최신Microsoft Security, Compliance, and Identity Fundamentals (SC-900 Deutsch Version) - SC-900 Deutsch무료샘플문제

Explanation:

In Microsoft's Security, Compliance, and Identity learning content for Microsoft Defender for Cloud, the service is described as providing ongoing posture management and threat protection. The official description states that Defender for Cloud "continuously assesses your resources to identify security misconfigurations and weaknesses" and "continuously discovers and evaluates resources" across your subscriptions. The recommendations and secure-score updates are produced as the platform "continuously analyzes your environment using security policies and analytics," surfacing issues the moment they're detected and mapping them to remediation guidance. This continuous assessment model underpins Defender for Cloud's cloud security posture management (CSPM) capability and ensures that newly created or modified resources are evaluated without waiting for a scheduled job. By design, there is no fixed interval (such as hourly, every 15 minutes, or daily) required to trigger assessments-policy-driven evaluation and data collection run as changes occur and signals are received. Therefore, the sentence "Microsoft Defender for Cloud assesses Azure resources ____ for security issues" is correctly completed with continuously, reflecting Microsoft's emphasis on persistent, real-time security posture evaluation rather than periodic scans.

설명: (KoreaDumps 회원만 볼 수 있음)

Explanation:

Microsoft documents for Defender for Endpoint (MDE) describe it as an enterprise endpoint security platform that supports Windows 10/11, Windows Server, Linux, macOS, and mobile platforms (Android and iOS
/iPadOS). The platform provides threat and vulnerability management, attack surface reduction, next- generation protection, endpoint detection and response, and automated investigation and remediation across those supported operating systems. Because MDE supports Windows client operating systems and servers, it can also be used on Azure virtual machines that run supported Windows versions; onboarding methods include local scripts, Microsoft Endpoint Manager, or cloud integrations, allowing VM endpoints to receive the same protection and EDR capabilities as physical devices.
By contrast, malware scanning in SharePoint Online, OneDrive, and Microsoft Teams is provided by Microsoft Defender for Office 365 (Safe Attachments for SharePoint, OneDrive, and Teams)-a different service within the Microsoft 365 Defender family. This service analyzes files as they are uploaded or shared to detect and block malicious content in collaboration workloads, which is outside the scope of MDE's endpoint-focused protections. Therefore: Android protection (Yes), Azure VMs running Windows 10 (Yes), and SharePoint Online anti-virus protection by MDE (No, handled by Defender for Office 365).

Explanation:

Box 1: Yes
The MailItemsAccessed event is a mailbox auditing action and is triggered when mail data is accessed by mail protocols and mail clients.
Box 2: No
Basic Audit retains audit records for 90 days.
Advanced Audit retains all Exchange, SharePoint, and Azure Active Directory audit records for one year.
This is accomplished by a default audit log retention policy that retains any audit record that contains the value of Exchange, SharePoint, or AzureActiveDirectory for the Workload property (which indicates the service in which the activity occurred) for one year.
Box 3: yes
Advanced Audit in Microsoft 365 provides high-bandwidth access to the Office 365 Management Activity API.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/auditing-solutions-overview?view=o365- worldwide#licensing-requirements
https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-
365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing- guidance#advanced- audit

Explanation:

In Microsoft Azure, an NSG consists of ordered security rules evaluated by priority. The Azure documentation specifies that every rule includes identifying metadata and must be uniquely named within the NSG: "Each security rule has a name that is unique within the network security group." Rule evaluation is deterministic: "Security rules are processed in priority order... once a rule matches traffic, processing stops." Azure creates several default security rules in every NSG to provide a safe baseline. These defaults are protected: "You can't remove the default security rules, but you can override them by creating rules with a higher priority." This means deletion of default rules is not allowed; administrators add custom rules with lower priority numbers to supersede the defaults as needed.
Regarding protocols, NSG rules can target specific L4/L3 protocols. The platform guidance states that the rule Protocol field supports TCP, UDP, ICMP, or Any: "For Protocol, specify TCP, UDP, ICMP, or Any." Therefore, configuring rules to check TCP, UDP, or ICMP traffic types is fully supported.
Putting this together: (1) unique rule names are required (Yes), (2) default rules cannot be deleted (No), and (3) NSG rules can indeed be configured for TCP/UDP/ICMP (Yes). These behaviors align with Azure's prescribed NSG design and management model used across Microsoft Security, Compliance, and Identity learning content.

Explanation:

In Microsoft identity and access scenarios, federation is explicitly defined as a mechanism to create trust between autonomous organizations so that identities authenticated in one can be accepted by another.
Microsoft describes this as: "Federation is a collection of domains that have established trust." In a federation,
"this trust relationship lets each organization accept the other's user authentication" and enables access to resources without the need to duplicate user accounts or require separate credentials. Within Azure AD
/Microsoft Entra and AD FS guidance, Microsoft further explains that federation enables "claims-based access across security boundaries" and "allows users to access applications in a partner organization using their existing credentials." These statements underline that the purpose of federation is to establish a trust relationship across identity providers or directories, not to provide multi-factor authentication, synchronize accounts, or build network tunnels. MFA is an authentication strength that can be applied on top of federated sign-in, user account synchronization is handled by services like Microsoft Entra Connect (Azure AD Connect), and VPNs provide network connectivity, not identity trust. Therefore, the completion that aligns with Microsoft SCI documentation is that federation establishes a trust relationship between organizations.

설명: (KoreaDumps 회원만 볼 수 있음)

설명: (KoreaDumps 회원만 볼 수 있음)