2025年最新のSC-900試験問題集で最近更新された210問題 [Q81-Q101]

Share

2025年最新のSC-900試験問題集で最近更新された210問題

Microsoft SC-900リアル2025年最新のブレーン問題集で模擬試験問題集


Microsoft SC-900(Microsoft Security、Compliance、およびIdentity Fundamentals)試験は、セキュリティ、コンプライアンス、およびアイデンティティの分野で候補者の基本的な知識をテストするために設計されています。この試験は、ITセキュリティでキャリアを築こうとしており、これらの重要なドメインの基本的な理解を得たいと考えている個人に適しています。この試験では、クラウドセキュリティ、アイデンティティとアクセス管理、コンプライアンス管理、脅威保護など、幅広いトピックをカバーしています。

 

質問 # 81
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point

正解:

解説:

Explanation:

Microsoft Entra ID Protection is designed to detect and respond to identity compromise by calculating user risk and sign-in risk and surfacing risk detections such as "leaked credentials," "anonymous IP address,"
"impossible travel," and related signals. Microsoft explains that Identity Protection "uses adaptive machine learning and threat intelligence to detect risky users and risky sign-ins and assigns each a risk level of Low, Medium, or High." These detections include "Leaked credentials (found on public or dark-web lists)", confirming that Identity Protection can detect when user credentials have been exposed.
ID Protection is integrated with Conditional Access to take policy-driven actions: "Risk-based Conditional Access policies let you require multi-factor authentication (MFA), block access, or require password change when a user or sign-in risk level is met." The built-in policies include User risk policy and Sign-in risk policy, which can automatically enforce MFA or password reset when the configured risk threshold is reached.
However, Identity Protection does not manage Azure AD group membership. There is no capability to add users to groups based on risk level; group membership changes are outside the scope of Identity Protection's controls. Instead, remediation is applied through Conditional Access or password reset policies driven by the calculated risk.
Therefore: adding users to groups based on risk (No); detecting leaked credentials (Yes); invoking MFA based on risk via Conditional Access (Yes).


質問 # 82
Select the answer that correctly completes the sentence.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview


質問 # 83
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Box 1: Yes
A certificate is required that provides a private and a public key.
Box 2: Yes
The public key is used to validate the private key that is associated with a digital signature.
Box 3: Yes


質問 # 84
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

  • A. access reviews
  • B. conditional access policies
  • C. Azure AD Identity Protection
  • D. managed identities

正解:A

解説:
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview


質問 # 85
Select the answer that correctly completes the sentence.

正解:

解説:


質問 # 86
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:

Box 1: Yes
Box 2: No
Conditional Access policies are enforced after first-factor authentication is completed. Box 3: Yes


質問 # 87
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:

In Microsoft Defender for Cloud (formerly Azure Security Center), Secure score is defined as "a measurement of an organization's security posture; the higher the score, the lower the identified risk." Microsoft states that Defender for Cloud provides security recommendations that "help you harden your resources and increase your secure score." Among these recommendations is "Apply system updates" for virtual machines-Microsoft describes it as ensuring that "machines should have the latest security updates installed", and completing this action adds points to your secure score because it remediates a vulnerability class (missing patches).
Defender for Cloud also supports wide scope evaluation: you can "view and manage the secure score across subscriptions and management groups," allowing organizations with multiple Azure subscriptions to see an aggregated and per-scope score and track improvement actions consistently.
Identity protections are part of Defender for Cloud's recommendations as well. Under the Azure Security Benchmark controls, Defender for Cloud includes the recommendation that "MFA should be enabled on accounts with owner permissions on your subscription." Implementing this MFA control earns secure-score points because it mitigates high-impact identity risks.
Therefore, applying system updates (Yes), evaluating across multiple subscriptions (Yes), and enabling MFA (Yes) all increase or contribute to an organization's secure score in Azure Security Center/Defender for Cloud.


質問 # 88
Select the answer that correctly completes the sentence.

正解:

解説:


質問 # 89
Select the answer that correctly completes the sentence.

