Microsoft Security, Compliance, and Identity Fundamentals (SC-900日本語版) - SC-900日本語 Exam Practice Test

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Explanation:
Microsoft Defender for Cloud can detect vulnerabilities and threats for Azure Storage. Yes Cloud Security Posture Management (CSPM) is available for all Azure subscriptions. Yes Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises. Yes Microsoft Defender for Cloud provides both workload protection and posture management. For Azure Storage, the Defender plan (Microsoft Defender for Storage) offers threat detection such as anomalous access, malware scanning, and sensitive-data threat alerts, while the CSPM guidance in Defender for Cloud flags misconfigurations that create vulnerabilities (for example, public blob access, weak TLS settings). CSPM capabilities-secure score, recommendations, and baseline assessments-are available to all Azure subscriptions (foundational CSPM), giving every tenant visibility into security posture without requiring a premium add-on for basic posture features. Beyond Azure, Defender for Cloud supports hybrid and multicloud: using Azure Arc and the Defender for Servers plan, it can onboard and assess on-premises servers and resources in other clouds, applying recommendations, security assessments, and threat protections across those environments. Collectively, these capabilities confirm that Defender for Cloud can detect storage- related threats and posture weaknesses, CSPM is broadly available to Azure subscriptions, and the service evaluates workloads running in Azure or on-premises.

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Explanation:

In Microsoft Entra ID Protection, risk-based Conditional Access policies use signals such as User risk and Sign-in risk to evaluate potential threats during authentication and identity usage. These are core to adaptive access and identity protection features taught in Microsoft's SC-300 and SC-900 learning paths.
User risk:
Defined by Microsoft as: "The probability that a specific identity or account is compromised." User risk is assessed based on activities and behaviors that indicate the account may have been compromised-such as leaked credentials or atypical user activity over time.
Sign-in risk:
Defined as: "The probability that the authentication request is not performed by the legitimate identity owner." Sign-in risk is calculated at the time of authentication based on indicators such as unfamiliar locations, anonymous IP addresses, impossible travel, or malware-linked sign-ins.
These signals help automate access decisions, such as requiring MFA or blocking access, based on real-time risk assessments.

Explanation:

In Microsoft's Security, Compliance, and Identity guidance, Microsoft Defender for Identity (formerly Azure ATP) is explicitly described as "a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats." The service deploys lightweight sensors on domain controllers to collect and analyze Active Directory (AD) authentication and activity data.
Using behavioral analytics and built-in detections, it helps security teams surface indicators of compromised identities, lateral movement, pass-the-ticket/NTLM relay, and other identity-driven attack techniques.
Documentation further explains that Defender for Identity "profiles and learns entity behavior," correlates events, and raises security alerts with investigation timelines and evidence to accelerate incident response in hybrid environments.
This precisely matches the sentence in the prompt: the only Microsoft security product whose core purpose is to use on-premises AD signals to identify, detect, and investigate advanced threats is Defender for Identity.
By contrast, Microsoft Defender for Endpoint focuses on endpoint prevention and EDR; Microsoft Defender for Office 365 protects email and collaboration workloads from phishing and malware; and Microsoft Cloud App Security (now Microsoft Defender for Cloud Apps) operates as a CASB for app discovery, control, and session monitoring. Therefore, aligning with SCI study guides and product descriptions, the correct completion is Microsoft Defender for Identity.

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Explanation:
< Device identity can be stored in Azure AD. # Yes
A single system-assigned managed identity can be used by multiple Azure resources. # No If you delete an Azure resource that has a user-assigned managed identity, the managed identity is deleted automatically. # No From Microsoft Entra ID (Azure AD) device documentation: Azure AD holds device objects for registration and join states. The docs state that device identities are maintained in Azure AD: "Azure AD device objects represent registered and joined devices so they can be managed and secured." and "Devices can be Azure AD registered, Azure AD joined, or hybrid Azure AD joined." These statements confirm that device identity is stored in Azure AD, so the first item is Yes.
Regarding managed identities: Microsoft's description of system-assigned managed identity explains, "The identity is created in Entra ID and is tied to the lifecycle of that Azure resource." and "Only that resource can use this identity." Because a system-assigned identity is unique to a single resource and cannot be shared, the second statement is No.
For user-assigned managed identity, the documentation says, "A user-assigned managed identity is a standalone Azure resource." and "It can be assigned to one or more Azure service instances and is managed independently." Additionally, "When you delete the Azure resource, the user-assigned identity is not deleted." Therefore, deleting a resource does not automatically delete the user-assigned identity, making the third statement No.

Explanation:

In the Microsoft 365 security center (now Microsoft 365 Defender), incidents are used to triage and investigate threats across the tenant. Microsoft's security documentation explains that "an incident is a collection of related alerts" that are automatically correlated to give analysts a single, end-to-end view of an attack. Within each incident, the portal surfaces impacted assets such as devices, users, mailboxes, and applications, enabling responders to quickly identify which endpoints are affected by a given alert and to take response actions (isolate device, collect investigation package, run AV scan, etc.). This design allows security teams to move beyond individual alerts and instead work a consolidated investigation that lists affected devices in the incident's Evidence & Response/Assets sections, complete with alert timelines and device details.
By comparison, Secure Score measures the organization's security posture and recommendations; policies are configuration/enforcement objects (e.g., Defender or compliance policies) and are not the investigative view for alerts; classifications relate to information protection labeling rather than alert investigation. Therefore, to identify devices that are affected by an alert, you use the Incidents experience in Microsoft 365 Defender, where correlated alerts show the devices involved alongside the entities and evidence connected to the threat.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).