Microsoft SC-401 Administering Information Security in Microsoft 365 Exam Dumps and Practice Test Questions Set 09 161-180

Visit here for our full Microsoft SC-401 exam dumps and practice test questions.

Question 161

Your organization wants to classify and protect sensitive emails and documents automatically, ensuring encryption and access restrictions are applied based on content. Which solution should you deploy?

A) Microsoft Information Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Sentinel

Answer: Microsoft Information Protection

Explanation

Protecting sensitive emails and documents is critical for maintaining regulatory compliance and preventing data breaches. Microsoft Information Protection (MIP) allows administrators to define sensitivity labels such as Confidential, Highly Confidential, or Public. These labels can be applied manually, automatically using content inspection, or via machine learning classifiers.

Once applied, labels enforce encryption, access restrictions, and rights management. This ensures that only authorized users can view or modify sensitive content and prevents unauthorized sharing. Integration across Microsoft 365 applications, including Exchange, SharePoint, Teams, and OneDrive, ensures consistent protection across the organization.

Alternative solutions like Intune manage devices, Azure Firewall protects network traffic, and Sentinel focuses on monitoring security events but does not provide content classification or protection. Benefits of MIP include automated classification, enforcement of encryption policies, prevention of accidental data leakage, regulatory compliance support, and seamless integration with Microsoft 365 applications. Deploying MIP ensures sensitive data is automatically protected without disrupting workflow.

Question 162

Your organization wants to continuously monitor cloud workloads for misconfigurations, vulnerabilities, and threats, and provide actionable remediation recommendations. Which solution is most appropriate?

A) Microsoft Defender for Cloud
B) Azure Key Vault
C) Microsoft Purview
D) Microsoft Intune

Answer: Microsoft Defender for Cloud

Explanation

Cloud workloads are dynamic and vulnerable to misconfigurations, unpatched systems, and insecure network settings. Microsoft Defender for Cloud provides continuous security monitoring for Azure, hybrid, and multi-cloud workloads. It evaluates resources against best practices and regulatory standards such as CIS, NIST, and ISO.

Defender for Cloud identifies misconfigurations such as open management ports, unencrypted storage accounts, and missing patches. It also leverages behavioral analytics and Microsoft threat intelligence to detect suspicious activity. Alerts are prioritized by risk, allowing administrators to focus on critical threats. Integration with Microsoft Sentinel allows centralized monitoring, automated investigation, and remediation through playbooks.

Alternative solutions, such as Azure Key Vault, manage secrets, Purview handles data governance, and Intune manages device compliance, but none provide end-to-end cloud workload security monitoring. Benefits include continuous assessment, actionable remediation, threat detection, compliance reporting, and automated response capabilities. Defender for Cloud strengthens cloud security posture and supports Zero Trust principles.

Question 163

Your organization wants to detect risky Azure AD sign-ins, including logins from unfamiliar locations or devices, and automatically enforce MFA or password resets. Which solution should you use?

A) Azure AD Identity Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Purview

Answer: Azure AD Identity Protection

Explanation

Compromised accounts are a common security threat. Azure AD Identity Protection evaluates risk for each user and sign-in using signals like impossible travel, unfamiliar devices, and leaked credentials. Each sign-in and user is assigned a risk score.

Administrators can define policies that automatically enforce remediation actions for high-risk sign-ins, including requiring multi-factor authentication, forcing password resets, or temporarily blocking access. Integration with Azure AD Conditional Access enables dynamic, real-time enforcement for secure access to applications while maintaining user productivity.

Alternative solutions, such as Intune, Azure Firewall, and Purview, do not provide identity risk detection or automatic remediation. Benefits of Azure AD Identity Protection include real-time detection of risky sign-ins, automated mitigation actions, granular risk scoring, audit logging for compliance, and alignment with Zero Trust principles. This solution helps organizations proactively reduce account compromise risk and protect critical resources.

