Microsoft Security, Compliance, and Identity Fundamentals (SC-900日本語版) - SC-900日本語 Exam Practice Test

Explanation:
Microsoft Defender for Cloud can detect vulnerabilities and threats for Azure Storage. Yes Cloud Security Posture Management (CSPM) is available for all Azure subscriptions. Yes Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises. Yes Microsoft Defender for Cloud provides both workload protection and posture management. For Azure Storage, the Defender plan (Microsoft Defender for Storage) offers threat detection such as anomalous access, malware scanning, and sensitive-data threat alerts, while the CSPM guidance in Defender for Cloud flags misconfigurations that create vulnerabilities (for example, public blob access, weak TLS settings). CSPM capabilities-secure score, recommendations, and baseline assessments-are available to all Azure subscriptions (foundational CSPM), giving every tenant visibility into security posture without requiring a premium add-on for basic posture features. Beyond Azure, Defender for Cloud supports hybrid and multicloud: using Azure Arc and the Defender for Servers plan, it can onboard and assess on-premises servers and resources in other clouds, applying recommendations, security assessments, and threat protections across those environments. Collectively, these capabilities confirm that Defender for Cloud can detect storage- related threats and posture weaknesses, CSPM is broadly available to Azure subscriptions, and the service evaluates workloads running in Azure or on-premises.

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Explanation:

Microsoft states that Microsoft Sentinel includes connectors for both Microsoft and non-Microsoft sources.
The product overview explains that Sentinel "comes with built-in connectors" for services such as Microsoft
365, Defender, and Azure sources, and also built-in connectors for non-Microsoft solutions like firewalls and other security products. Therefore, the claim that data connectors support only Microsoft services is false.
For visualization and monitoring, the documentation clarifies that "Microsoft Sentinel uses Azure Monitor workbooks to provide rich visualizations of your data." Workbooks are the native dashboarding framework in Sentinel and can be customized to monitor logs, incidents, and telemetry that Sentinel ingests. Hence, using Azure Monitor Workbooks to monitor data collected by Sentinel is true.
Regarding threat hunting, Microsoft describes the Hunting capability as a proactive feature: "Hunting lets you proactively hunt for security threats," using Kusto Query Language queries and analytic patterns to find indicators of compromise before alerts are generated. Analysts can run, save, and schedule hunts to uncover suspicious activity that hasn't yet raised an alert, making the statement about identifying threats before an alert is triggered true.

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Explanation:

Microsoft documents Information Barriers (IB) as a Microsoft Purview capability that "restricts communication and collaboration between specific groups of users" across Microsoft 365. The service coverage explicitly includes "Microsoft Teams, SharePoint, OneDrive, and Exchange Online." In Exchange Online, IB policies "block communication" between segmented users, which includes sending or receiving email and related collaboration, thereby meeting the statement about restricting communication in Exchange.
With IB v2, Microsoft states that policies also apply to SharePoint and OneDrive so that users in different segments are "prevented from accessing sites and content" not permitted by policy. This means a SharePoint Online site can be segmented so that members outside the allowed segments are denied access, satisfying the second statement.
For Microsoft Teams, IB policies "restrict collaboration scenarios such as chats, channel conversations, and file sharing" when participants are in segments that shouldn't interact. Because Teams file sharing is backed by SharePoint/OneDrive, IB v2 enforcement "prevents sharing and accessing files across restricted segments." In effect, a user cannot share a file with another user in Teams if an IB policy disallows interaction between their segments.
These behaviors align with SCI guidance that IB policies are designed to reduce conflict-of-interest risk by controlling who can communicate, collaborate, or access content across Microsoft 365 workloads.

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Explanation:

Microsoft documents describe Azure Bastion as a managed PaaS jump-host that's deployed inside a virtual network to provide secure remote access: "Azure Bastion is deployed in your virtual network and provides seamless RDP and SSH connectivity to your virtual machines directly in the Azure portal over SSL." The platform design is per-VNet, with the limit stated as: "One Bastion host can be deployed per virtual network," ensuring a single managed entry point for that network. Connectivity is delivered using the native protocols while avoiding public exposure: "Bastion enables RDP and SSH sessions... without requiring a public IP on your virtual machines, using TLS (port 443)." Access is brokered through the web experience: "You connect to the VM directly from the Azure portal using your browser," which provides an HTML5 client for RDP
/SSH. These statements collectively validate that (1) deployment is one Bastion per VNet, (2) it provides secure user connections by using RDP (and SSH), and (3) it provides a secure connection to an Azure VM via the Azure portal, aligning with Zero Trust principles by eliminating inbound RDP/SSH exposure on public IPs.

