
Certifications/SC-900/Practice Test/Describe the capabilities of Microsoft security solutions/All Questions
Question 1easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator is using Microsoft Defender for Cloud to improve the security posture of Azure resources. The administrator wants to view a consolidated assessment of compliance with industry standards such as CIS and NIST. Which feature should be used?

Question 2mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft 365 Defender. The security team receives an alert about a potential malware outbreak on multiple endpoints, and they need an integrated view that correlates signals from various Microsoft security solutions. Which Microsoft 365 Defender portal component provides this unified view?

Question 3easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team is evaluating Microsoft security solutions to monitor user activities across multiple SaaS applications, including Salesforce and Dropbox, for signs of compromised accounts and data exfiltration. Which solution is specifically designed for this purpose?

Question 4mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company manages Azure virtual machines and on-premises servers. The security team needs a single dashboard that provides a secure score and actionable recommendations to improve the security posture across both environments. Which Microsoft solution should be used?

Question 5hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has deployed Microsoft 365 Defender to unify threat detection and response. Which two components are included within the Microsoft 365 Defender integrated solution? (Select all that apply.)

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A security analyst is using Microsoft 365 Defender to investigate a sophisticated multi-stage attack. The analyst needs to query data across endpoints, email, and identity logs to identify the attacker's behavior patterns and correlate events. Which Microsoft 365 Defender capability should the analyst use?

Question 7easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to reduce the attack surface on its Windows devices by blocking common techniques used by malware, such as preventing Office applications from creating child processes or blocking executable files from running from the %TEMP% folder. Which Microsoft Defender for Endpoint feature should be configured?

Question 8mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and is concerned about phishing attacks targeting employees. They want to deploy a solution that can automatically analyze email messages for malicious links and attachments, and also provide click-time protection by rewriting URLs. Which Microsoft 365 Defender component should they use?

Question 9easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator needs to identify and remediate misconfigurations in Azure resources that could lead to security breaches. They want a central dashboard that provides a secure score based on security controls and recommendations. Which Microsoft solution should they use?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A security operations center (SOC) team needs to collect security logs from Azure services, on-premises servers, and third-party firewalls. They want a cloud-native solution that provides advanced threat detection through analytics, machine learning, and the ability to hunt for threats across all data sources. Which Microsoft solution should they deploy?

Question 11mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team needs to detect and investigate advanced attacks targeting on-premises Active Directory accounts, such as Pass-the-Hash (PtH) and Golden Ticket attacks. Which Microsoft security solution should they deploy?

Question 12easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst receives an alert about a suspicious process on a device. The security solution automatically investigates the device, gathers evidence, and determines that a known malware variant was detected. It then presents an action plan to the analyst for remediation. Which Microsoft security solution provides this automated investigation and response capability?

Question 13hardmultiple choice
Read the full Ansible explanation →

A security operations center (SOC) team needs to ingest security logs from on-premises servers, Azure virtual machines, and SaaS applications like Salesforce. They want a cloud-native solution that uses machine learning to detect threats, provides a unified query language for hunting, and supports automated incident response through playbooks. Which Microsoft solution should they deploy?

Question 14mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to discover which cloud applications are being used by employees, assess the risk of those apps, and control data sharing in sanctioned apps like Box or Dropbox. Which Microsoft security solution should they implement?

Question 15mediummultiple choice
Read the full NAT/PAT explanation →

An organization runs workloads in Azure, an on-premises data center, and multiple third-party cloud environments. The security team needs a single, cloud-native solution that provides a unified view of the security posture across all these environments, along with a secure score and actionable recommendations. They also want to protect these workloads with advanced threat detection. Which Microsoft security solution should they implement?

Question 16mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team needs to continuously assess the security posture of Azure resources, including virtual machines, storage accounts, and SQL databases. They also want to identify vulnerabilities in both Windows and Linux servers running in Azure and on-premises, and receive prioritized recommendations for remediation. Which Microsoft security solution should they use?

Question 17hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs containerized applications on Azure Kubernetes Service (AKS) and stores container images in Azure Container Registry. The security team wants to automatically scan container images for vulnerabilities every time a new image is pushed to the registry and receive recommendations for remediation. Which Microsoft security solution should they enable?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to protect its Azure PaaS services, such as Azure SQL Database and Azure Key Vault, by detecting and alerting on suspicious activities like SQL injection attempts or unusual access patterns. They also need to integrate these alerts into a central security information and event management (SIEM) system for further analysis. Which Microsoft security solution provides the threat detection capability described?

Question 19hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A large enterprise uses a variety of cloud applications, including sanctioned apps like Microsoft 365 and unsanctioned apps that employees adopted without IT approval. The security team wants to discover all cloud applications in use, assess each app's risk score based on more than 80 risk factors, and control data sharing within sanctioned apps to prevent data leakage. Additionally, they need to identify which users are using a new, unknown file-sharing service. Which Microsoft security solution should be deployed to meet these requirements?

Question 20mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Exchange Online and is concerned about phishing attacks that include malicious hyperlinks. They need a security solution that checks URLs at the time a user clicks them and blocks access to known malicious or suspicious websites. The solution must also provide real-time reputation analysis for link clicks. Which Microsoft security solution should they enable?

Question 21hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations team uses Microsoft 365 Defender and wants to detect, investigate, and automatically respond to advanced identity-based attacks targeting on-premises Active Directory, such as Pass-the-Hash (PtH) and Golden Ticket attacks. They also need to integrate these alerts into Microsoft Sentinel for central incident management. Which Microsoft security solution provides these capabilities?

Question 22mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses a mix of Azure virtual machines and on-premises Windows and Linux servers. The security team wants a single, integrated solution that can continuously assess these servers for missing security updates, weak operating system configurations, and common vulnerabilities. The solution should provide prioritized remediation recommendations. Which Microsoft security solution should they use?

Question 23easymultiple choice
Read the full NAT/PAT explanation →

A security operations team uses Microsoft Sentinel to centralize security log analysis. They need to ingest logs from a third-party firewall that does not have a native connector. What should the team use to bring the firewall logs into Microsoft Sentinel?

Question 24easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft 365 Defender and wants to automate the investigation and response to common email-based phishing attacks. They want the system to automatically take actions such as deleting malicious emails from user inboxes across the organization after analysis. Which Microsoft 365 Defender component provides this automated capability?

Question 25mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations team needs to protect their organization's Windows 10 and Windows 11 devices from advanced persistent threats (APTs), ransomware, and fileless malware. They also require a centralized dashboard to view device security posture, investigate incidents, and perform proactive threat hunting using advanced queries. Which Microsoft security solution should they deploy?

Question 26mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Exchange Online. The security team wants to protect users from malware hidden in email attachments by detonating them in a secure sandbox environment before delivery. Which Microsoft Defender for Office 365 feature should they enable?

Question 27mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs workloads in Azure and Amazon Web Services (AWS). The security team wants a single, unified dashboard to assess the security posture of all cloud resources, get prioritized recommendations for misconfigurations, and enable just-in-time (JIT) virtual machine access across both cloud environments. Which Microsoft security solution should they use?

Question 28mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud Apps to secure its cloud applications. The security team wants to monitor and control data activities in a third-party cloud app (e.g., Box) in real time. Specifically, they need to block downloads of files that have a 'Confidential' sensitivity label when users access the app from unmanaged devices. Which capability of Microsoft Defender for Cloud Apps should they configure?

Question 29mediummultiple choice
Read the full Ansible explanation →

A security operations team uses multiple Microsoft security products, including Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Entra ID Protection. They want to aggregate alerts from these sources into a single dashboard, correlate them to create incidents, and use automated playbooks to respond to threats. The team also wants to query historical security data for threat hunting. Which Microsoft solution should they deploy?

Question 30mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs workloads in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). The security team needs a single, unified dashboard to continuously assess the security posture of all cloud resources, identify misconfigurations, and receive prioritized recommendations for remediation. Which Microsoft security solution should they use?

Question 31mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to improve its security awareness program by periodically sending simulated phishing emails to employees to test their ability to identify malicious messages. The results should be tracked in a dashboard that shows which employees clicked the links. Which Microsoft 365 Defender capability should they use?

Question 32hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to gain visibility into the use of unsanctioned cloud applications (shadow IT) within their organization. The security team has access to network proxy logs that show traffic to various cloud services. They want to use a Microsoft security solution to analyze these logs and identify which cloud apps are being used, by whom, and how much data is being consumed. Which capability of Microsoft Defender for Cloud Apps should they use?

Question 33mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations team needs to protect Windows servers from ransomware and other advanced threats. They require a solution that provides endpoint detection and response (EDR), automated investigation, and the ability to isolate compromised machines from the network. Which Microsoft security solution should they deploy?

Question 34mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365. The security team wants to protect users from clicking malicious URLs in email messages. The solution should rewrite all links in incoming emails so that when a user clicks them, the URL is checked in real time against a dynamic list of known malicious sites. Which Microsoft Defender for Office 365 feature should they enable?

Question 35mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company maintains an on-premises Active Directory environment with over 10,000 domain-joined computers. The security team is concerned about advanced attacks that use stolen credentials to move laterally, such as pass-the-hash attacks or DCSync attacks targeting domain controllers. They need a solution that monitors on-premises Active Directory traffic and event logs to detect these identity-based threats and provides alerts for investigation. Which Microsoft security solution should they deploy?

Question 36mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs workloads in Microsoft Azure and in Google Cloud Platform (GCP). The security team needs a single dashboard to view the security posture of both cloud environments, get recommendations for misconfigurations based on best practices, and track compliance with industry standards such as ISO 27001 and PCI DSS. Which Microsoft security solution should they use?

Question 37hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs Windows Server virtual machines (VMs) on-premises and in Azure. The security team wants a unified view of missing security updates and known vulnerabilities (CVEs) across all VMs. They want to enable agentless scanning for Azure VMs and deploy a lightweight agent for on-premises machines. The results should be consolidated in a single dashboard with prioritized remediation recommendations. Which Microsoft security solution should they use?

Question 38mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Exchange Online. The security team wants to protect users from malicious email attachments. They need a solution that detonates attachments in a sandbox environment to check for malware behavior before the email is delivered to the recipient. Which Microsoft Defender for Office 365 feature should they enable?

Question 39mediummultiple choice
Read the full Ansible explanation →

A security operations center (SOC) team needs a centralized platform to collect logs from firewalls, servers, and cloud applications. They want to analyze these logs to detect threats, create custom alerts, and automate response actions using playbooks. The solution should also provide threat intelligence feeds and allow for advanced hunting with Kusto Query Language (KQL). Which Microsoft security solution should the team implement?

Question 40mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has deployed Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. The security operations team wants a single, unified portal where they can view alerts from all these products, perform cross-domain investigations, and orchestrate automated response actions. Which Microsoft security solution should they use?

Question 41mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to improve its security posture across Microsoft 365. The security team needs a central dashboard that provides a score based on current security configurations, gives recommendations for improving the score, and allows tracking of improvement actions over time. Which Microsoft security solution should they use?

Question 42mediummultiple choice
Read the full NAT/PAT explanation →

A company runs Azure SQL databases containing customer transaction data. The security team needs to detect and alert on suspicious database access patterns, such as SQL injection attempts or access from unusual locations. Which Microsoft security solution should they enable?

Question 43mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Azure virtual machines and also has physical servers in their on-premises datacenter. The security team needs a single dashboard to view security recommendations, detect misconfigurations, and get a secure score for both environments. They also want to integrate with Microsoft Defender for Cloud for threat protection. Which Microsoft security solution provides this unified visibility across hybrid workloads?

Question 44hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs critical applications on Windows Server virtual machines in Azure and on-premises. The security team wants to reduce the exposure of administrative ports (e.g., RDP, SSH) by requiring administrators to request just-in-time (JIT) access. The request should require approval from a central team, and the port should be opened only for a limited time. Which Microsoft security solution provides this JIT capability for both Azure and on-premises servers (when connected via Azure Arc)?

Question 45hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Endpoint on all workstations and Microsoft Defender for Office 365 for email protection. The security operations team wants a single console to see all incidents from both products, automatically investigate and respond to threats across endpoints and email, and integrate with Microsoft Sentinel for advanced hunting. Which Microsoft security solution should they use?

Question 46mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs virtual machines in Azure and also maintains on-premises servers connected via Azure Arc. The security team needs a single dashboard to view security recommendations, detect misconfigurations, and track a secure score across both environments. They also want to enable advanced threat protection features such as just-in-time (JIT) VM access and file integrity monitoring for these workloads. Which Microsoft security solution should they implement?

Question 47mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to gain visibility into the cloud applications that employees are using (e.g., unsanctioned SaaS apps), assess the risk level of each app based on multiple factors, and block access to high-risk applications. Which Microsoft security solution should they deploy?

Question 48mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to detect and respond to advanced attacks targeting their on-premises Active Directory infrastructure, such as Kerberos Golden Ticket attacks, pass-the-hash, and brute-force attempts. The solution should integrate with Microsoft Sentinel and Microsoft 365 Defender for cross-domain investigations. Which Microsoft security solution should they deploy?

Question 49hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses a third-party SaaS CRM application. The security team needs to monitor user sessions in real-time when sales representatives access the CRM from personal, unmanaged devices. The goal is to prevent the download of sensitive customer data to local drives. The solution should block download actions and show a warning to the user. Which Microsoft security solution should the team deploy to enforce these session controls?

Question 50mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs a production Kubernetes cluster in Azure. The security team needs to continuously monitor the cluster for misconfigurations, such as containers running with privileged access or secrets exposed in environment variables. They also want to detect runtime threats like crypto-mining containers. Which Microsoft security solution should they use?