Question 164

Your organization wants to detect insider threats in hybrid Active Directory environments, including abnormal activity, lateral movement, and privilege escalation attempts. Which solution should you implement?

A) Microsoft Defender for Identity
B) Azure Firewall
C) Microsoft Intune
D) Microsoft Purview

Answer: Microsoft Defender for Identity

Explanation

Insider threats originate from trusted accounts with legitimate access, making them difficult to detect. Microsoft Defender for Identity monitors hybrid Active Directory environments by analyzing authentication requests, Kerberos tickets, LDAP queries, and group modifications. Behavioral analytics detect anomalies such as unusual logins, lateral movement, or privilege escalation attempts.

Defender for Identity generates detailed alerts with context, including affected users, devices, and systems. Integration with Microsoft Sentinel allows correlation with endpoint and cloud data, giving a holistic view of potential insider threats. Automated responses can block or remediate suspicious activity quickly, minimizing potential damage.

Alternative solutions such as Azure Firewall, Intune, and Purview do not provide identity monitoring or insider threat detection. Benefits include real-time detection, behavioral analytics for anomaly detection, centralized alerting, SIEM integration, and alignment with Zero Trust principles. Deploying Defender for Identity allows organizations to proactively identify and mitigate insider threats.

Question 165

Your organization wants to enforce that only compliant devices can access Microsoft 365 applications, verifying OS version, encryption, and antivirus requirements. Which solution combination should you deploy?

A) Microsoft Intune + Azure AD Conditional Access
B) Azure Firewall + Network Security Groups
C) Microsoft Purview + Microsoft Sentinel
D) Azure Key Vault + Microsoft Defender for Endpoint

Answer: Microsoft Intune + Azure AD Conditional Access

Explanation

Device compliance is a core component of Zero Trust security. Microsoft Intune allows administrators to define compliance policies specifying OS version, encryption status, antivirus installation, and configuration. Devices that do not meet compliance requirements are marked non-compliant.

Azure AD Conditional Access enforces access policies based on device compliance. Non-compliant devices can be blocked or required to remediate issues before accessing Microsoft 365 applications. Conditional Access also supports additional conditions such as user risk and location, allowing granular, context-aware access control.

Alternative solutions like Azure Firewall + NSGs, Purview + Sentinel, and Azure Key Vault + Defender for Endpoint cannot enforce access based on device compliance. Benefits include real-time compliance verification, automated remediation, contextual access decisions, audit logs for regulatory reporting, and alignment with Zero Trust principles. Deploying Intune with Conditional Access ensures that only secure, compliant devices can access corporate resources.

Question 166

Your organization wants to automatically classify and protect documents that contain sensitive data, ensuring encryption and access restrictions are applied regardless of where the files are stored. Which solution should you implement?

A) Microsoft Information Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Sentinel

Answer: Microsoft Information Protection

Explanation

Protecting sensitive documents across cloud and on-premises environments is critical for data security and regulatory compliance. Microsoft Information Protection (MIP) allows administrators to create sensitivity labels that classify content such as Confidential, Highly Confidential, or Public. Labels can be applied manually by users, automatically through content inspection, or using machine learning classifiers.

Once a label is applied, encryption, access restrictions, and rights management are enforced. Only authorized users can access the content, and sharing restrictions prevent accidental leakage. MIP integrates with Microsoft 365 applications, including SharePoint, Teams, OneDrive, and Exchange, ensuring consistent protection across platforms.

Alternative solutions, such as Intun, manage device compliance, Azure Firewall protects network traffic, and Microsoft Sentinel monitors security events, but does not classify or protect content. Benefits of MIP include automatic classification, consistent enforcement of encryption policies, prevention of data leaks, compliance support, and seamless integration across hybrid and cloud environments. Deploying MIP ensures sensitive information remains secure without disrupting workflows.

Question 167

Your organization wants to continuously monitor cloud workloads for security misconfigurations, vulnerabilities, and potential threats, and provide actionable recommendations for remediation. Which solution is most appropriate?

