Describe the capabilities of Microsoft security solutions
Drill 20 practice questions focused entirely on Describe the capabilities of Microsoft security solutions for the Microsoft SC-900 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A company hosts several virtual machines in Azure. The security team wants administrators to connect to these VMs using RDP and SSH securely through the Azure portal, without exposing the VMs to the public internet by assigning them public IP addresses. Which Azure service should they deploy?
A company hosts a public-facing web application on Azure virtual machines behind a public IP address. During a recent event, the application became unreachable because it was flooded with a massive volume of traffic from thousands of sources, overwhelming the network bandwidth. Which Azure service is specifically designed to detect and mitigate this type of volumetric network attack?
A company routes all outbound internet traffic from its Azure virtual networks through Azure Firewall. The security team wants the firewall to automatically alert on and block traffic to and from IP addresses and domains that Microsoft has identified as malicious, without manually maintaining any address lists. Which Azure Firewall capability should they enable?
A company runs several virtual machines in an Azure virtual network. The security team needs to control outbound traffic by allowing connections only to a specific list of fully qualified domain names (FQDNs), such as *.contoso-updates.com, while centrally logging all traffic decisions across the network. Which Azure service should they deploy?
A development team currently hardcodes API keys, database connection strings, and TLS certificates directly into application configuration files stored in a code repository. Security auditors flagged this practice as a major risk. The team wants an Azure service that centrally stores these secrets and certificates, controls access through policies, and lets applications retrieve them at runtime without embedding them in code. Which Azure service should they use?
A retail company uses dozens of SaaS applications, including Microsoft 365 and several third-party cloud services. The security team wants a solution that acts as a broker between users and cloud apps to provide deep visibility into cloud app usage, enforce data protection policies on sanctioned apps, and detect anomalous activity such as impossible travel. Which Microsoft Defender XDR service should they use?
A security team wants to prevent users from downloading sensitive files to unmanaged personal devices while still allowing them to view those files in cloud apps like SharePoint Online through the browser. Which Microsoft solution provides this real-time session monitoring and control over user activity within cloud apps?
A security analyst at a manufacturing company notices that employees are uploading corporate data to a variety of unsanctioned cloud storage services. Leadership wants to discover which cloud apps are being used across the organization, assess the risk level of each app, and control access to non-compliant apps. Which Microsoft Defender XDR service should the analyst use?
A security team has approved several SaaS applications for company use, including Salesforce and Box. They are worried about detecting suspicious behavior inside these sanctioned apps, such as impossible-travel logins and mass file downloads by a single user. Which Microsoft Defender XDR service is designed to monitor and detect these kinds of anomalous activities within cloud applications?
A cloud operations team has deployed dozens of resources across an Azure subscription and is concerned about insecure configurations, such as storage accounts that allow public access and virtual machines missing endpoint protection. They want a tool that continuously assesses these resources against security best practices and provides prioritized recommendations to reduce their attack surface. Which capability should they use?
A cloud operations team has just connected an Azure subscription to Microsoft Defender for Cloud. They want to immediately begin receiving security posture recommendations and a secure score across their resources at no additional cost, before deciding whether to invest in advanced workload protection. Which capability of Defender for Cloud is available to them by default without enabling a paid plan?
A company runs several Linux and Windows virtual machines in Azure that host business-critical applications. The security team wants a solution that provides runtime threat protection for these server workloads, alerting them to suspicious processes, brute-force login attempts, and malware on the VMs. Which capability should they enable?
A company runs several virtual machines in Azure that administrators occasionally need to connect to over RDP and SSH. The security team wants to reduce the exposure of these management ports by keeping them closed by default and only opening them to a requesting administrator's IP address for a limited time window, with the requests logged for auditing. Which Microsoft Defender for Cloud capability should they enable?
A company runs production workloads across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). The security team wants a single Microsoft solution that continuously assesses the security posture of resources in all three clouds, provides security recommendations, and produces a unified secure score. Which solution should they use?
A company runs production workloads across Azure, AWS, and on-premises virtual machines. The security team wants a single Microsoft solution that continuously assesses security posture, provides configuration hardening recommendations, and protects the running workloads across all of these environments. Which Microsoft solution should they use?
A cloud operations team wants a single dashboard that continuously assesses the security configuration of their Azure subscriptions, identifies misconfigurations such as storage accounts without encryption, and provides a prioritized numeric measurement they can track over time to improve their overall security state. Which Microsoft capability should they use?
A company running virtual machines, SQL databases, and storage accounts in Azure wants a single tool that continuously assesses resources against the PCI DSS and ISO 27001 standards, showing which controls are met and which need remediation through a built-in dashboard. Which Microsoft solution provides this regulatory compliance dashboard?
A security administrator wants to reduce the ways malware can compromise Windows devices by blocking risky behaviors such as Office applications creating executable content and scripts launching downloaded executables. Which Microsoft Defender for Endpoint capability is specifically designed to minimize these exploitable behaviors?
A security operations team is overwhelmed by the volume of low-level malware alerts on managed Windows devices. They want a capability within Microsoft Defender for Endpoint that can automatically investigate these alerts, determine whether a threat is real, and take remediation actions such as quarantining files without waiting for an analyst. Which Defender for Endpoint capability meets this need?
A security analyst notices that a company workstation, already infected with malware that bypassed the initial antivirus, is exhibiting suspicious behaviors such as lateral movement attempts and unusual process injection. The team wants a Microsoft Defender XDR service that provides endpoint detection and response (EDR) capabilities to detect, investigate, and respond to these advanced post-breach activities on the device. Which service should they use?
More SC-900 practice
Keep going with the other Microsoft Security, Compliance, and Identity Fundamentals domains, or take a full timed mock exam.
← Back to SC-900 overview