Question 51mediummultiple choice
Read the full Ansible explanation →

A company's security operations team needs to centralize security log collection from multiple sources including on-premises firewalls, AWS CloudTrail, and Azure Active Directory sign-in logs. They want to use built-in analytics to detect threats across all data sources and create automated response playbooks, such as isolating a compromised user account when a specific attack pattern is detected. Which Microsoft security solution should they deploy?

Question 52easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses a third-party SaaS project management application. The security team wants to monitor and control user sessions when employees access the application from personal, unmanaged devices. Specifically, they want to block the download of files to local drives and display a warning message to the user if they attempt to download. Which Microsoft security solution should they deploy?

Question 53mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization wants to protect its fleet of Windows 10 laptops from advanced malware and ransomware. The solution must detect suspicious behavior (e.g., a process encrypting files) and provide security teams with the ability to isolate an infected device from the network for investigation. Which Microsoft security solution should they deploy?

Question 54hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company's security operations center wants to detect advanced attacks targeting their on-premises Active Directory, such as Kerberos Golden Ticket attacks, pass-the-hash, and skeleton key malware. They need a solution that monitors domain controller traffic, correlates with entity behavior, and integrates with Microsoft Sentinel for incident response. Which Microsoft security solution should they deploy?

Question 55mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and stores many business documents in SharePoint Online and OneDrive. The security team wants to automatically detect and block malicious files (e.g., those containing ransomware or other malware) that are uploaded to these document libraries. Files should be scanned and held until proven safe. Which Microsoft security solution should they enable to provide this protection?

Question 56mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to protect its employees from phishing attacks delivered via email. The solution must analyze all URLs embedded in incoming emails in real-time. If a URL points to a known malicious site, the link should be blocked at the time of click. Additionally, the solution should sandbox URLs in attachments and provide time-of-click verification. Which Microsoft security solution should they implement?

Question 57mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations team investigates a multi-stage attack that began with a phishing email, then moved to credential compromise, and finally to lateral movement on endpoints. They need a single pane of glass to view the entire attack story, including the initial email, the compromised user's sign-in activities, and processes on affected devices. Which Microsoft security solution provides this unified investigation experience?

Question 58mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs a web application in Azure that is publicly accessible. They want to protect it against large-scale distributed denial-of-service (DDoS) attacks from multiple sources. Which Azure service is specifically designed for this purpose?

Question 59mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has multiple Azure virtual machines running various workloads. They want a central solution that continuously assesses their security posture, identifies vulnerabilities, and provides recommendations to harden the environment. Which Azure service should they use?

Question 60mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A financial institution is deploying Microsoft Sentinel to monitor security events across its hybrid cloud environment. They want to correlate alerts from multiple sources and automate incident response. Which Microsoft Sentinel feature should they use to create automated workflows?

Question 61mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to secure their Azure environment. The security team needs to check whether their resources comply with the CIS (Center for Internet Security) benchmark. How can they view their compliance status against CIS in Defender for Cloud?

Question 62easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Azure virtual machines for a production database. The security team wants to minimize the attack surface by blocking all inbound RDP (port 3389) traffic. However, administrators occasionally need to connect for maintenance. The team needs a solution that allows administrators to request temporary access to the RDP port, which is automatically revoked after a specified time. Which Microsoft Defender for Cloud feature should they use?

Question 63mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Endpoint to secure its devices, Microsoft Defender for Office 365 for email security, and Microsoft Defender for Identity for on-premises Active Directory. The security team wants a single console to view correlated incidents across these domains, where an incident might combine a suspicious email, a malicious file download, and a compromised account. Which Microsoft solution provides this unified incident view and automatic correlation?

Question 64mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and wants to protect its users from malicious links and attachments in email, as well as phishing attacks. Which Microsoft security solution is specifically designed for email and collaboration protection?

Question 65easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to improve their cloud security posture. They want to see an aggregated score that reflects how well their resources are protected against threats. Which feature in Defender for Cloud provides this?

Question 66mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and Azure. They want a unified security solution that provides threat protection across email, endpoints, identities, and cloud apps, with automated investigation and response capabilities. Which Microsoft solution should they use?

Question 67hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator wants to use Microsoft Defender for Cloud to protect Azure VMs. Which two of the following should be enabled to meet the requirements? (Choose two.)

Question 68easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has enabled Microsoft Defender for Cloud. They want to assess their Azure resources for compliance with security benchmarks like CIS and Azure Security Benchmark, and view a secure score. Which feature of Defender for Cloud provides this capability?

Question 69mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and wants to protect against sophisticated phishing attacks that use malicious links in email. They also want real-time analysis of URLs at the time of click. Which Microsoft Defender for Office 365 feature provides this?

Question 70mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to gain visibility into which cloud applications are being used by employees (shadow IT) and assess the risk level of each app. They use Microsoft Defender for Cloud Apps. Which feature should they enable to discover and analyze these apps?

Question 71mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Office 365 and wants to protect users from malicious attachments in email. They need a feature that scans email attachments in a sandbox environment before they are delivered to recipients. Which Defender for Office 365 feature should they use?

Question 72mediummultiple choice
Read the full NAT/PAT explanation →

A security team wants to discover which cloud applications (such as Dropbox, Salesforce, or unsanctioned file-sharing apps) are being used by employees, even if those apps are not sanctioned by IT. They need to analyze usage patterns, risk levels, and identify potential shadow IT. Which feature of Microsoft Defender for Cloud Apps should they enable?

Question 73mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and needs to protect endpoints from ransomware attacks that encrypt files. The security team wants automated investigation and response capabilities for malware incidents on Windows devices. Which Microsoft security solution should they use?

Question 74mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to secure their multi-cloud environment, which includes Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). They want a unified view of security posture, continuous assessment of resources, and recommendations to improve security across all clouds. Which feature of Defender for Cloud provides this capability?

Question 75hardmultiple choice
Read the full Ansible explanation →

A security team needs to collect and analyze security logs from a hybrid environment consisting of on-premises Windows servers, Azure virtual machines, and AWS workloads. They want to correlate events, detect anomalous behavior, and create custom security alerts with automated response playbooks. Which Microsoft security solution should they use?

Question 76mediummultiple choice
Read the full NAT/PAT explanation →

A security team wants to discover all cloud apps being used by employees, including unsanctioned personal apps like unauthorized file-sharing services. They plan to analyze firewall logs to identify traffic patterns and assess each app's risk score. Which feature of Microsoft Defender for Cloud Apps should they enable?

Question 77mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst needs to detect and investigate compromised identities in on-premises Active Directory. They want to monitor for lateral movement, reconnaissance, and credential theft using behavioral analytics. Which Microsoft security solution is designed specifically for this purpose?

Question 78mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 E5 and is concerned about advanced phishing attacks that use adversary-in-the-middle (AiTM) techniques to steal session cookies and bypass multifactor authentication. Which Microsoft Defender for Office 365 feature should they configure to specifically protect against this type of attack?

Question 79mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations team uses Microsoft Defender for Cloud and has connected their AWS and GCP accounts. They want to continuously assess the security posture of AWS EC2 instances against the CIS AWS Foundations Benchmark and receive prioritized recommendations. Which feature of Defender for Cloud should they use?

Question 80mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team wants to receive a unified security posture assessment for their hybrid workloads including Azure VMs, on-premises SQL servers, and AWS EC2 instances. They need to get actionable recommendations to harden configurations and improve their overall security score. Which Microsoft security solution provides this capability?

Question 81mediummultiple choice
Read the full NAT/PAT explanation →

A security team wants to discover all cloud applications being used by employees, including unsanctioned file sharing and collaboration apps. They plan to analyze traffic logs from their network firewall to identify usage patterns and assess each app's risk level. Which feature of Microsoft Defender for Cloud Apps should they enable?

Question 82mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team wants to discover which cloud applications are being used by employees, including unsanctioned file-sharing and collaboration apps. They plan to upload network traffic logs from their firewall to analyze app usage and risk levels. Which feature of Microsoft Defender for Cloud Apps should they enable?

Question 83mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and sanctioned cloud apps like Salesforce and Box. The security team wants to prevent users from downloading sensitive documents from these apps when accessing from unmanaged personal devices, while still allowing read-only access. They need real-time session monitoring and control. Which Microsoft security solution should they use?

Question 84mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team wants to monitor and proactively defend against cyber threats across their entire infrastructure, including Azure virtual machines, on-premises servers, and AWS workloads. They need a unified solution that provides endpoint detection and response (EDR), vulnerability management, and threat hunting capabilities. Which Microsoft security solution should they use?

Question 85mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs critical applications on Azure virtual machines and on-premises SQL servers. The security team wants to reduce VM attack surface by allowing just-in-time (JIT) access to RDP and SSH ports only when needed. Additionally, they need to monitor changes to important registry keys and system files on the SQL servers. Which Microsoft security solution should they use?

Question 86hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations center (SOC) wants to enrich their detection capabilities by automatically correlating internal network logs with external threat intelligence feeds containing known malicious IP addresses and domains. They need to ingest, normalize, and prioritize these indicators and generate alerts when matches are found. Which Microsoft security solution provides built-in capabilities for this purpose?

Question 87mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst needs to investigate a potential malware outbreak that started on an on-premises Windows server several days ago. They want to trace the attack timeline, see which files were modified, and understand how the attacker moved laterally across the network. Which Microsoft solution provides advanced endpoint detection and response (EDR) for on-premises servers?

Question 88mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations team needs a solution that can detect and stop ransomware attacks on Windows servers and desktops in real time. They also want the ability to automatically isolate affected devices and, if necessary, roll back files modified by ransomware using a built-in recovery feature. Which Microsoft security solution provides these capabilities?

Question 89hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A healthcare organization runs a mix of workloads on Azure (Azure VMs, SQL Database) and on-premises (Windows Servers). They must continuously assess their compliance against the HIPAA and HITRUST regulatory frameworks. They want a unified dashboard that shows their compliance score against these standards and provides step-by-step recommendations to remediate violations. Which Microsoft Defender for Cloud capability should they use?

Question 90mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team manages a hybrid environment with Azure VMs and on-premises Windows servers. They want a single dashboard that provides continuous assessment of security posture, actionable recommendations to harden configurations, and integration with Microsoft Defender for Cloud to detect threats. Which Microsoft security solution should they use?

Question 91hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations center (SOC) receives a high volume of low-fidelity alerts from various security tools. They need a solution that can automatically correlate alerts into incidents, use built-in machine learning to reduce false positives, and provide a unified console for investigation and response across Azure, on-premises, and Microsoft 365. Which Microsoft security solution should they use?

Question 92hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team needs to detect and automatically respond to ransomware attacks on Windows servers and desktops. They require the solution to automatically isolate affected devices from the network and, if necessary, roll back files that have been modified by ransomware using a built-in recovery feature. Which Microsoft security solution provides these specific capabilities?

Question 93mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team needs to detect and investigate suspicious activities in their on-premises Active Directory environment, such as pass-the-hash attacks, Kerberoasting, and unusual service account behavior. They also want to integrate these alerts with Microsoft Defender for Cloud for a unified view across hybrid workloads. Which Microsoft security solution should they deploy on-premises?

Question 94mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses a hybrid environment with Azure virtual machines (IaaS) and on-premises Windows servers. The security team needs a single solution that continuously assesses the security posture of these workloads, provides a regulatory compliance dashboard with actionable recommendations, and enables threat detection. Which Microsoft security solution should they use?

Question 95mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and allows employees to access corporate email and documents from their personal devices. The security team wants to protect against malicious links in emails and Microsoft Teams messages. When a user clicks a link, it should be checked in real-time to see if it leads to a known malicious site. If it does, access should be blocked. Which Microsoft security solution provides this capability?

Question 96mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Azure virtual machines and on-premises Windows servers. The security team wants a single solution that provides vulnerability assessment, a regulatory compliance dashboard (e.g., for ISO 27001), and integrated threat detection such as fileless malware and anomalous logins. Which Microsoft security solution should they use?

Question 97hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Salesforce and Box as cloud apps. The security team discovers that a third-party OAuth app with excessive permissions was granted access to Salesforce data by a user. They want a solution that can detect such risky OAuth apps and automatically revoke their permissions based on policy. Which Microsoft security solution provides this capability?

Question 98mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft 365 and wants to protect users from malicious attachments in email. The security team wants a solution that detonates attachments in a sandbox environment before delivery, and only allows the email through if the attachment is deemed safe. Which Microsoft security solution should they use?

Question 99mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud Apps. The security team discovers that a user has granted a third-party OAuth app with 'read all mail' and 'send mail as user' permissions. They want to automatically revoke the authorization for this risky app and block similar apps in the future. Which Defender for Cloud Apps feature should they use?

Question 100mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team manages a hybrid environment with on-premises Windows servers and Azure VMs. They need a solution that can detect lateral movement attacks, pass-the-hash attempts, and anomalous service account behavior on the on-premises Active Directory environment. They also want these alerts to be integrated into Microsoft Defender for Cloud for centralized monitoring. Which Microsoft security solution should they deploy on their on-premises domain controllers?

Question 101hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team monitors user activities in third-party cloud apps like Box and Dropbox. They want to automatically detect when a user performs an anomalous file download after signing in from an unusual location, and then suspend the user's account and initiate an investigation. Which Microsoft security solution should they use?

Question 102mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Azure virtual machines (IaaS) and on-premises Windows servers. The security team needs a single solution that provides a continuous assessment of security posture, a regulatory compliance dashboard for NIST SP 800-53, and integrated threat detection for hybrid workloads (e.g., brute force attacks on SSH). Which Microsoft security solution should they use?