A) Microsoft Defender for Cloud
B) Azure Key Vault
C) Microsoft Purview
D) Microsoft Intune

Answer: Microsoft Defender for Cloud

Explanation

Cloud workloads are dynamic and exposed to security risks such as misconfigurations, unpatched systems, and insecure network settings. Microsoft Defender for Cloud provides continuous monitoring for Azure, hybrid, and multi-cloud workloads, assessing resources against security best practices and compliance standards like CIS, NIST, and ISO.

Defender for Cloud identifies vulnerabilities and misconfigurations, including open management ports, unencrypted storage accounts, and missing patches. Behavioral analytics and Microsoft threat intelligence detect suspicious activities. Alerts are prioritized by risk to help administrators address high-impact issues first. Integration with Microsoft Sentinel enables centralized monitoring, automated investigation, and remediation via playbooks.

Other solutions, including Azure Key Vault (secrets management), Purview (data governance), and Intune (device compliance), do not provide comprehensive cloud workload security monitoring. Benefits of Defender for Cloud include continuous security assessment, actionable remediation recommendations, threat detection, compliance reporting, and automated response capabilities, improving overall cloud security posture and supporting Zero Trust principles.

Question 168

Your organization wants to detect risky Azure AD sign-ins from unfamiliar devices or locations and automatically enforce multi-factor authentication or password reset actions. Which solution is suitable?

A) Azure AD Identity Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Purview

Answer: Azure AD Identity Protection

Explanation

Compromised accounts are a major attack vector in cloud environments. Azure AD Identity Protection evaluates each sign-in and user account risk based on signals like impossible travel, unfamiliar devices, and leaked credentials. Each user or sign-in is assigned a risk score.

Administrators can configure automated remediation policies for high-risk sign-ins. Actions may include requiring multi-factor authentication, enforcing password resets, or temporarily blocking access. Integration with Conditional Access allows dynamic, real-time enforcement of security policies while maintaining user productivity.

Alternative solutions such as Intune, Azure Firewall, and Purview do not detect identity risks or provide automatic remediation. Key benefits of Azure AD Identity Protection include real-time detection of risky sign-ins, automated mitigation, granular risk scoring, audit logging for compliance, and Zero Trust alignment. This solution enables organizations to proactively reduce account compromise risk and protect sensitive resources.

Question 169

Your organization wants to detect insider threats in hybrid Active Directory environments, including abnormal user activity, lateral movement, and privilege escalation. Which solution should you implement?

A) Microsoft Defender for Identity
B) Azure Firewall
C) Microsoft Intune
D) Microsoft Purview

Answer: Microsoft Defender for Identity

Explanation

Insider threats pose a significant risk because they come from trusted accounts with legitimate access. Microsoft Defender for Identity monitors hybrid Active Directory environments by analyzing authentication requests, Kerberos tickets, LDAP queries, and group modifications. Behavioral analytics detect anomalies such as unusual logins, lateral movement, or privilege escalation attempts.

Defender for Identity provides detailed alerts with context, including the affected user, device, and systems. Integration with Microsoft Sentinel allows correlation with endpoint and cloud events, providing a holistic view of potential insider threats. Automated responses can block or remediate suspicious activity quickly, preventing damage.

Alternative solutions such as Azure Firewall, Intune, and Purview do not provide identity monitoring or insider threat detection. Benefits include real-time monitoring, anomaly detection via behavioral analytics, centralized alerting, SIEM integration, and alignment with Zero Trust principles. Deploying Defender for Identity enables proactive detection and mitigation of insider threats.

Question 170

Your organization wants to enforce access to Microsoft 365 applications only from compliant devices, checking OS version, encryption, and antivirus status. Which solution combination should you deploy?