正解:

解説:

Explanation:
Assessments
In Microsoft Purview Compliance Manager, assessments are the core components used to track compliance with groupings of controls from specific regulations, standards, or requirements.
According to official Microsoft Security, Compliance, and Identity (SCI) learning content, particularly within the SC-400 and SC-900 certification tracks, the role of assessments is explicitly defined as:
"Assessments in Compliance Manager help you track, implement, and improve compliance with requirements from standards and regulations. Each assessment maps to a specific regulation or control framework, such as ISO 27001, NIST, GDPR, or HIPAA, and includes a set of controls and recommended improvement actions." Further extracted content from SCI documentation confirms:
"An assessment is used to measure your compliance posture against a particular regulation or standard. It includes control mappings and provides insight into what's in place and what still needs to be addressed to meet the compliance goals." The other options in the dropdown - Templates, Improvement actions, and Solutions - serve different functions:
* Templates provide a blueprint for creating assessments.
* Improvement actions are actionable steps generated within assessments.
* Solutions in Microsoft Purview refer to bundled capabilities like Insider Risk Management, Information Protection, etc.
Therefore, to track compliance with groupings of controls from a specific regulation or requirement, the correct and Microsoft-verified term is "Assessments."


質問 # 90
You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure.
Which security methodology does this represent?

  • A. the shared responsibility model
  • B. defense in depth
  • C. identity as the security perimeter
  • D. threat modeling

正解:B

解説:
Reference:
https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth


質問 # 91
Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?

  • A. sensitivity labels
  • B. eDiscovery
  • C. retention policies
  • D. Content Search

正解:A

解説:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide


質問 # 92
What is the purpose of Azure Active Directory (Azure AD) Password Protection?

  • A. to encrypt a password by using globally recognized encryption standards
  • B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
  • C. to prevent users from using specific words in their passwords
  • D. to control how often users must change their passwords

正解:C

解説:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation:
Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization.
With Azure AD Password Protection, default global banned password lists are automatically applied to all users in an Azure AD tenant. To support your own business and security needs, you can define entries in a custom banned password list.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises


質問 # 93
Select the answer that correctly completes the sentence.

正解:

解説:


質問 # 94
Select the answer that correctly completes the sentence.

正解:

解説:

Explanation
Graphical user interface, text, application Description automatically generated

Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service. Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide


質問 # 95
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

  • A. advanced hunting
  • B. automated investigation
  • C. automated remediation
  • D. network protection

正解:D

解説:
In Microsoft Defender for Endpoint, attack surface reduction (ASR) is described as the first defensive layer in the protection stack, and Network protection is a core ASR capability. Microsoft's documentation states that
"Attack surface reduction provides the first line of defense in the stack." It further explains that these capabilities are designed to reduce opportunities for compromise before malware can run or persistence can be established. Within ASR, Microsoft specifically defines Network protection as a feature that "helps reduce the attack surface of your devices from Internet-based events." Microsoft also clarifies how it works: "It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet." Because the question asks for the feature in Defender for Endpoint that delivers the first line of defense by reducing the attack surface, the applicable ASR capability is Network protection. It proactively blocks access to known malicious IPs, domains, and URLs, shrinking the exploitable surface area and thereby reducing risk before an attack can execute. By contrast, automated investigation and automated remediation act after detections to contain and fix issues, and advanced hunting is an analyst-driven, query-based detection and investigation tool-not an attack-surface-reduction control. Hence, Network protection is the correct choice.


質問 # 96
What can you use to provide threat detection for Azure SQL Managed Instance?

  • A. Microsoft Secure Score
  • B. Azure Defender
  • C. Azure Bastion
  • D. application security groups

正解:B


質問 # 97
Select the answer that correctly completes the sentence.

正解:

解説:


質問 # 98
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 99
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. facial recognition
  • B. security question
  • C. PIN
  • D. fingerprint
  • E. email verification

正解:A、C、D

解説:
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication


質問 # 100
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 101
......


Microsoft SC-900(Microsoft Security、Compliance、and Identity Fundamentals)認定試験は、セキュリティ、コンプライアンス、およびアイデンティティの概念を理解しているかどうかを検証するために設計されています。セキュリティとコンプライアンスの分野に新しく入った人や、これらの分野における知識とスキルを更新したい人に最適な入門試験です。

 

厳密検証されたSC-900試験問題集と解答で無料提供のSC-900問題と正解付き:https://www.goshiken.com/Microsoft/SC-900-mondaishu.html

SC-900試験問題 リアルSC-900練習問題集:https://drive.google.com/open?id=1IhWAI6Qcj_YDurq_wEP8RT5B1Og-Mx1u