Question 103mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Azure resources, on-premises servers, and third-party cloud apps. The security team wants a single solution to collect security logs from all these sources, detect threats using advanced analytics, and automate responses to incidents. Which Microsoft security solution should they use?

Question 104hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs critical Windows virtual machines on Azure. To reduce the attack surface, the security team wants to block all inbound RDP (port 3389) traffic from the internet by default. When a security engineer needs to connect via RDP for troubleshooting, they must request access through a portal, and the RDP port will be opened for a limited time (e.g., 4 hours) only to their source IP address. Which Microsoft security solution should they use to implement this control?

Question 105mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and many third-party SaaS apps like Salesforce and Box. The security team wants to detect when a user downloads a large number of files from a cloud storage app after hours, which may indicate data exfiltration. Which Microsoft security solution should be used to detect such anomalous behavior in cloud apps?

Question 106hardmultiple choice
Read the full NAT/PAT explanation →

A company uses Azure SQL Database for a critical line-of-business application. The security team wants to enable threat protection that specifically detects and alerts on SQL injection attempts and anomalous database access patterns. Which workload protection plan should they enable within Microsoft Defender for Cloud?

Question 107hardmultiple choice
Read the full Ansible explanation →

A global enterprise has a hybrid environment that includes on-premises Active Directory, Azure resources, Amazon Web Services (AWS), and Google Cloud Platform (GCP). The security team needs a single solution to collect security logs from all these sources, detect threats using advanced analytics and threat intelligence, and automate incident response via playbooks. They already have Microsoft Defender for Cloud protecting their Azure workloads. Which Microsoft security solution should they add to meet these requirements?

Question 108mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team wants to detect when a user downloads an unusually large number of files from a third-party cloud storage app (e.g., Box) after logging in from an unfamiliar location. They also want to automatically suspend the user's account if such behavior is detected. Which Microsoft security solution should they use?

Question 109mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has a hybrid environment with on-premises Active Directory. The security team wants to detect advanced attacks such as pass-the-hash, malicious Kerberos ticket activity, and abnormal service account behavior. They want alerts from the on-premises environment to be integrated into Microsoft Defender for Cloud for centralized monitoring. Which Microsoft security solution should they deploy on their domain controllers?

Question 110hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company runs Azure VMs and on-premises Windows servers. They need a solution that provides vulnerability assessment, regulatory compliance dashboard, and threat detection for their hybrid workloads. Which Microsoft security solution should they use?

Question 111hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and many third-party SaaS apps like Salesforce and Box. The security team needs to discover which unsanctioned cloud apps employees are using (Shadow IT). They also want to get a risk score for each app and receive alerts when a high-risk app is used. Which Microsoft security solution should they use?

Question 112easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and wants to protect its users from clicking malicious links in phishing emails. The security team needs a solution that rewrites URLs in email messages to check the link at the time of click, and blocks access if the link is malicious. Which Microsoft security solution should they use?

Question 113hardmultiple choice
Read the full NAT/PAT explanation →

A company runs a mix of on-premises servers and Azure virtual machines. They deploy Microsoft Defender for Endpoint on all servers. The security team wants to create custom queries to hunt for a specific attack pattern that involves a sequence of events across multiple machines, such as a PowerShell script being downloaded and then executed on several servers. They need to write their own detection rules based on advanced hunting data. Which Microsoft 365 Defender capability should they use?

Question 114easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and several third-party SaaS apps. The security team wants to detect when a user signs in from a remote location that is significantly far from their typical sign-in location within a very short time, indicating possible account compromise. Which Microsoft security solution should they use?

Question 115mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to protect against business email compromise (BEC) attacks where attackers impersonate the CEO to trick employees into transferring funds. Which Microsoft Defender for Office 365 capability should they configure to detect such impersonation?

Question 116mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and wants to deploy a security solution that can automatically detect and remediate advanced attacks on endpoints (workstations and servers), such as ransomware and fileless attacks. They also want to provide incident response teams with detailed forensic data and the ability to isolate an infected machine from the network. Which Microsoft security solution should they use?

Question 117hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company uses a hybrid infrastructure with on-premises Active Directory and Azure resources. They have deployed Microsoft Defender for Cloud to protect their Azure workloads. They now want to extend threat detection to their on-premises Active Directory by collecting security events from domain controllers to detect attacks like Golden Ticket, DCSync, and malicious Kerberos activity. The solution should integrate with Microsoft Sentinel for automated response. Which security solution should they deploy on the on-premises domain controllers?

Question 118easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to deploy a single security operations portal that provides a unified view of alerts and incidents from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Which Microsoft portal should the security team use?

Question 119easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to collect security logs from on-premises servers, cloud applications, and network devices into a central repository, and then use advanced analytics detect threats and automate incident response. Which Microsoft security solution should they deploy?

Question 120mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has on-premises Active Directory. They want to detect advanced attacks like Pass-the-Hash, DCSync, and malicious Kerberos activity using behavioral analytics. Which Microsoft security solution should they deploy on their domain controllers?

Question 121hardmultiple choice
Read the full NAT/PAT explanation →

A security analyst wants to create a custom detection rule that tracks a specific multi-stage attack pattern: a user receives a phishing email, clicks a link, and then a script is executed on their device. The analyst needs to write a Kusto Query Language (KQL) query to detect this pattern and schedule it to run automatically, generating alerts. Which Microsoft 365 Defender capability should they use?

Question 122mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to protect against spear-phishing attacks where attackers impersonate the company's CEO or other trusted domains to trick employees into transferring funds. They need a security solution that uses machine learning to detect and prevent such impersonation attempts in incoming emails. Which Microsoft 365 protection feature should they enable?

Question 123easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 and Microsoft Azure. The security team wants a single portal that provides a unified view of alerts and incidents from their endpoints, email, and cloud applications to accelerate threat investigation and response. Which Microsoft security solution should they use?

Question 124mediumdrag order
Read the full Describe the capabilities of Microsoft security solutions explanation →

Sequence the steps to enable Microsoft Defender for Cloud Apps for an organization.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 125mediumdrag order
Read the full Describe the capabilities of Microsoft security solutions explanation →

Arrange the steps to configure multi-factor authentication (MFA) for a user in Azure AD.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 126mediummatching
Read the full Describe the capabilities of Microsoft security solutions explanation →

Match each Microsoft identity service to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cloud-based identity and access management

Directory service for Windows domain networks

Collaboration with external partners

Customer identity and access management for apps

Integration of on-premises AD with Azure AD

Question 127mediummatching
Read the full Describe the capabilities of Microsoft security solutions explanation →

Match each authentication method to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Sign in without a password using biometrics or FIDO2

Require two or more verification methods

One credential for multiple applications

Policy-based access controls based on signals

Biometric or PIN-based sign-in for Windows

Question 128easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to automatically investigate and remediate email-based threats in Microsoft 365. Which security solution should you use?

Question 129mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company must ensure that sensitive data in SharePoint Online is automatically classified and protected. They want to use built-in Microsoft Purview capabilities. Which feature should they implement?

Question 130hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Entra ID for identity management. They want to implement a risk-based conditional access policy that requires multi-factor authentication (MFA) when sign-in risk is medium or high. Which policy settings should they configure?

Question 131easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company wants to use Microsoft Security Copilot to help analysts investigate security incidents. Which data source can Security Copilot ingest to provide contextual insights?

Question 132mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Intune to manage devices. They need to ensure that only devices with a minimum OS version can access corporate email. What should they configure?

Question 133hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company is deploying Microsoft Entra ID Governance. They want to automate the review of guest user access to Microsoft Teams and remove access when guests leave the partner organization. Which feature should they implement?

Question 134mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst needs to query Microsoft 365 audit logs to find all activities where a user deleted a file from SharePoint Online in the last 24 hours. Which tool should they use?

Question 135easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to use Microsoft Defender for Cloud to secure Azure virtual machines. Which feature should they enable to get vulnerability assessment without additional agents?

Question 136hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You run a Kusto query in Microsoft Defender XDR Advanced Hunting. What does this query return?

Exhibit

Refer to the exhibit.

```kusto
DeviceAlertEvents
| where Timestamp > ago(7d)
| where AlertSeverity == "High"
| summarize Count = dcount(DeviceName) by AlertTitle
| top 10 by Count
```
Question 137mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Purview features can be used to classify and label sensitive data in Microsoft 365?

Question 138easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE are capabilities of Microsoft Defender for Cloud?

Question 139hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Security Copilot capabilities can help security analysts during incident response?

Question 140easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to use Microsoft Intune to enforce that mobile devices have a PIN of at least 6 characters to access corporate resources. What should they configure?

Question 141mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing a Conditional Access policy JSON in Microsoft Entra ID. What will this policy do?

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "displayName": "Block high-risk sign-ins",
    "conditions": {
      "userRiskLevels": ["high"],
      "signInRiskLevels": []
    },
    "grantControls": {
      "builtInControls": ["block"]
    }
  }
}
```
Question 142hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are creating a custom analytics rule in Microsoft Sentinel. What does this rule detect?

Exhibit

Refer to the exhibit.

```json
{
  "alertRule": {
    "displayName": "Unusual sign-in from unfamiliar location",
    "query": "SigninLogs | where RiskLevelDuringSignIn == 'medium' or RiskLevelDuringSignIn == 'high' | where Location != 'US'",
    "frequency": "PT1H",
    "severity": 2
  }
}
```
Question 143mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is deploying Microsoft Defender XDR to detect and respond to advanced threats. You need to ensure that security alerts from Microsoft Defender for Endpoint are automatically correlated with alerts from Microsoft Defender for Office 365. What should you configure?

Question 144hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They need to prevent users from sharing credit card numbers via email, but allow sharing via Microsoft Teams messages. What should they configure?

Question 145easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate email. Which policy should you configure?

Question 146hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are reviewing a Microsoft Sentinel KQL query. What is the primary purpose of this query?

Exhibit

Refer to the exhibit.

```kql
// Microsoft Sentinel KQL query
let timeframe = 7d;
IdentityLogonEvents
| where Timestamp > ago(timeframe)
| where Application == "Microsoft Teams"
| summarize LogonAttempts = count() by UserPrincipalName, IPAddress
| where LogonAttempts > 10
| join kind=inner (
    AADNonInteractiveUserSignInLogs
    | where Timestamp > ago(timeframe)
    | summarize FailedSignIns = count() by UserPrincipalName
) on UserPrincipalName
| project UserPrincipalName, IPAddress, LogonAttempts, FailedSignIns
| order by FailedSignIns desc
```
Question 147mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview eDiscovery to manage legal cases. You need to place a hold on a user's mailbox to preserve data for an ongoing litigation. Which role do you need to assign to the eDiscovery manager?

Question 148easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to use Microsoft Defender for Cloud Apps to detect anomalous user behavior across cloud applications. Which feature should you enable?

Question 149hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are reviewing a Microsoft Purview DLP policy rule represented in JSON. What is the effect of this rule?

Exhibit

Refer to the exhibit.

```json
{
  "rules": [
    {
      "id": "DLP Rule 1",
      "condition": {
        "sensitiveInfoTypes": [
          {
            "name": "Credit Card Number",
            "confidenceLevel": "high"
          }
        ],
        "instanceCount": "10",
        "location": "Exchange"
      },
      "action": "BlockAccess"
    }
  ]
}
```
Question 150mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Entra ID for identity management. You need to implement a solution that allows users to sign in using their social media accounts, such as Google or Facebook. What should you configure?

Question 151easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to protect sensitive documents from being copied to unauthorized cloud services. Which Microsoft Purview capability should you use?

Question 152mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are features of Microsoft Defender for Cloud? (Choose two.)

Question 153hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are capabilities of Microsoft Purview eDiscovery? (Choose three.)

Question 154easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are benefits of using Microsoft Entra ID Conditional Access? (Choose two.)

Question 155hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A tenant administrator runs the PowerShell cmdlet shown in the exhibit. The output shows that some compliance policies have IsAssigned = $false. What does this indicate?

Exhibit

Refer to the exhibit.

