SC-900 Exam Questions with 100% Correct Answers

Which functionality is provided by Azure AD? Correct Answer Azure AD provides SSO. Azure AD provides federation. Azure AD is one perimeter of defense in depth. Azure AD does not provide file services. Azure AD does not provide the encryption of data in transit. Which two authentication methods are available in Azure AD during sign in? Each correct answer presents a complete solution. Correct Answer Passwords are the most common form of authentication and are supported in Azure AD. Text messaging can be used as a primary form of authentication. The Google Authenticator app can be used as a primary form of authentication to sign into any Azure AD account. Calling the Microsoft Helpdesk is not a valid authentication method in Azure AD. Security questions are not used during sign in. An organization is migration to the Microsoft cloud. The plan is to use a hybrid identity model. What can be used to sync identities between Active Directory Domain Services (AD DS) and Azure AD? Correct Answer Azure AD Connect is designed to meet and accomplish hybrid identity goals. ADFS cannot be used for hybrid identity models. Microsoft Sentinel is not an identity product. PIM is used for managing and monitoring access to important resources. Which authentication method can use a time-based, one-time password? Correct Answer OATH hardware tokens use time-based, one-time passwords. Strong passwords are not one-time passwords. Password hash synchronization syncs hashes across Active Directory and Azure AD. Windows Hello uses a camera or passcode for authentication. What can you use to prevent users from using an organization's name or the names of the organization's products as passwords in Azure AD? Correct Answer Azure AD Password Protection - The global banned password list does not cover your own organization and product names. Azure AD Password Protection provides protection from password spray. MFA does not manage password entries. Based on a Microsoft Azure Security Score recommendation, an administrator decides to improve identity security within an organization. What provides the greatest protection to user identities? Correct Answer using the Microsoft Authenticator app - The Microsoft Authenticator app (phone sign in) is the strongest authentication method. Enforcing a password change or enforcing a complex password will not provide the greatest protection alone. Using soft tokens does not offer as strong a protection as Microsoft Authenticator. What are three things that a user can use for Azure AD Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution. Correct Answer something the claimant knows, something the claimant has, something the claimant