A) Microsoft Intune + Azure AD Conditional Access
B) Azure Firewall + Network Security Groups
C) Microsoft Purview + Microsoft Sentinel
D) Azure Key Vault + Microsoft Defender for Endpoint

Answer: Microsoft Intune + Azure AD Conditional Access

Explanation

Ensuring that only compliant devices access corporate resources is critical for implementing Zero Trust security. Microsoft Intune allows administrators to define compliance policies that include OS version, encryption status, antivirus presence, and configuration requirements. Non-compliant devices are flagged and restricted.)

Azure AD Conditional Access enforces access policies based on device compliance status. Devices that fail compliance checks can be blocked or prompted to remediate issues before accessing Microsoft 365 applications. Conditional Access also supports additional conditions like user risk and location, enabling granular, context-aware access control.

Alternative solutions like Azure Firewall + NSGs, Purview + Sentinel, and Azure Key Vault + Defender for Endpoint cannot enforce access based on device compliance. Benefits include real-time compliance verification, automated remediation, contextual access decisions, audit logging for compliance reporting, and alignment with Zero Trust principles. This ensures only secure, compliant devices can access organizational resources.

Question 171

Your organization wants to prevent accidental data leakage by automatically restricting the sharing of sensitive files both internally and externally. Which solution should you implement?

A) Microsoft Information Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Sentinel

Answer: Microsoft Information Protection

Explanation

Accidental data leakage is a major risk when sensitive information is shared improperly. Microsoft Information Protection (MIP) allows organizations to define sensitivity labels, such as Confidential or Highly Confidential. These labels can be applied manually by users, automatically via content inspection, or using machine learning classifiers.

Once labeled, documents and emails are protected with encryption, access restrictions, and rights management. Internal sharing can be limited to specific groups, while external sharing can be blocked or controlled. MIP integrates with Microsoft 365 applications like Teams, SharePoint, OneDrive, and Exchange to enforce consistent protection across platforms.

Alternative solutions like Intune manage devices, Azure Firewall protects network traffic, and Sentinel monitors security events, but does not prevent data leakage. Benefits of MIP include automated classification, consistent application of encryption and access policies, prevention of accidental leaks, regulatory compliance support, and seamless integration across hybrid and cloud environments. Deploying MIP ensures sensitive information remains secure without disrupting workflows.

Question 172

Your organization wants to continuously monitor cloud workloads for security misconfigurations, vulnerabilities, and suspicious activities, and provide actionable recommendations for remediation. Which solution is appropriate?

A) Microsoft Defender for Cloud
B) Azure Key Vault
C) Microsoft Purview
D) Microsoft Intune

Answer: Microsoft Defender for Cloud

Explanation

Cloud environments are dynamic and constantly changing, making them susceptible to misconfigurations, unpatched systems, and insecure network configurations. Microsoft Defender for Cloud provides continuous security monitoring and risk assessment for Azure, hybrid, and multi-cloud workloads.

It evaluates workloads against best practices and compliance standards such as CIS, NIST, and ISO. Defender for Cloud identifies vulnerabilities and misconfigurations like open management ports, unencrypted storage accounts, and missing patches. It uses behavioral analytics and Microsoft threat intelligence to detect suspicious activities. Alerts are prioritized based on risk to help administrators address critical threats first.

Integration with Microsoft Sentinel enables centralized monitoring, automated investigation, and remediation using playbooks. Alternative solutions like Azure Key Vault, Purview, and Intune do not provide full cloud workload security monitoring. Benefits include continuous security assessment, actionable remediation, threat detection, compliance reporting, and automated response, supporting a strong cloud security posture and Zero Trust principles.

Question 173

Your organization wants to detect risky Azure AD sign-ins, including logins from unfamiliar locations or devices, and automatically enforce MFA or password resets. Which solution should you deploy?

A) Azure AD Identity Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Purview

Answer: Azure AD Identity Protection

Explanation

Compromised accounts are one of the most common vectors for attacks. Azure AD Identity Protection evaluates risk for each user and sign-in using signals such as impossible travel, unfamiliar devices, and leaked credentials. Risk scores are assigned per user and per sign-in.