```powershell
# Microsoft Intune PowerShell script to retrieve device compliance policies
Get-DeviceCompliancePolicy | Select-Object -Property DisplayName, IsAssigned
```
Question 156mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel as a SIEM. You need to collect security events from on-premises servers. Which connector should you use?

Question 157easymultiple choice
Read the full NAT/PAT explanation →

Your organization wants to label emails and documents as 'Confidential' automatically based on content patterns. Which Microsoft Purview feature should you use?

Question 158mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud Apps. A security analyst needs to receive an alert whenever a user accesses a cloud app from a new IP address that is not in the organization's trusted IP range. What should the analyst configure?

Question 159hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is implementing Microsoft Defender for Office 365 to protect against phishing attacks. You need to ensure that when a user clicks a malicious link in an email, the user is warned and the action is blocked. Which policy should you configure?

Question 160easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are a security administrator for a company that uses Microsoft 365. The compliance team needs to automatically classify and protect sensitive data such as credit card numbers in emails and documents. Which Microsoft Purview solution should you recommend?

Question 161mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization has Microsoft Sentinel deployed. The security operations team needs to automatically respond to a security incident by opening an incident in ServiceNow and sending a notification to a Teams channel. What should you configure?

Question 162hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Entra ID and is implementing a zero-trust security model. You need to ensure that all access requests to sensitive applications are verified continuously, not just at the initial sign-in. Which Microsoft Entra ID capability should you use?

Question 163easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization has deployed Microsoft Intune for mobile device management. You need to ensure that users can only access corporate resources from devices that are compliant with your security policies. Which policy type should you configure?

Question 164mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is using Microsoft Defender for Cloud to secure a multi-cloud environment including Azure and AWS. You need to identify misconfigurations that could lead to security breaches. Which feature should you use?

Question 165hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview to manage data across Azure, on-premises SQL Server, and Amazon S3. You need to create a unified map of all data sources and their sensitivity labels. Which Microsoft Purview feature should you use?

Question 166easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Endpoint. You need to investigate a potential malware outbreak on several endpoints. Which feature allows you to search for indicators of compromise (IOCs) across all endpoints?

Question 167mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are reviewing a Microsoft Purview sensitivity label configuration. Based on the exhibit, what will happen when this label is applied to a document?

Exhibit

Refer to the exhibit.

{
  "LabelId": "12345678-1234-1234-1234-123456789012",
  "DisplayName": "Confidential",
  "Description": "Sensitive business data",
  "Actions": [
    {
      "Type": "encrypt",
      "EncryptionType": "AES256"
    },
    {
      "Type": "marking",
      "MarkingType": "watermark",
      "WatermarkText": "CONFIDENTIAL"
    },
    {
      "Type": "protection",
      "ProtectionType": "block",
      "BlockAction": "share"
    }
  ]
}
Question 168hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are analyzing sign-in logs in Microsoft Sentinel. Based on the KQL query in the exhibit, what is the purpose of this query?

Exhibit

Refer to the exhibit.

let timeRange = 7d;
SigninLogs
| where TimeGenerated > ago(timeRange)
| where ResultType == "50057"
| project TimeGenerated, UserPrincipalName, IPAddress, Location
| summarize Attempts = count() by UserPrincipalName
| where Attempts > 10
| order by Attempts desc
Question 169mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You run the Microsoft Graph PowerShell command in the exhibit. What information does this command retrieve about the user?

Exhibit

Refer to the exhibit.

Get-MgUser -Filter "userPrincipalName eq 'user@contoso.com'" | Select-Object Id, DisplayName, UserPrincipalName, SignInActivity

Id               : a0b1c2d3-e4f5-6789-0abc-def012345678
DisplayName      : John Doe
UserPrincipalName: user@contoso.com
SignInActivity   : @{LastSignInDateTime=2026-02-15T14:30:00Z; LastNonInteractiveSignInDateTime=2026-02-15T10:00:00Z}
Question 170easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender for Cloud? (Choose two.)

Question 171mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are features of Microsoft Purview Data Loss Prevention (DLP)? (Choose three.)

Question 172hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Sentinel? (Choose two.)

Question 173mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud Apps to monitor SaaS app usage. The security team wants to receive an alert when a user downloads more than 10 files from SharePoint Online within 5 minutes. Which type of policy should they create?

Question 174easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They need to prevent users from sharing credit card numbers via email outside the company. Which type of DLP rule action should they configure?

Question 175hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company is designing a Microsoft 365 Defender incident response workflow. They want to automatically isolate a compromised device when a ransomware alert is triggered. Which Microsoft 365 component should be used to execute the automated response action?

Question 176mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst needs to investigate a phishing campaign that targeted multiple users. They want to correlate email threat data with user actions and device signals. Which Microsoft security solution should they use as the primary investigation console?

Question 177easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to enforce conditional access policies that require multifactor authentication (MFA) for all users accessing financial apps from outside the corporate network. Which Microsoft Entra ID license is minimally required to create conditional access policies?

Question 178hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A security analyst is reviewing an alert from Microsoft 365 Defender. The alert is associated with an incident. What is the best first step to investigate this alert?

Exhibit

{
  "alerts": [
    {
      "id": "alert-123",
      "title": "Suspicious inbound email with malware",
      "category": "Malware",
      "severity": "High",
      "incidentId": "inc-456"
    }
  ]
}
Question 179mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A Microsoft Purview DLP policy is configured. When a user attempts to share a document containing a credit card number externally, what will happen?

Exhibit

{
  "policies": [
    {
      "name": "Sensitive data DLP",
      "rules": [
        {
          "condition": {
            "sensitiveInfoTypes": ["Credit Card Number"]
          },
          "actions": ["BlockAccess", "NotifyUser"]
        }
      ]
    }
  ]
}
Question 180easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to use Microsoft Sentinel to collect security logs from on-premises servers and send them to Azure. Which data connector should they use?

Question 181hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security operations center (SOC) team uses Microsoft Sentinel with User and Entity Behavior Analytics (UEBA) enabled. They notice an alert about a user accessing a sensitive HR application from an unusual IP address at 3 AM. What does UEBA primarily use to detect this anomaly?

Question 182mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender for Cloud Apps?

Question 183hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are features of Microsoft Purview Insider Risk Management?

Question 184easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are included in Microsoft Entra ID Protection?

Question 185mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are capabilities of Microsoft Defender for Office 365?

Question 186hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are examples of Microsoft Copilot for Security use cases?

Question 187mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. An analyst runs a KQL query in Microsoft Sentinel. What is the primary purpose of this query?

Exhibit

SecurityAlert | where AlertName == "Malware detected" | project TimeGenerated, ComputerName, AlertSeverity | order by TimeGenerated desc | take 10
Question 188hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel to detect threats. A security analyst needs to create a custom analytics rule that triggers an incident when a user accesses more than 1000 files from an external IP address within 5 minutes. Which rule type should the analyst configure?

Question 189mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview Information Protection to classify and protect sensitive data. You need to ensure that when a user sends an email containing a credit card number, the email is automatically encrypted and a custom footer is added. Which two components should you configure?

Question 190easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to protect against phishing attacks by verifying the sender's identity for incoming emails. Which Microsoft Defender for Office 365 feature should you configure?

Question 191hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to secure its hybrid cloud workload. The security team needs to ensure that all virtual machines (VMs) have Just-In-Time (JIT) VM access enabled. What should they use to enforce this across subscriptions?

Question 192easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Intune to manage mobile devices. You need to ensure that company data on personal devices is protected if the device is lost or stolen. What should you configure?

Question 193mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Entra ID and wants to provide a single sign-on (SSO) experience for a third-party SaaS application that supports SAML 2.0. The app must also enforce multifactor authentication (MFA) for external users. What should you configure?

Question 194hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. The exhibit shows an alert from Microsoft Defender XDR. The security team needs to determine if the file 'invoice.docm' is known malware and if other devices in the organization have this file. What should they do next?

Exhibit

{
  "alertId": "1234-5678",
  "title": "Malicious File Execution Detected",
  "severity": "High",
  "category": "Malware",
  "entities": [
    {
      "type": "file",
      "name": "invoice.docm",
      "sha256": "abc123..."
    },
    {
      "type": "device",
      "name": "DESKTOP-01"
    },
    {
      "type": "user",
      "name": "jdoe"
    }
  ],
  "investigationState": "Triggered"
}
Question 195mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Sentinel to manage security incidents. You need to automatically assign incidents to a specific analyst team based on the incident category (e.g., phishing incidents to the SOC team). What should you configure?

Question 196easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview to govern data in Azure Data Lake Storage. You need to create a data classification policy that automatically tags files containing personally identifiable information (PII) such as social security numbers. Which scanning solution should you use?

Question 197mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud to assess the security posture of its Azure resources. Which two actions can be taken to improve the Secure Score? (Choose two.)

Question 198hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A SOC analyst is investigating a potential security incident in Microsoft Sentinel. Which three are valid methods to gather additional context about a user entity? (Choose three.)

Question 199easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company wants to protect sensitive data in Microsoft Teams. Which two Microsoft Purview features can help prevent accidental sharing of confidential information? (Choose two.)

Question 200mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. The exhibit shows an Azure Policy definition. A storage account named 'storagedev' is created with network ACLs set to allow all traffic (defaultAction: Allow) and no IP rules. What will happen when this policy is assigned?

Exhibit

{
  "policyRule": {
    "condition": {
      "allOf": [
        {
          "field": "Microsoft.Storage/storageAccounts/networkAcls.defaultAction",
          "equals": "Allow"
        },
        {
          "field": "Microsoft.Storage/storageAccounts/networkAcls.ipRules",
          "exists": "false"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}
Question 201hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. The exhibit shows an alert from Microsoft Defender for Endpoint. The SOC team needs to decode the PowerShell command to understand the malicious intent. Which tool or method should they use?

Exhibit

Device: DESKTOP-02
Alert: Suspicious PowerShell command line
Process: powershell.exe
CommandLine: powershell -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AbQBhAGwAaQBjAGkAbwB1AHMALgBjAG8AbQAvAHAAYQB5AGwAbwBhAGQAJwApAA==
SHA256: 5d41402abc4b2a76b9719d911017c592
Question 202mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview Compliance Manager to track compliance with regulatory standards. You need to create a custom assessment for a new internal policy. What should you do first?

Question 203easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are the security administrator for a company using Microsoft Defender XDR. A user reports receiving a suspicious email with a link. What Microsoft Defender XDR feature should you use to investigate the email's threat level?

Question 204mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is adopting Microsoft 365 Copilot for enterprise users. Which Microsoft Purview capability should you configure to prevent sensitive data from being inadvertently shared during Copilot interactions?

Question 205hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are investigating an alert in Microsoft Defender XDR. Based on the exhibit, what is the primary detection source for this alert?

Exhibit

Refer to the exhibit.
```json
{
  "Alert": {
    "AlertId": "alert-1234",
    "Title": "Suspicious sign-in from unfamiliar location",
    "Severity": "Medium",
    "Category": "Identity",
    "DetectionSource": "Microsoft Defender for Identity",
    "Entities": [
      {
        "Type": "account",
        "Name": "jdoe",
        "UPN": "jdoe@contoso.com"
      },
      {
        "Type": "ip",
        "Address": "203.0.113.5"
      }
    ]
  }
}
```
Question 206mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview to protect sensitive data in SharePoint Online. You need to automatically apply a 'Confidential' sensitivity label to documents containing credit card numbers. What should you create?

Question 207easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate email. Which Microsoft Entra ID feature should you use?

Question 208hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are investigating an alert in Microsoft 365 Defender. The KQL query in the exhibit retrieves evidence for alert-5678. What type of entities does this query filter for?

Exhibit

Refer to the exhibit.
```kusto
AlertEvidence
| where Timestamp > ago(1h)
| where AlertId == "alert-5678"
| where EntityType == "File"
| project FileName, FilePath, SHA256
```
Question 209mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is using Microsoft Sentinel as a SIEM. You want to automatically respond to a high-severity incident by opening a ticket in ServiceNow and notifying the security team via email. What should you create?

Question 210easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud to secure Azure resources. You need to assess compliance with the CIS benchmark. What should you enable?

Question 211mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A user reports that they cannot access a sensitive document in SharePoint Online. The document has a 'Highly Confidential' sensitivity label. You verify the label is applied correctly. What is the most likely reason for the access issue?

Question 212easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft security solutions can be used to detect and respond to identity-based threats? (Choose two.)

Question 213mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE are capabilities of Microsoft Purview Data Loss Prevention (DLP)? (Choose three.)

Question 214hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO are features of Microsoft Defender for Cloud Apps? (Choose two.)

Question 215hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are reviewing a Microsoft Purview auto-labeling policy configuration. Based on the exhibit, what happens when a document contains a credit card number and is labeled 'Confidential'?

Exhibit

Refer to the exhibit.
```json
{
  "policy": {
    "name": "GDPR Policy",
    "labels": [
      {
        "name": "Confidential",
        "settings": {
          "encryption": {
            "enabled": true,
            "templateId": "dummy-encryption-template"
          }
        }
      }
    ],
    "rules": [
      {
        "condition": {
          "sensitivityLabel": "Confidential",
          "contains": "Credit Card Number"
        },
        "action": "blockAccess"
      }
    ]
  }
}
```
Question 216mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage mobile devices. You need to ensure that devices with a jailbroken or rooted OS cannot access corporate resources. What should you configure?

Question 217hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are troubleshooting a Conditional Access policy in Microsoft Entra ID. The policy in the exhibit is not blocking some sign-ins that you expected to block. What is the most likely reason?

Exhibit

Refer to the exhibit.
```json
{
  "displayName": "Block high-risk sign-ins",
  "conditions": {
    "userRiskLevels": ["high"],
    "signInRiskLevels": []
  },
  "grantControls": {
    "builtInControls": ["block"]
  }
}
```
Question 218mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to protect against malware and phishing attacks in email and collaboration tools like Microsoft Teams. Which Microsoft security solution should they use?

Question 219hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator needs to block legacy authentication protocols across all applications in Microsoft Entra ID. Which conditional access policy setting should they configure?

Question 220easymultiple choice
Read the full Ansible explanation →

An organization uses Microsoft Sentinel for security information and event management (SIEM) and security orchestration automated response (SOAR). They want to automatically respond to a specific incident by running a playbook. What should they configure?

Question 221hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are creating a Microsoft Purview sensitivity label for HR data. The JSON shows a label configuration. What is the likely effect of setting the sensitivity value to 90?

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "displayName": "Sensitive HR Data",
    "description": "Protects HR documents with high sensitivity",
    "labels": [
      {
        "name": "Highly Confidential",
        "color": "red",
        "sensitivity": 90
      }
    ],
    "parent": "c92e6f8b-f8b2-4b3c-8e6f-7a1b2c3d4e5f"
  }
}
```
Question 222easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Intune to manage devices. They want to ensure that only devices with a specific minimum operating system version can access corporate email. What should they configure?