Explanation:

Microsoft Entra Permissions Management is Microsoft's cloud infrastructure entitlement management (CIEM) solution delivered in the Microsoft Entra admin center, not in the Microsoft Purview compliance portal. Microsoft guidance describes it as a CIEM service that provides "centralized visibility, right-sizing, and governance of permissions across clouds" and is accessed and administered from the Entra portal under Permissions Management. The Purview compliance portal is used for compliance solutions such as Compliance Manager, Information Protection, DLP, eDiscovery, and Insider Risk-not CIEM-so statement
1 is No.
Permissions Management supports multicloud environments. Microsoft documentation states that it
"discovers, monitors, and manages permissions for identities and resources across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)." It calculates a Permission Creep Index (PCI), surfaces excessive permissions, and recommends remediation across these clouds; therefore, using it to manage permissions in AWS is supported-statement 2 is Yes.
Regarding secure scores: Permissions Management focuses on entitlements (e.g., effective permissions, PCI, right-sizing actions). Microsoft Secure Score (and Identity Secure Score) are separate posture metrics exposed in Microsoft 365 Defender and Microsoft Entra ID, respectively. The Permissions Management blade does not present Microsoft Secure Score; instead, it shows CIEM-specific insights and PCI. Consequently, the claim that Secure Score can be reviewed from Permissions Management in the Entra admin center is No.

Explanation:

In Microsoft Defender for Cloud (formerly Azure Security Center), Secure score is defined as "a measurement of an organization's security posture; the higher the score, the lower the identified risk." Microsoft states that Defender for Cloud provides security recommendations that "help you harden your resources and increase your secure score." Among these recommendations is "Apply system updates" for virtual machines-Microsoft describes it as ensuring that "machines should have the latest security updates installed", and completing this action adds points to your secure score because it remediates a vulnerability class (missing patches).
Defender for Cloud also supports wide scope evaluation: you can "view and manage the secure score across subscriptions and management groups," allowing organizations with multiple Azure subscriptions to see an aggregated and per-scope score and track improvement actions consistently.
Identity protections are part of Defender for Cloud's recommendations as well. Under the Azure Security Benchmark controls, Defender for Cloud includes the recommendation that "MFA should be enabled on accounts with owner permissions on your subscription." Implementing this MFA control earns secure-score points because it mitigates high-impact identity risks.
Therefore, applying system updates (Yes), evaluating across multiple subscriptions (Yes), and enabling MFA (Yes) all increase or contribute to an organization's secure score in Azure Security Center/Defender for Cloud.

Explanation:

In Microsoft Purview Compliance Manager, the built-in Compliance score and assessments are designed for ongoing, risk-based monitoring of your organization's compliance posture. Microsoft's SCI materials describe Compliance Manager as a solution that "helps you track, improve, and demonstrate your compliance posture" by mapping regulations and standards to improvement actions and assessments. The experience is not a one-time or periodic snapshot; it is intended to be continuous. As you implement controls, provide evidence, or when automated tests record results, "your score is updated as you complete actions," reflecting current progress toward data protection and regulatory requirements.
Assessments in Compliance Manager persist over time and are maintained through continuous evaluation:
actions can be automatically tested when supported (for example, configuration-based controls in Microsoft
365) or manually assessed on an ongoing basis by compliance teams. This design enables organizations to prioritize and remediate issues as they arise, rather than waiting for monthly or quarterly reviews. Because of this continuous scoring and reassessment model, Compliance Manager assesses compliance data continually for an organization, providing near real-time insight into control effectiveness and residual risk across standards such as GDPR, ISO 27001, and NIST frameworks.

Explanation:
Microsoft Purview Insider Risk Management is designed to identify, investigate, and act on risky activities by internal users-for example data exfiltration, data theft, policy violations, and user sentiments/signals that may indicate insider risk. SCI documentation explains that Insider Risk policies analyze signals such as file downloads, copying to USB, sharing to personal cloud, printing, or anomalous activity following events like performance warnings or resignation notices. Because it focuses on insider behaviors, it is not used to detect external threat vectors like phishing scams; those are addressed by Microsoft Defender for Office 365 and related anti-phishing protections-hence statement 1 is No. The solution is accessed in the Microsoft Purview (formerly Microsoft 365) compliance center under Insider risk management, where admins configure policies, alerts, and workflows-so statement 2 is Yes. Finally, its core purpose includes detecting and investigating potential data leaks by disgruntled or departing employees, using built-in policy templates (e.g., Data theft by departing employee, Data leaks), making statement 3 Yes.