Administrators can define automated policies to remediate high-risk sign-ins, including requiring multi-factor authentication, enforcing password resets, or temporarily blocking access. Integration with Conditional Access allows for real-time, dynamic enforcement while maintaining productivity.

Alternative solutions like Intune, Azure Firewall, and Purview do not provide identity risk detection or automatic mitigation. Key benefits of Azure AD Identity Protection include real-time risk detection, automated remediation, granular risk scoring, audit logging for compliance, and alignment with Zero Trust principles. Deploying this solution allows organizations to proactively reduce account compromise risks and protect sensitive resources.

Azure AD Identity Protection is a cloud-based security solution designed to help organizations detect, investigate, and remediate identity-based risks. It continuously monitors user accounts and sign-in activities to identify suspicious behavior, such as sign-ins from unusual locations, impossible travel between locations, leaked credentials, or anomalous device usage. Using machine learning and threat intelligence, it assigns risk levels to both users and sign-ins and allows administrators to configure automated responses based on risk. For example, high-risk users can be required to reset their passwords or complete multi-factor authentication before accessing corporate resources. Azure AD Identity Protection is particularly effective in enforcing a proactive and adaptive approach to identity security, reducing the likelihood of account compromise, and integrating seamlessly with Conditional Access policies to implement risk-based access controls. This makes it the correct choice when the goal is to protect user identities and prevent unauthorized access based on behavioral risk patterns. Azure AD Identity Protection also provides detailed reporting and insights, helping security teams understand trends, investigate incidents, and comply with regulatory requirements related to identity and access management.

Microsoft Intune is a cloud-based service focused on mobile device management (MDM) and mobile application management (MAM). Intune ensures that devices accessing corporate resources comply with security policies such as encryption, passcode requirements, OS patch levels, and approved application usage. It can also enforce conditional access rules in conjunction with Azure AD to ensure only compliant devices can access sensitive data. While Intune is essential for managing endpoint security and device compliance, it does not directly detect identity risks or analyze sign-in behavior. Intune’s primary focus is on devices rather than user accounts or adaptive identity protection, which is why it is not the correct answer in this context.

Azure Firewall is a managed, cloud-based network security service designed to protect Azure resources by filtering traffic at the network and application levels. It supports fully stateful inspection, threat intelligence-based filtering, and application rules to control inbound and outbound traffic. Azure Firewall is critical for securing network traffic and segmenting workloads, but it does not provide capabilities to monitor or respond to identity-based risks. It does not evaluate user behavior, detect compromised credentials, or enforce risk-based access, which makes it unsuitable for the objectives addressed by Azure AD Identity Protection.

Microsoft Purview is a data governance and compliance solution designed to help organizations discover, classify, and manage sensitive data. It enables organizations to implement data loss prevention, monitor data usage, and maintain regulatory compliance across on-premises and cloud environments. While Purview is valuable for ensuring that data is handled securely and meeting compliance requirements, it is focused on data rather than identity. It does not detect risky sign-ins, compromised accounts, or provide automated remediation for identity threats, which are the primary focus of Azure AD Identity Protection.

In summary, Azure AD Identity Protection stands out as the correct solution because it directly addresses identity security by detecting suspicious sign-ins, assigning risk levels, and enabling automated remediation. Unlike Intune, which manages devices, Azure Firewall, which protects network traffic, or Purview, which governs data, Azure AD Identity Protection focuses specifically on safeguarding user identities and mitigating risks associated with compromised credentials, making it the ideal choice for identity threat protection and risk-based access control.

Question 174

Your organization wants to detect insider threats in hybrid Active Directory environments, including abnormal activity, lateral movement, and privilege escalation attempts. Which solution is suitable?

A) Microsoft Defender for Identity
B) Azure Firewall
C) Microsoft Intune
D) Microsoft Purview

Answer: Microsoft Defender for Identity

Explanation

Insider threats are challenging because they originate from trusted accounts with legitimate access. Microsoft Defender for Identity monitors hybrid Active Directory environments by analyzing authentication requests, Kerberos tickets, LDAP queries, and group modifications. Behavioral analytics detect anomalies, such as unusual logins, lateral movement, and privilege escalation attempts.