Question 223mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization wants to detect and respond to threats across their cloud infrastructure, including Azure, AWS, and GCP. Which Microsoft security solution should they centralize their security monitoring in?

Question 224hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You run the PowerShell command to retrieve a conditional access policy's conditions. The output shows Applications: All, Users: All, and Locations: All trusted. You need to ensure that only trusted locations are used when accessing Microsoft 365. What change should you make?

Exhibit

Refer to the exhibit.

```powershell
Get-MgPolicyConditionalAccessPolicy -Filter "id eq '12345678-1234-1234-1234-123456789abc'" | Select-Object -ExpandProperty Conditions
```
Question 225easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to assess the security posture of their Azure subscriptions. They want to improve their secure score. What should they do?

Question 226mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Purview Data Loss Prevention (DLP) to prevent sensitive data from being shared externally. They need to block sharing of credit card numbers in emails and Teams messages. What should they create?

Question 227hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO capabilities are provided by Microsoft Defender for Cloud? (Choose two.)

Question 228mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE components are part of Microsoft Defender XDR? (Choose three.)

Question 229easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO features are available in Microsoft Entra ID P2 licenses? (Choose two.)

Question 230hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You run a KQL query in Microsoft Sentinel to investigate ransomware alerts. The query returns: AlertSeverity High: 5, Medium: 3, Low: 2. The security team wants to automate a response for all high-severity ransomware alerts. What should you configure?

Exhibit

Refer to the exhibit.

```kql
SecurityAlerts
| where Timestamp > ago(7d)
| where AlertName has "ransomware"
| summarize Count=count() by AlertSeverity
| order by Count desc
```
Question 231mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Purview to map their data estate. They need to classify data stored in Azure SQL Database and Amazon S3. What should they use?

Question 232easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization wants to provide a secure way for external partners to access specific SharePoint sites without creating new user accounts. What Microsoft Entra B2B feature should they use?

Question 233mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud to protect hybrid workloads. A security administrator needs to ensure that all Azure subscriptions are automatically covered by Defender for Cloud's security policies. What should the administrator configure?

Question 234hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are evaluating a custom Azure Policy definition. The policy is intended to audit whether users assigned to a management role have MFA enabled. However, the policy is not triggering alerts for non-compliant users. What is the most likely cause?

Exhibit

{
  "properties": {
    "displayName": "Require MFA for Azure Management",
    "policyType": "Custom",
    "mode": "All",
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Authorization/roleAssignments"
          },
          {
            "field": "Microsoft.Authorization/roleAssignments/roleDefinitionId",
            "equals": "[parameters('managementRoles')]"
          }
        ]
      },
      "then": {
        "effect": "auditIfNotExists",
        "details": {
          "type": "Microsoft.Authorization/roleAssignments",
          "existenceCondition": {
            "field": "Microsoft.Authorization/roleAssignments/principalId",
            "in": "[parameters('mfaEnabledPrincipals')]"
          }
        }
      }
    },
    "parameters": {
      "managementRoles": {
        "type": "Array",
        "defaultValue": ["8e3af657-a8ff-443c-a75c-2fe8c4bcb635"]
      },
      "mfaEnabledPrincipals": {
        "type": "Array"
      }
    }
  }
}
Question 235easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company is deploying Microsoft Defender for Office 365. The security team wants to automatically remove malicious attachments from emails before they reach user inboxes. Which protection feature should be configured?

Question 236mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Sentinel for SIEM. The security operations center (SOC) wants to automatically create an incident when a user account is compromised and suspicious activity is detected. Which Microsoft Sentinel feature should be used?

Question 237hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A security analyst in your SOC runs the provided KQL query in Microsoft Sentinel to identify users with repeated MFA or suspicious sign-in alerts. The query returns no results even though alerts exist. What is the most likely issue?

Exhibit

KQL query:
SecurityAlert
| where TimeGenerated > ago(7d)
| where AlertName has "MFA" or AlertName has "Suspicious sign-in"
| extend UserPrincipalName = tostring(Entities[0].AccountUpn)
| summarize Count = count() by UserPrincipalName, AlertName
| where Count > 3
Question 238easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company wants to use Microsoft Purview to classify and protect sensitive data in Microsoft 365. The compliance team needs to automatically detect credit card numbers in emails and apply a label that encrypts the email. What should they configure?

Question 239mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Intune to manage devices. The security team wants to ensure that only devices with a minimum OS version and antivirus enabled can access corporate email. What should they configure?

Question 240hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud Apps to discover shadow IT. The security team wants to automatically block the use of a newly discovered high-risk cloud app across all users. What is the most efficient approach?

Question 241easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to use Microsoft Entra ID (Azure AD) to enforce multi-factor authentication (MFA) for all users accessing sensitive applications. Which security feature should they implement?

Question 242mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender XDR? (Choose two.)

Question 243hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE capabilities are provided by Microsoft Purview? (Choose three.)

Question 244easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are features of Microsoft Sentinel? (Choose two.)

Question 245mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview to label and protect sensitive data. The compliance team wants to automatically apply a 'Confidential' label to documents containing personally identifiable information (PII) stored in SharePoint Online. What should they create?

Question 246hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization is deploying Microsoft Intune for mobile device management. They need to ensure that all iOS devices must have a passcode of at least 6 characters and the device must be encrypted. What should they configure?

Question 247easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud to assess the security posture of Azure resources. The security team wants to identify resources that are missing system updates. Which feature should they use?

Question 248easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Entra ID and wants to automatically block sign-ins from users located in countries that are not approved for business operations. Which Microsoft Entra ID feature should you configure?

Question 249mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator needs to enforce that all Microsoft 365 documents containing credit card numbers are automatically encrypted before being shared externally. Which Microsoft Purview solution should they use?

Question 250hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is planning to deploy Microsoft Defender for Cloud Apps to discover shadow IT. You need to ensure that logs from your network proxy servers are ingested. Which method should you use to connect the logs?

Question 251easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to allow users to reset their own passwords from the login screen without contacting IT. Which Microsoft Entra ID feature enables this?

Question 252mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel. You need to create an analytics rule that triggers an incident when more than 10 failed sign-ins occur from a single IP address within 5 minutes. Which rule type should you use?

Question 253hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. The KQL query is used in a Microsoft Sentinel analytics rule. What is the primary purpose of this rule?

Exhibit

Refer to the exhibit.

{
  "AlertRule": {
    "DisplayName": "Sensitive file shared externally",
    "Query": "AlertInfo | where AlertName == \"Sensitive file shared externally\" | extend Entities = parse_json(Entities) | mv-expand Entities | where Entities.Type == \"file\" and Entities.SensitivityLabel == \"Highly Confidential\" | project Entities.FileName, Entities.Owner"
  }
Question 254easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to prevent users from installing unapproved apps on company-managed Windows devices. Which Microsoft Intune feature should you use?

Question 255mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Office 365. A user reports receiving a phishing email that bypassed the default filters. You need to create a custom mail flow rule to block similar emails based on specific keywords in the subject line. Which tool should you use?

Question 256hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing a Microsoft Purview Information Protection policy in JSON format. The policy defines two sensitivity labels. What is the key difference between the 'Confidential' label and the 'Highly Confidential' label?

Exhibit

Refer to the exhibit.

{
  "properties": {
    "policyType": "Microsoft.Purview/InformationProtection/Policy",
    "labels": [
      {
        "id": "d9f8b0a1-...",
        "displayName": "Confidential",
        "protection": {
          "encryption": true,
          "rights": ["VIEW", "EDIT"]
        }
      },
      {
        "id": "b2c3d4e5-...",
        "displayName": "Highly Confidential",
        "protection": {
          "encryption": true,
          "rights": ["VIEW"]
        }
      }
    ]
  }
}
Question 257easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Purview solutions can help detect and prevent data exfiltration?

Question 258mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE capabilities are provided by Microsoft Defender for Cloud? (Choose three.)

Question 259hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO actions can be performed using Microsoft Entra Identity Governance? (Choose two.)

Question 260mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You run the Azure PowerShell command for a storage account. What is the current network access configuration?

Exhibit

Refer to the exhibit.

Get-AzStorageAccount -ResourceGroupName RG1 -Name storage1 | fl

...
NetworkRuleSet : Microsoft.Azure.Commands.Management.Storage.Models.PSNetworkRuleSet
DefaultAction : Deny
IpRules : {}
VirtualNetworkRules : {}
...
Question 261easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization needs to monitor and respond to security threats across on-premises, cloud, and hybrid environments. Which Microsoft solution provides a unified SIEM and SOAR capability?

Question 262hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing an ARM template for an Azure resource. Assuming the resource is a Key Vault, what is the effect of the networkAcls configuration?

Exhibit

Refer to the exhibit.

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "publicNetworkAccess": "Disabled",
    "minimumTlsVersion": "1.2",
    "networkAcls": {
      "defaultAction": "Deny",
      "ipRules": [
        {
          "value": "10.0.0.0/24",
          "action": "Allow"
        }
      ]
    }
  }
}
Question 263mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is deploying Microsoft Defender for Cloud Apps to protect against cloud app threats. You need to ensure that users are prompted for authentication when accessing a sanctioned cloud app from an unmanaged device. Which policy type should you configure?

Question 264easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Intune to manage devices. You need to ensure that only devices that are compliant with your security policies can access corporate email via Microsoft Outlook. What should you implement?

Question 265hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are investigating an alert in Microsoft Sentinel. The exhibit shows the JSON output of an alert that was generated from a sign-in log. The alert is linked to an active incident. Which action should you take to prioritize the incident for investigation?

Exhibit

Refer to the exhibit.

```json
{
  "alert": {
    "id": "alert-123",
    "title": "Suspicious sign-in from unknown location",
    "severity": "medium",
    "category": "Anomalous user behavior",
    "entities": [
      {
        "type": "user",
        "name": "jdoe@contoso.com"
      },
      {
        "type": "ip",
        "address": "203.0.113.50"
      }
    ]
  },
  "incident": {
    "id": "inc-456",
    "status": "active",
    "severity": "high",
    "assignedTo": "analyst1"
  }
}
```
Question 266mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. You need to prevent users from sharing credit card numbers in emails to external recipients. Which DLP rule action should you configure?

Question 267hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company has Microsoft Defender for Office 365 and wants to configure anti-phishing policies to protect against spear-phishing attacks targeting executives. Which policy setting should you enable to provide the highest level of protection?

Question 268easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Entra ID for identity management. You need to require multi-factor authentication (MFA) for all users when accessing the Azure portal. Which feature should you use?

Question 269mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Sentinel to centralize security event monitoring. You need to create a custom analytics rule that triggers an alert when a user account is created outside of business hours. Which rule type should you use?

Question 270hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are troubleshooting a Windows device that is reporting as non-compliant in Microsoft Intune. The exhibit shows the output of a PowerShell command run on the device. Based on the output, which component is likely misconfigured?

Exhibit

Refer to the exhibit.

```powershell
Get-MpComputerStatus | Select-Object AMProductVersion, AMServiceEnabled, AntispywareEnabled, AntivirusEnabled
AMProductVersion    : 4.18.2401.10
AMServiceEnabled    : True
AntispywareEnabled  : True
AntivirusEnabled    : True
```
Question 271mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud to secure Azure resources. You need to ensure that all storage accounts have soft delete enabled to protect against accidental deletion. Which policy should you implement?

Question 272mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO capabilities are provided by Microsoft Defender for Cloud Apps?

Question 273hardmulti select
Read the full Ansible explanation →

Which THREE actions can Microsoft Sentinel perform as part of automated incident response using playbooks?

Question 274easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO features are part of Microsoft Defender XDR?

Question 275hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization, Contoso Ltd., has a hybrid environment with on-premises Active Directory and Microsoft Entra ID. You are deploying Microsoft Defender for Identity (MDI) to protect against identity-based attacks. You have installed the MDI sensor on domain controllers and configured the service with the necessary permissions. After installation, you notice that MDI is not generating alerts for pass-the-hash attacks. You have verified that the sensors are healthy and that audit policies are correctly configured. You need to ensure that MDI can detect pass-the-hash attacks. What should you do?

Question 276mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company, Fabrikam, uses Microsoft 365 and has Microsoft Purview Information Protection deployed. You need to protect sensitive documents labeled as 'Confidential' so that they cannot be printed or copied when opened in Microsoft Word. You have created a sensitivity label with the appropriate encryption settings. However, users report that they can still print and copy content from these documents. You verify that the label is published and assigned to the correct users. What should you configure to enforce the protection?

Question 277easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization, Northwind Traders, uses Microsoft Intune to manage Windows 10 devices. You have created a compliance policy that requires devices to have BitLocker enabled. After assigning the policy, you notice that some devices are reporting as non-compliant due to BitLocker not being enabled. You have verified that the devices support BitLocker and that the policy is correctly assigned. You need to ensure that BitLocker is enabled on these devices automatically. What should you do?

Question 278easymultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Defender for Cloud to protect Azure virtual machines. You need to ensure that critical vulnerabilities identified on the VMs are automatically remediated using a just-in-time patching mechanism. What should you configure?

Question 279mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Sentinel for security information and event management (SIEM). The security team needs to detect and automatically respond to a potential privilege escalation attack where an attacker attempts to add a new user to the Global Administrator role in Microsoft Entra ID. What should the security team configure?

Question 280hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is implementing Microsoft Purview Data Loss Prevention (DLP). You need to prevent users from sharing sensitive credit card numbers via email. The DLP policy must trigger automatically when a user attempts to send an email containing a credit card number. Which DLP configuration should you use?

Question 281easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Intune to manage its devices. The security team wants to enforce that all devices running Windows 11 must have BitLocker enabled and a minimum operating system build version. Which Intune policy type should they use?

Question 282mediummultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Defender XDR. You need to investigate a potential lateral movement attack where a compromised user account is used to access multiple workstations. Which feature should you use to visualize the attack path?

Question 283hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Purview to classify and label data. The compliance team needs to automatically apply a 'Highly Confidential' sensitivity label to any document containing a passport number that is stored in SharePoint Online. The label should also encrypt the document. What should the compliance team configure?

Question 284easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to enable passwordless authentication for users. Which Microsoft Entra ID feature should you use?

Question 285mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst in your organization receives an alert from Microsoft Defender XDR indicating that a user's device may be infected with ransomware. The analyst needs to immediately isolate the device from the network to prevent further spread. What should the analyst do?

Question 286hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft 365 Copilot to assist employees with drafting emails and documents. The security team needs to ensure that when Copilot accesses sensitive data, it respects the organization's sensitivity labels and does not expose highly confidential information to unauthorized users. What should the security team configure?

Question 287mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is planning to use Microsoft Sentinel as a SIEM solution. Which TWO of the following are required components for Sentinel? (Select TWO.)

Question 288hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Purview Data Lifecycle Management. To comply with regulatory requirements, the company must retain financial records for 7 years and then delete them. Which THREE actions should the company configure? (Select THREE.)

Question 289easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to implement a Zero Trust security model. Which TWO principles are part of the Zero Trust model? (Select TWO.)

Question 290mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization, Contoso Ltd., uses Microsoft 365 and Microsoft Defender XDR. You are a security administrator. Recently, a user named John Doe reported that his account is sending phishing emails internally. You suspect his account is compromised. You need to contain the threat immediately while preserving forensic data. The company has the following security solutions: Microsoft Entra ID P2, Microsoft Defender for Office 365, Microsoft Defender for Endpoint, Microsoft Sentinel, and Microsoft Purview. You need to prevent the compromised account from causing further damage. Which action should you take first?

Question 291hardmultiple choice
Read the full NAT/PAT explanation →

You are a compliance officer at a healthcare organization that uses Microsoft 365. The organization must comply with HIPAA regulations. You have Microsoft Purview, Microsoft Defender for Cloud Apps, and Microsoft Intune. You need to ensure that all devices accessing patient health information (PHI) are compliant with the organization's security policies, which require device encryption, a minimum OS version, and the use of a compliant mobile device management (MDM) provider. Currently, some devices are not managed by Intune. You need to enforce that only compliant devices can access PHI stored in SharePoint Online. What should you do?

Question 292easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company is adopting Microsoft Copilot for Microsoft 365 to improve productivity. The security team is concerned about data leakage, as Copilot can access emails, documents, and other content. You need to ensure that sensitive data, such as credit card numbers and social security numbers, is not inadvertently exposed by Copilot. The organization uses Microsoft Purview sensitivity labels and DLP. You need to configure a solution that automatically detects and prevents Copilot from accessing or generating content containing these sensitive data types. What should you do?

Question 293mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud Apps to monitor cloud app usage. You discover that a user is accessing a sanctioned app from an unmanaged device. You need to ensure that when users access this app from unmanaged devices, they are prompted for additional authentication and their session is monitored. What should you configure?

Question 294hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive information. You need to create a policy that prevents users from sharing credit card numbers via email, but allows them to share internally with other employees. The policy should also notify the user when an attempt is made to share externally. What should you configure?

Question 295easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender for Cloud?

Question 296mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are features of Microsoft Purview Communication Compliance?

Question 297hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender for Office 365?

Question 298mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are reviewing a Microsoft Purview DLP policy configuration as shown in the exhibit. What is the expected behavior when a user sends an email containing a credit card number to an external recipient?

Exhibit

Refer to the exhibit.
```json
{
  "policyType": "DLP",
  "rules": [
    {
      "name": "Credit Card Rule",
      "conditions": {
        "sensitiveInformationTypes": [
          {"id": "creditCardNumber"}
        ],
        "location": "Exchange"
      },
      "actions": [
        {
          "type": "BlockAccess",
          "restrictions": ["External"]
        }
      ],
      "notifications": {
        "notifyUser": true,
        "policyTip": "Sharing credit card data externally is blocked."
      }
    }
  ]
}```
Question 299mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are a security administrator for a company that uses Microsoft 365. The company has a Microsoft Purview Data Loss Prevention (DLP) policy that blocks sharing of Social Security Numbers (SSNs) externally. Recently, a user accidentally sent an email containing SSNs to an external partner after overriding the policy by selecting a business justification. Management wants to prevent users from overriding the policy for SSNs. You need to update the DLP policy to ensure that users cannot override the block for SSNs. What should you do?

Question 300hardmultiple choice
Read the full NAT/PAT explanation →

Your organization has implemented Microsoft Defender for Cloud to protect Azure resources. You are responsible for security posture management. You need to ensure that all Azure VMs have the latest security updates installed. You have enabled automatic VM patching via Azure Update Manager. However, some VMs are not receiving updates because they are not registered with the Update Manager. You need to identify which VMs are missing updates and ensure they are patched. What should you do?

Question 301easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate Microsoft 365 resources. You have configured a Conditional Access policy in Microsoft Entra ID that requires devices to be marked as compliant. However, some users report that they can still access email on their non-compliant Android devices. You need to troubleshoot and resolve the issue. What should you do?

Question 302hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel as its SIEM. You need to create an analytics rule that detects when a user account is created in Azure AD and then, within 10 minutes, that same account is used to grant admin consent to an application. You have a KQL query that joins AuditLogs and SigninLogs. However, the rule is generating too many false positives. You need to refine the query to reduce false positives. What should you do?

Question 303mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud Apps to discover shadow IT. You have discovered a new cloud app that employees are using to store corporate data. The app is not sanctioned. You need to sanction the app but also ensure that users cannot upload sensitive data to it. You have configured a session policy to monitor the app. What additional step should you take?

Question 304hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview Information Protection to classify and protect documents. You have created a sensitivity label that applies encryption to documents marked as 'Confidential'. Users are able to apply the label manually. However, you need to ensure that all documents containing personally identifiable information (PII) are automatically labeled as 'Confidential' when they are saved to SharePoint Online. What should you configure?

Question 305mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Identity to monitor on-premises Active Directory. You receive an alert about a potential lateral movement attack involving a service account. The alert indicates that the account was used to log in to multiple servers from a non-domain-joined machine. You need to investigate the alert and determine if the account is compromised. What should you do first?

Question 306easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview eDiscovery to manage legal holds. A legal hold has been placed on a user’s mailbox, but the user has left the company and their mailbox has been converted to a shared mailbox. You need to ensure that the legal hold remains effective. What should you do?

Question 307hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud to protect Azure subscriptions. You need to enforce that all storage accounts must have encryption at rest enabled. You have enabled Azure Policy to audit this configuration. However, you notice that some storage accounts are non-compliant. You need to automatically remediate non-compliant storage accounts. What should you do?

Question 308easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview to manage data sensitivity and compliance. Which TWO capabilities are provided by Microsoft Purview Information Protection?

Question 309mediummultiple choice
Read the full NAT/PAT explanation →

You are a security administrator for Contoso Ltd. The company uses Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Entra ID. Recently, several users reported receiving phishing emails that bypassed the existing anti-phishing policies. The security team suspects that attackers are using sophisticated techniques to evade detection. You need to enhance the email security posture by implementing a solution that uses AI and machine learning to detect advanced phishing attempts, including those using social engineering and impersonation. Which Microsoft solution should you use?

Question 310hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization, Fabrikam Inc., uses Microsoft 365 E5 licenses. The security team is deploying Microsoft Purview to protect sensitive data. They need to ensure that when a user attempts to share a document containing credit card numbers with an external partner, the action is blocked and the user receives a policy tip. Additionally, the incident should be logged for investigation. You have already created a sensitivity label for credit card data and auto-labeled documents. Which Microsoft Purview feature should you configure to meet these requirements?

Question 311mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel for security operations. You need to ensure that when a high-severity incident is created, a Microsoft Teams message is sent to the SOC team automatically. What should you configure?

Question 312easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud Apps. You want to discover which cloud apps are being used in your organization and assess their risk levels. What should you use?

Question 313hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing an automation rule in Microsoft Sentinel. The JSON snippet shows a rule designed to create an incident when a high-severity alert is generated. However, the rule is not triggering. What is the most likely reason?

Exhibit

Refer to the exhibit.
```json
{
  "properties": {
    "displayName": "High Severity Alert Playbook",
    "trigger": {
      "type": "Microsoft.SecurityInsights/AlertRule",
      "conditions": [
        {
          "conditionType": "PropertyCondition",
          "property": "Severity",
          "operator": "Equals",
          "value": "High"
        }
      ]
    },
    "actions": [
      {
        "type": "Microsoft.SecurityInsights/AlertRule/Incident",
        "order": 1,
        "logicAppResourceId": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Logic/workflows/IncidentCreationWorkflow",
        "triggerUri": "https://..."
      }
    ]
  }
}```
Question 314mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO are capabilities of Microsoft Defender for Office 365?

Question 315hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE are features of Microsoft Purview Data Loss Prevention (DLP)?

Question 316easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO are capabilities of Microsoft Entra ID Protection?

Question 317mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE are features of Microsoft Defender for Cloud?

Question 318easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company wants to use Microsoft Defender for Identity to detect security threats from on-premises Active Directory. What is a prerequisite for deploying Defender for Identity?

Question 319hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are a compliance administrator running PowerShell to update a sensitivity label in Microsoft Purview. The command fails with an error that the label is not found. What is the most likely cause?

Exhibit

Refer to the exhibit.
```powershell
$config = Get-MgInformationProtectionPolicy
$config.Labels | Where-Object {$_.DisplayName -eq "Confidential"} | Set-MgInformationProtectionPolicyLabel -Settings @{ "Color" = "Red" }
```
Question 320mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate email. What should you configure?

Question 321hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are analyzing a Microsoft Sentinel workspace using KQL. The query returns no results, but you know that malware alerts have been generated today. What is the most likely reason?

Exhibit

Refer to the exhibit.
```kusto
SecurityAlert
| where AlertName == "Malware detected"
| where TimeGenerated > ago(1d)
| summarize Count = count() by AlertSeverity
| order by Count desc
```
Question 322easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization needs to prevent sensitive data in SharePoint Online from being shared externally. Which Microsoft Purview solution should you use?

Question 323mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Endpoint. You need to investigate a potential malware outbreak on a specific device. Which feature should you use to get real-time visibility into running processes and network connections?

Question 324hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are deploying a custom assessment automation in Microsoft Defender for Cloud using Bicep. The deployment fails with an error that the resource type is not valid. What is the most likely reason?

Exhibit

Refer to the exhibit.
```bicep
resource defenderCloudApp 'Microsoft.Security/customAssessmentAutomations@2021-07-01-preview' = {
  name: 'myAssessment'
  properties: {
    description: 'Assessment for Defender for Cloud Apps'
    severity: 'High'
    supportedCloud: 'AWS'
  }
}
```
Question 325mediummultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Copilot for Security. You want to use natural language to generate a KQL query for threat hunting. What should you do?

Question 326mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company is deploying Microsoft Defender for Cloud Apps. You need to detect and block the use of unsanctioned cloud apps that exhibit risky behavior. Which feature should you configure?

Question 327hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud to secure multicloud workloads. You need to ensure that regulatory compliance frameworks (e.g., SOC 2, ISO 27001) are continuously assessed and any drift is reported. What should you implement?

Question 328easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization's security team wants to automatically investigate and respond to sophisticated email threats like business email compromise (BEC) without manual intervention. Which Microsoft 365 security solution should you use?

Question 329mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. Your company uses Microsoft Defender for Cloud. You find the policy snippet in your policy assignments. What is the primary goal of this policy?

Exhibit

{
  "exhibit": "Refer to the exhibit. The following is a snippet of a Microsoft Defender for Cloud security policy: { \"policyRule\": { \"if\": { \"field\": \"type\", \"equals\": \"Microsoft.Compute/virtualMachines\" }, \"then\": { \"effect\": \"AuditIfNotExists\", \"details\": { \"type\": \"Microsoft.Compute/virtualMachines/extensions\", \"existenceCondition\": { \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\", \"equals\": \"MicrosoftMonitoringAgent\" } } } } }"
}
Question 330hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A security analyst runs this KQL query in Microsoft Sentinel. What is the most likely purpose of this query?

Exhibit

{
  "exhibit": "Refer to the exhibit. The following is a KQL query run in Microsoft Sentinel: \nSecurityEvent | where TimeGenerated > ago(7d) | where EventID == 4625 | summarize FailedLogins = count() by Account, Computer | where FailedLogins > 10 | project Account, Computer, FailedLogins | sort by FailedLogins desc"
}
Question 331easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview to govern data across on-premises and cloud sources. You need to classify sensitive data such as credit card numbers and social security numbers automatically. What should you create?

Question 332mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate email via the Outlook mobile app. Which policy type should you configure?

Question 333hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company is implementing Microsoft Purview Data Loss Prevention (DLP). You need to prevent users from sharing sensitive data like credit card numbers via email with external recipients, but allow internal sharing. What should you configure?

Question 334easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender XDR. You need to integrate threat intelligence from external sources to enrich alerts and automate response actions. Which feature should you use?

Question 335mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is deploying Microsoft Purview. You need to automatically apply a sensitivity label to documents that contain passport numbers. Which TWO components must you configure?