Defender for Identity provides detailed contextual alerts, including the affected users, devices, and systems. Integration with Microsoft Sentinel enables correlation of alerts across endpoints and cloud data, providing a holistic view of potential insider threats. Automated responses can remediate or block suspicious activity quickly, minimizing damage.

Alternative solutions such as Azure Firewall, Intune, and Purview do not monitor identity behavior or detect insider threats. Benefits include real-time monitoring, behavioral analytics for anomaly detection, centralized alerting, SIEM integration, and Zero Trust alignment. Deploying Defender for Identity allows organizations to proactively detect and mitigate insider threats.

Question 175

Your organization wants to enforce access to Microsoft 365 applications only from compliant devices, verifying OS version, encryption, and antivirus status. Which solution combination should be implemented?

A) Microsoft Intune + Azure AD Conditional Access
B) Azure Firewall + Network Security Groups
C) Microsoft Purview + Microsoft Sentinel
D) Azure Key Vault + Microsoft Defender for Endpoint

Answer: Microsoft Intune + Azure AD Conditional Access

Explanation

Ensuring that only compliant devices access Microsoft 365 applications is a core principle of Zero Trust security. Microsoft Intune allows administrators to define compliance policies that check OS version, encryption status, antivirus installation, and device configuration. Non-compliant devices are flagged and restricted.

Azure AD Conditional Access enforces access policies based on device compliance state. Non-compliant devices can be blocked or prompted to remediate issues before accessing corporate resources. Conditional Access also allows additional conditions, like user risk and location, for granular, context-aware access control.

Alternative solutions like Azure Firewall + NSGs, Purview + Sentinel, and Azure Key Vault + Defender for Endpoint cannot enforce access based on device compliance. Benefits include real-time compliance verification, automated remediation, contextual access decisions, audit logging for compliance reporting, and alignment with Zero Trust principles. This ensures only secure, compliant devices can access organizational resources.

A) Microsoft Intune + Azure AD Conditional Access (Correct Answer)
Microsoft Intune, combined with Azure AD Conditional Access, provides a comprehensive solution for securing access to corporate applications and data. Intune is a cloud-based service for mobile device management (MDM) and mobile application management (MAM). It allows organizations to enforce security policies on devices, including encryption, password requirements, OS patch levels, and application control. Azure AD Conditional Access evaluates authentication attempts in real time using signals such as user identity, device compliance, location, and application sensitivity.

When used together, Intune and Conditional Access allow organizations to implement policies like “allow access only from compliant devices” or “require multi-factor authentication for high-risk users.” This ensures that only secure, managed devices can access sensitive corporate resources. The combination also supports Zero Trust principles by applying continuous verification, least-privilege access, and dynamic access controls. This makes it ideal for hybrid and remote work environments where users access resources from multiple devices. Overall, this pairing directly addresses identity-based access management and device compliance, making it the correct choice for scenarios that require secure application access.

B) Azure Firewall + Network Security Groups
Azure Firewall and Network Security Groups (NSGs) are tools focused on network-level security rather than device compliance or identity-based access. Azure Firewall provides centralized, fully stateful traffic filtering for inbound, outbound, and east-west network traffic, including threat intelligence and application-level filtering. NSGs control traffic at the subnet or network interface level based on IP addresses, ports, and protocols.

While essential for protecting Azure workloads and segmenting networks, these tools do not evaluate the compliance of devices or the identity of users accessing applications. They control which traffic can flow where, but they do not enforce real-time access decisions based on device security or user risk. For this reason, they cannot achieve the same level of identity- and device-based access control as Intune and Conditional Access.