Question 336hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Sentinel as a SIEM. You need to collect logs from a third-party firewall. Which THREE methods can you use?

Question 337mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Endpoint. You need to configure attack surface reduction (ASR) rules. Which TWO of the following are ASR rules?

Question 338hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview to meet data privacy regulations. You need to discover and classify personal data stored in Azure SQL Database. Which THREE tools or features can you use?

Question 339hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel. You need to create a custom analytics rule that triggers an incident when a specific user account logs in from an unusual geographic location. Which KQL function should you use to evaluate location?

Question 340mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Cloud to secure Azure resources. You need to enable network security recommendations for all virtual networks. Which security policy should you enable?

Question 341easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to block users from accessing phishing websites via Microsoft Edge. Which Microsoft security solution should they use?

Question 342mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator receives an alert about a suspicious sign-in from an unfamiliar location. The user verified the sign-in as legitimate. Which Microsoft Entra ID feature should be used to reduce false positives for this user?

Question 343hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A compliance administrator is configuring role-based access control (RBAC) in Microsoft Purview compliance portal. Which role group would provide the permissions shown?

Exhibit

Refer to the exhibit.

```json
{
  "permissions": [
    {
      "permission": "Sensitive Info Types"
    },
    {
      "permission": "Data Classifiers"
    },
    {
      "permission": "Content Explorer"
    }
  ]
}
```
Question 344mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to automatically classify documents containing credit card numbers and apply encryption at rest in SharePoint Online. Which Microsoft Purview feature should be used?

Question 345hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

During a security incident, a SOC analyst needs to investigate a compromised user account that accessed multiple cloud apps. Which Microsoft Defender XDR feature provides a unified view of the attack timeline across endpoints, identities, and cloud apps?

Question 346easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization wants to allow users to sign in using their mobile phone number and a verification code. Which Microsoft Entra ID feature enables this?

Question 347mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Sentinel to centralize security logs. They want to correlate AWS CloudTrail logs with Azure AD sign-in logs. Which Microsoft Sentinel feature should they use?

Question 348hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A security analyst runs the KQL query in Microsoft Defender for Endpoint. The query returns no results. What is the most likely cause?

Exhibit

Refer to the exhibit.

```kusto
DeviceInfo
| where DeviceName == "LAPTOP-01"
| project DeviceName, OSPlatform, RiskScore
```
Question 349easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to restrict access to a sensitive SharePoint site based on the user's location and device compliance. Which Microsoft Entra ID feature should they configure?

Question 350mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Purview solutions can be used to discover and classify sensitive data in Microsoft 365? (Select two.)

Question 351hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE Microsoft Defender XDR components are included in the unified security operations platform? (Select three.)

Question 352easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO features are part of Microsoft Entra ID? (Select two.)

Question 353mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE Microsoft Purview features can be used to protect data in Microsoft 365? (Select three.)

Question 354hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Entra ID capabilities help detect and remediate identity risks? (Select two.)

Question 355hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A security analyst is reviewing a Microsoft Defender XDR alert. Which two tactics identified are most relevant? (This is a multiple-choice question asking which two tactics are shown, but the format is single answer. We need to adjust: The question asks: 'Which two tactics are identified?' The correct answer is the option listing both 'InitialAccess and LateralMovement'.)

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "policyType": "Detection",
    "displayName": "Suspicious sign-in after MFA bypass",
    "severity": "High",
    "tactics": ["InitialAccess", "LateralMovement"],
    "alertDetails": {
      "description": "A user bypassed MFA and signed in from an unusual location."
    }
  }
}
```
Question 356mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft 365 E5 licenses and wants to prevent sensitive data from being shared externally via email. You need to configure a solution that automatically scans outgoing emails for credit card numbers and blocks them if detected. What should you use?

Question 357hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A manufacturing company experiences repeated ransomware attacks targeting their on-premises file servers. They have Microsoft 365 E5 and want to implement a solution to detect and automatically respond to such threats across hybrid environments. What should they deploy?

Question 358easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to centrally manage security policies for all devices (Windows, iOS, Android) and ensure they meet compliance requirements before accessing corporate resources. Which Microsoft solution should you use?

Question 359mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A global company uses Microsoft Teams and SharePoint Online. They need to automatically detect and prevent sharing of intellectual property files containing 'Project X' with external users. What should they configure?

Question 360hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel for SIEM. You receive an alert that a user account was compromised. You need to automatically disable the user's access across all cloud apps (SaaS) and reset their password. What should you use?

Question 361easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft 365 E5 and wants to provide a unified security dashboard showing alerts from endpoints, email, identity, and cloud apps. Which solution should you use?

Question 362hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization wants to implement a zero-trust security model. They plan to require multi-factor authentication (MFA) for all users accessing sensitive applications, but only when the sign-in risk is medium or higher. Which Microsoft Entra ID capability should they use?

Question 363mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview to classify data. You need to automatically apply a 'Confidential' sensitivity label to any document that contains a Social Security number. What should you create?

Question 364easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Endpoint. A report shows that several devices are missing critical security updates. What feature should you use to deploy the missing updates?

Question 365mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Purview solutions can be used to protect sensitive data in Microsoft Teams chats and channels? (Choose two.)

Question 366hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE capabilities are provided by Microsoft Defender XDR (formerly Microsoft 365 Defender)? (Choose three.)

Question 367mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO features are included in Microsoft Entra ID Identity Protection? (Choose two.)

Question 368hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A Microsoft Purview DLP policy is configured in Test mode. An administrator notices that a user is still able to share a document containing a credit card number. What is the most likely reason?

Exhibit

Refer to the exhibit.
{
  "id": "dlp-policy-123",
  "name": "Credit Card Protection",
  "mode": "Test",
  "rules": [
    {
      "name": "Block Credit Card",
      "condition": {
        "sensitiveInfoTypes": [
          {
            "name": "Credit Card Number",
            "confidenceLevel": "high"
          }
        ]
      },
      "action": "BlockAccess"
    }
  ]
}
Question 369mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. An administrator runs the PowerShell command against Microsoft Defender for Endpoint. The output shows an alert with Severity 'High' and Status 'New'. What should the administrator do next to investigate the alert?

Exhibit

Refer to the exhibit.
$MDEAlert = Get-MDEAlert -Id '123456'
$MDEAlert | Select-Object -Property Id, Title, Severity, Status, LastUpdateTime
Question 370easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. An administrator creates a Conditional Access policy in Microsoft Entra ID. What will this policy do?

Exhibit

Refer to the exhibit.
{
  "properties": {
    "displayName": "MFA for Admins",
    "conditions": {
      "applications": { "includeApplications": ["All"] },
      "users": { "includeRoles": ["Global Administrator"] },
      "clientAppTypes": ["All"]
    },
    "grantControls": {
      "builtInControls": ["mfa"],
      "operator": "OR"
    }
  }
}
Question 371easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to protect against ransomware by detecting and blocking malicious files in email attachments. Which Microsoft security solution should be used?

Question 372mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator needs to identify users who are repeatedly failing to authenticate from unusual locations. Which Microsoft 365 security feature provides this visibility?

Question 373hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Intune to manage devices. They need to ensure that only devices with a compliant antivirus solution can access corporate email. Which policy type should be configured?

Question 374mediummultiple choice
Read the full Ansible explanation →

A company uses Microsoft Sentinel as its SIEM. The security team wants to automatically trigger a playbook when a high-severity incident is created. Which automation option should be used?

Question 375hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation needs to restrict data sharing in Microsoft Teams to comply with regional regulations. Users must not be able to share files with external domains from specific departments. What should the administrator configure?

Question 376easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst needs to investigate a potential data exfiltration incident involving sensitive files being sent via email. Which Microsoft Purview solution provides the necessary monitoring?

Question 377mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Defender for Cloud to secure its Azure workloads. They want to receive recommendations for improving the security posture of their virtual machines. What should they enable?

Question 378hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company has deployed Microsoft Defender for Identity and wants to detect pass-the-hash attacks in real time. Which alert type should they monitor?

Question 379easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

What is the primary purpose of Microsoft Defender for Cloud Apps?

Question 380mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Purview Information Protection? (Choose two.)

Question 381hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are included in Microsoft Defender XDR (Extended Detection and Response)? (Choose three.)

Question 382easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are features of Microsoft Sentinel? (Choose two.)

Question 383mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. The JSON shows a Microsoft Purview DLP policy. A user sends an email with a credit card number to an external recipient. What will happen?

Exhibit

{
  "Name": "DLP Policy - Credit Card Data",
  "Location": {
    "Exchange": true,
    "SharePoint": true,
    "OneDrive": true,
    "TeamsChatAndChannel": false
  },
  "Rules": [
    {
      "Name": "Rule1",
      "Condition": {
        "SensitiveInfoType": "Credit Card Number",
        "MinCount": 1
      },
      "Action": "BlockAccess",
      "Notification": {
        "UserNotify": true,
        "UserNotifyText": "This content is blocked due to DLP policy."
      }
    }
  ]
}
Question 384hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. The KQL query is run in Microsoft Defender for Endpoint. What is the purpose of this query?

Exhibit

KQL Query:
DeviceFileEvents
| where Timestamp > ago(7d)
| where FileName contains "confidential"
| where FileSize > 1000
| summarize Count = count() by DeviceName, ActionType
| where Count > 5
Question 385mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. A company has configured the above Conditional Access policy in Microsoft Entra ID. A user attempts to access Exchange Online from an untrusted location. What happens?

Exhibit

Conditional Access policy:
- Users: All users
- Cloud apps: Office 365 Exchange Online
- Conditions: Locations: All trusted locations
- Grant: Require multi-factor authentication
- Session: Use app enforced restrictions
Question 386mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud Apps. A security analyst notices anomalous file downloads from a SharePoint site by a user flagged as high risk. What should the analyst configure to automatically block such activity?

Question 387hardmultiple choice
Read the full NAT/PAT explanation →

A company is implementing Microsoft Purview Information Protection. They want to automatically apply a 'Highly Confidential' sensitivity label to emails containing a specific credit card pattern. Which solution should they use?

Question 388easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only devices with a passcode can access corporate email. What should you configure?

Question 389mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Sentinel for security operations. They want to automatically create an incident and assign it to a senior analyst when a high-severity alert is generated. Which feature should they use?

Question 390hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Entra ID. You need to allow external users from a specific partner tenant to access a single internal application, but only after they provide a phone number for verification. What should you configure?

Question 391easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to classify and label documents in SharePoint automatically based on sensitive content like social security numbers. Which Microsoft Purview solution should they use?

Question 392mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Office 365. A user reports receiving a suspicious email that appears to be from their CEO asking for a wire transfer. The email passed through the spam filter. What additional protection should be enabled to detect such attacks?

Question 393hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They want to prevent users from copying credit card numbers from an internal web application to a personal cloud storage app. Which DLP policy setting should they configure?

Question 394easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to use Microsoft Entra ID to require multi-factor authentication (MFA) for all users when accessing a financial application. What should you configure?

Question 395mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO capabilities are provided by Microsoft Defender for Cloud Apps? (Choose two.)

Question 396hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE Microsoft Purview solutions help protect sensitive data in Microsoft 365? (Choose three.)

Question 397easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft security solutions can be used to detect and respond to threats across email, endpoints, and identities? (Choose two.)

Question 398hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are a security administrator for a company using Azure Virtual Network Manager. You have deployed the security admin configuration shown. What is the impact of this rule?

Exhibit

Refer to the exhibit.
```json
{
  "id": "my-policy",
  "name": "Block external sharing",
  "type": "microsoft.network/networkmanager/securityadminrules",
  "properties": {
    "description": "Block all external sharing",
    "priority": 100,
    "direction": "Inbound",
    "access": "Deny",
    "sourceAddressRanges": ["Internet"],
    "sourcePortRanges": ["*"],
    "destinationAddressRanges": ["10.0.0.0/24"],
    "destinationPortRanges": ["445"],
    "protocols": ["TCP"]
  }
}
```
Question 399mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are a security analyst using Microsoft Sentinel. You run this KQL query. What does the query return?

Exhibit

Refer to the exhibit.
```kql
let HighSeverityAlerts = Alert
| where AlertSeverity == "High"
| where TimeGenerated > ago(1h);
let CorrelatedIncidents = HighSeverityAlerts
| join kind=inner (Incident) on $left.AlertId == $right.AlertId
| project IncidentId, AlertId, AlertSeverity, IncidentStatus;
CorrelatedIncidents
| where IncidentStatus != "Closed"
```
Question 400easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are configuring a Microsoft Entra ID group. What does the exhibit represent?

Exhibit

Refer to the exhibit.
```json
{
  "properties": {
    "displayName": "Marketing Group",
    "description": "Users in marketing department",
    "membershipRule": "(user.department -eq \"Marketing\")",
    "membershipRuleProcessingState": "On",
    "groupTypes": ["DynamicMembership"]
  }
}
```
Question 401easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud Apps. You need to detect anomalous user behavior such as impossible travel. Which type of policy should you configure?

Question 402mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization is implementing Microsoft Purview Data Loss Prevention (DLP) to protect credit card numbers. You need to ensure that when a user attempts to share a document containing a credit card number via email, the email is blocked and the user receives a policy tip. Which action should you configure in the DLP policy?

Question 403hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing a policy in Microsoft Defender for Cloud that monitors for unencrypted data uploads to an S3 bucket. The policy condition is shown. Which statement about this policy is correct?

Exhibit

{
  "Condition": {
    "StringLike": {
      "s3:x-amz-server-side-encryption": [
        "AES256"
      ]
    }
  },
  "Action": [
    "s3:PutObject"
  ],
  "Resource": [
    "arn:aws:s3:::documents/*"
  ]
}
Question 404easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Entra ID. You need to enforce multi-factor authentication (MFA) for all users accessing the company's financial application. Which security feature should you use?

Question 405mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel. You need to create an automation rule that automatically closes a low-severity incident after 24 hours of inactivity. Which action should you include in the rule?

Question 406hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You run an Advanced Hunting query in Microsoft Defender XDR. What is the primary purpose of this query?

Exhibit

Microsoft Defender XDR - Advanced Hunting query:
let TimeFrame = 7d;
IdentityLogonEvents
| where Timestamp > ago(TimeFrame)
| where Application == "Office365"
| where LogonType == "Interactive"
| summarize LogonCount = count() by AccountUpn, IPAddress
| where LogonCount > 10
Question 407easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Purview Communication Compliance to detect potential harassment in Microsoft Teams messages. Which role is required to review and act on policy matches?

Question 408mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune for mobile device management. You need to ensure that users cannot copy corporate data from managed apps to personal apps. Which policy should you configure?

Question 409hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing a Microsoft Purview DLP policy JSON snippet. The policy is enabled and contains one rule. What is the effect of this rule?

Exhibit

{
  "properties": {
    "displayName": "Sensitive data DLP",
    "description": "DLP policy for sensitive info",
    "state": "Enabled",
    "rules": [
      {
        "name": "Credit Card Rule",
        "condition": {
          "sensitiveInfo": {
            "sensitiveType": "Credit Card Number",
            "minCount": 1
          },
          "location": {
            "service": ["Exchange", "SharePoint"]
          }
        },
        "action": "BlockAccess"
      }
    ]
  }
}
Question 410mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender for Cloud Apps? (Choose TWO.)

Question 411hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE Microsoft Purview solutions support data classification and labeling? (Choose THREE.)

Question 412easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft security solutions can be used to centrally manage security policies across hybrid environments including on-premises and cloud? (Choose TWO.)

Question 413mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE capabilities are provided by Microsoft Defender XDR? (Choose THREE.)

Question 414hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO Microsoft Purview solutions can help identify and protect sensitive data in Microsoft Teams? (Choose TWO.)

Question 415easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE are features of Microsoft Entra ID Protection? (Choose THREE.)

Question 416mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud Apps to protect its SaaS apps. The security team needs to detect when a user downloads more than 100 files from SharePoint Online within 10 minutes. Which policy type should they create?

Question 417easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst receives an alert from Microsoft Sentinel indicating a potential ransomware attack. The analyst needs to quickly understand the full scope of the attack, including all affected accounts and devices. Which Microsoft Sentinel feature should they use?

Question 418hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company deploys Microsoft Entra ID Protection. The security team wants to automatically block sign-ins from anonymous IP addresses. They configure a Conditional Access policy. Which assignment condition should they use?

Question 419mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They need to ensure that when a user tries to share a document containing a credit card number externally via email, the user sees a policy tip and the email is blocked. Which DLP rule action should they configure?

Question 420easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to use Microsoft Defender for Office 365 to protect against malicious links in email. Which feature should they enable?

Question 421hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Intune for mobile device management (MDM). They need to ensure that corporate data on personal devices is encrypted. Which configuration profile type should they deploy?

Question 422mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to secure its Azure resources. The security team wants to receive a single recommendation for all resources that are missing just-in-time (JIT) VM access. Which Microsoft Defender for Cloud feature should they use?

Question 423easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Purview Information Protection to classify and label sensitive documents. The compliance team wants to automatically apply a 'Confidential' label to documents containing an employee's passport number. Which method should they use?

Question 424hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Sentinel as its SIEM. They need to create a custom analytics rule that runs every hour and queries for failed logins from a specific IP address. Which rule scheduling option should they configure?

Question 425mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO are capabilities of Microsoft Defender for Cloud Apps? (Choose two.)

Question 426hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE are features of Microsoft Purview Data Lifecycle Management (formerly Records Management)? (Choose three.)

Question 427easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO are capabilities of Microsoft Intune? (Choose two.)

Question 428mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization recently deployed Microsoft Defender for Cloud Apps. You need to identify which users are using a personal Dropbox account to access corporate files. Which feature should you use?

Question 429hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Defender for Endpoint. A security analyst reports that a device is showing multiple alerts for the same malware variant, but the alerts are being automatically suppressed after the initial detection. What is the most likely reason for this behavior?

Question 430easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You need to ensure that sensitive documents in Microsoft SharePoint Online are automatically classified and protected when they contain credit card numbers. What should you configure?

Question 431mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Sentinel. You need to create a custom analytics rule that triggers an incident when a user fails to sign in more than five times within an hour. Which rule type should you use?

Question 432hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Refer to the exhibit. You are reviewing a Microsoft Defender for Cloud Apps alert. Based on the evidence, which action should you take first?

Exhibit

{
  "Alert": {
    "id": "alert-12345",
    "title": "Malware detected",
    "severity": "High",
    "status": "Active",
    "category": "Malware",
    "detectionSource": "Antivirus",
    "evidence": [
      {
        "entityType": "File",
        "fileName": "ransomware.exe",
        "filePath": "C:\\Users\\admin\\Downloads\\",
        "sha1": "abcdef1234567890"
      }
    ]
  }
}
Question 433easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate email. What should you configure?

Question 434mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview Data Lifecycle Management. You need to automatically delete all emails in users' mailboxes that are older than three years, except for emails that have a legal hold. What should you configure?

Question 435hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender XDR (formerly Microsoft 365 Defender). A user reports receiving a suspicious email with a link. The email was not blocked by Exchange Online Protection (EOP). Which feature should you use to investigate the link's reputation in real time?

Question 436easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization wants to ensure that all external emails are automatically tagged with a disclaimer at the top of the email body. Which Microsoft Exchange Online feature should you configure?

Question 437mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO actions can be performed using Microsoft Purview Communication Compliance? (Choose two.)

Question 438hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE capabilities are provided by Microsoft Defender for Cloud Apps? (Choose three.)

Question 439easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO capabilities are part of Microsoft Entra ID Protection? (Choose two.)

Question 440hardmultiple choice
Read the full NAT/PAT explanation →

You are the security administrator for a large healthcare organization that uses Microsoft 365 E5. The organization must comply with HIPAA and GDPR regulations. You have implemented Microsoft Purview Information Protection with sensitivity labels to classify and protect patient data. Recently, the compliance team identified that some documents containing Protected Health Information (PHI) are being shared externally without protection. You need to prevent users from sharing documents classified as 'Highly Confidential' with external users unless the document is encrypted and labeled. Additionally, you must ensure that any external sharing of such documents is automatically blocked. You have the following options available. Which action should you take?

Question 441mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are the security architect for a financial services company that uses Microsoft 365 E5. The company has recently deployed Microsoft Defender for Office 365 and Microsoft Defender for Cloud Apps. The security team wants to detect when users are accessing corporate data from personal devices that are not managed by Microsoft Intune. You need to implement a solution that alerts the security team when a user accesses Microsoft 365 resources from an unmanaged device. The solution should also allow the user to continue working but with limited capabilities, such as preventing download of files. Which of the following should you configure?

Question 442easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are the security administrator for a small business that uses Microsoft 365 Business Premium. The company wants to enable multi-factor authentication (MFA) for all users. You need to ensure that users are prompted for MFA when they sign in from unfamiliar locations or devices. The solution should be easy to deploy without additional licensing. Which of the following should you configure?

Question 443mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Cloud Apps. Security team wants to be alerted when a user accesses a cloud app from a risky IP address. Which solution should you use to create a policy that triggers an alert based on this activity?

Question 444hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Contoso uses Microsoft Sentinel. They want to automate response to a high-severity incident by blocking the source IP in Azure Firewall and sending a notification to the SOC team via email. Which feature should they use?

Question 445easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Defender for Endpoint (MDE). The security team wants to identify devices that have not received a security update in the last 30 days. Which report should they use?

Question 446mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your company uses Microsoft Purview Information Protection. They want to automatically apply a 'Confidential' sensitivity label to documents containing a credit card number. What should they create?

Question 447hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A SOC analyst in Microsoft Sentinel needs to create a custom detection rule that triggers an incident when more than 10 failed logins occur from a single IP address within 5 minutes. Which rule type should they use?

Question 448easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization wants to ensure that only managed and compliant devices can access corporate email in Exchange Online. Which Microsoft Entra ID Conditional Access policy setting should they use?

Question 449mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Your organization uses Microsoft Defender for Office 365. Users report receiving phishing emails that bypassed the default anti-phishing policy. What should you do to improve protection?

Question 450hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

Contoso has a hybrid identity with AD DS synced to Microsoft Entra ID. They want to block legacy authentication protocols that bypass MFA. Which security solution should they use?

Question 451easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to classify and label data in Microsoft SharePoint Online automatically based on content containing passport numbers. Which Microsoft Purview feature should they use?

Question 452mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are capabilities of Microsoft Defender for Cloud Apps? (Select TWO.)

Question 453hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which THREE of the following are capabilities of Microsoft Sentinel? (Select THREE.)

Question 454easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

Which TWO of the following are features of Microsoft Purview Data Loss Prevention (DLP)? (Select TWO.)

Question 455hardmultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are a security administrator for Contoso Ltd., which uses Microsoft 365 E5. The company has 10,000 users and uses Microsoft Entra ID for identity. The security team has noticed an increase in sign-in attempts from anonymous IP addresses and from locations outside the company's home country. They want to implement a solution that automatically blocks sign-ins from anonymous IP addresses and requires MFA for sign-ins from outside the home country. They also want to ensure that if a user's risk level is high, they are forced to change their password. The solution must use Microsoft Entra ID Protection and Conditional Access. You have already configured a Conditional Access policy to require MFA for all users. Which of the following is the most efficient way to meet all requirements with minimal administrative overhead?

Question 456mediummultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You are responsible for Microsoft Purview Information Protection at a law firm that handles highly confidential client documents. The firm uses Microsoft 365 E5. You need to ensure that any document containing the phrase 'Attorney-Client Privileged' is automatically labeled with a 'Highly Confidential' sensitivity label and encrypted. Additionally, if a user attempts to send such a document via email outside the organization, the action should be blocked and the user should be prompted with a policy tip. You have already created the sensitivity label with encryption settings. What should you do next?

Question 457easymultiple choice
Read the full Describe the capabilities of Microsoft security solutions explanation →

You work at a mid-sized company that uses Microsoft Defender for Business (a subscription included with Microsoft 365 Business Premium). The company has 300 devices enrolled in Microsoft Intune. Recently, a malware outbreak occurred on several devices. You need to implement a solution that automatically remediates devices that are found to be infected with malware. The solution should isolate the device from the network and run a full scan. Which action should you take?

Question 458mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft 365 E5 and wants to protect against advanced cyber threats. Which TWO capabilities of Microsoft Defender XDR should they implement?

Question 459hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization is using Microsoft Purview Compliance Portal to manage data lifecycle. Which THREE actions can be performed using retention labels?

Question 460easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to enforce multifactor authentication for all users. Which TWO Microsoft Entra ID features can be used together to achieve this?

Question 461mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security analyst is using Microsoft Sentinel to investigate an incident. Which THREE data sources can be ingested into Sentinel?

Question 462hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. Which THREE actions can be taken automatically when a DLP policy matches?

Question 463easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to use Microsoft Defender for Cloud to secure their hybrid cloud environment. Which TWO resource types can be assessed by Defender for Cloud?

Question 464mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security team uses Microsoft Defender XDR to respond to incidents. Which THREE components are part of Microsoft Defender XDR?

Question 465hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Purview Information Protection to classify and protect data. Which TWO methods can be used to apply sensitivity labels automatically?

Question 466easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company wants to use Microsoft Intune to manage devices. Which TWO capabilities does Intune provide?

Question 467mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A cybersecurity analyst uses Microsoft Sentinel to detect threats. Which THREE types of analytics rules can be created?

Question 468hardmulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

An organization uses Microsoft Purview Audit to meet compliance requirements. Which TWO types of audit logs can be accessed?

Question 469easymulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A company uses Microsoft Defender for Cloud to secure its environment. Which TWO plans are available?

Question 470mediummulti select
Read the full Describe the capabilities of Microsoft security solutions explanation →

A security administrator is configuring Microsoft Entra ID Conditional Access. Which THREE conditions can be included in a policy?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-900 Practice Test 1 — 10 Questions→SC-900 Practice Test 2 — 10 Questions→SC-900 Practice Test 3 — 10 Questions→SC-900 Practice Test 4 — 10 Questions→SC-900 Practice Test 5 — 10 Questions→SC-900 Practice Exam 1 — 20 Questions→SC-900 Practice Exam 2 — 20 Questions→SC-900 Practice Exam 3 — 20 Questions→SC-900 Practice Exam 4 — 20 Questions→Free SC-900 Practice Test 1 — 30 Questions→Free SC-900 Practice Test 2 — 30 Questions→Free SC-900 Practice Test 3 — 30 Questions→SC-900 Practice Questions 1 — 50 Questions→SC-900 Practice Questions 2 — 50 Questions→SC-900 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Describe the capabilities of Microsoft EntraDescribe the capabilities of Microsoft security solutionsDescribe the capabilities of Microsoft compliance solutionsDescribe the concepts of security, compliance, and identity

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Describe the capabilities of Microsoft security solutions setsAll Describe the capabilities of Microsoft security solutions questionsSC-900 Practice Hub