C) Microsoft Purview + Microsoft Sentinel
Microsoft Purview and Microsoft Sentinel are focused on governance, compliance, and security monitoring rather than access control. Purview helps classify sensitive data, manage data lineage, and enforce compliance and privacy policies. Microsoft Sentinel is a cloud-native SIEM and SOAR platform that detects threats, aggregates alerts, and enables incident investigation and automated responses.

While both are important for compliance and security operations, they do not directly enforce access policies. They provide monitoring, detection, and reporting capabilities, but cannot prevent unauthorized access in real time based on device compliance or user identity. Their role is primarily analytical and reactive, not preventive.

D) Azure Key Vault + Microsoft Defender for Endpoint
Azure Key Vault protects cryptographic keys, certificates, and secrets, while Microsoft Defender for Endpoint provides threat detection, vulnerability management, and endpoint protection. Together, they enhance endpoint and data security, but they do not enforce conditional access policies. Defender may identify risky devices, and Key Vault secures sensitive assets, but neither can restrict access to applications based on real-time compliance checks.

Question 176

Your organization wants to classify and protect sensitive emails and documents automatically, applying encryption and access restrictions based on content type. Which solution should you deploy?

A) Microsoft Information Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Sentinel

Answer: Microsoft Information Protection

Explanation

Organizations need to protect sensitive emails and documents to prevent data breaches and maintain compliance with regulations such as GDPR or HIPAA. Microsoft Information Protection (MIP) allows administrators to define sensitivity labels, such as Confidential, Highly Confidential, or Public. Labels can be applied manually by users, automatically using content inspection, or via machine learning classifiers.

Once a label is applied, encryption, access restrictions, and rights management are enforced. This ensures that only authorized users can access content and prevents unauthorized sharing. Integration with Microsoft 365 applications, including Exchange, SharePoint, Teams, and OneDrive, ensures consistent protection across platforms.

Alternative solutions, such as Intune, manage devices; Azure Firewall protects network traffic; and Microsoft Sentinel monitors security events but does not classify or protect content. Benefits of MIP include automated classification, enforcement of encryption policies, prevention of accidental data leakage, regulatory compliance support, and seamless integration with Microsoft 365. Deploying MIP ensures sensitive information is automatically protected without disrupting business workflows.

Question 177

Your organization wants to continuously monitor cloud workloads for misconfigurations, vulnerabilities, and potential threats, while providing actionable remediation recommendations. Which solution is most suitable?

A) Microsoft Defender for Cloud
B) Azure Key Vault
C) Microsoft Purview
D) Microsoft Intune

Answer: Microsoft Defender for Cloud

Explanation

Cloud workloads are highly dynamic and exposed to security risks such as misconfigurations, unpatched systems, and insecure network settings. Microsoft Defender for Cloud provides continuous monitoring for Azure, hybrid, and multi-cloud workloads. It evaluates resources against best practices and compliance standards like CIS, NIST, and ISO.

Defender for Cloud identifies misconfigurations, vulnerabilities, and suspicious activities. Examples include open management ports, unencrypted storage accounts, and missing patches. Behavioral analytics and Microsoft threat intelligence are used to detect abnormal activity. Alerts are prioritized based on risk, enabling security teams to focus on high-impact issues. Integration with Microsoft Sentinel allows centralized monitoring, automated investigation, and remediation via playbooks.

A) Microsoft Defender for Cloud (Correct Answer)
Microsoft Defender for Cloud is a unified cloud security posture management and workload protection platform. It provides continuous assessment of resources, identifies vulnerabilities, and delivers security recommendations to strengthen your overall cloud environment. Defender for Cloud evaluates the configuration of virtual machines, storage accounts, databases, Kubernetes clusters, identity settings, and network rules to ensure they meet security best practices. It generates a secure score, helping organizations prioritize high-impact improvements.

Additionally, Microsoft Defender for Cloud includes threat protection capabilities. It detects suspicious activities, alerts administrators of potential attacks, and integrates with Microsoft Defender family services for deeper protection. It also provides agent-based and agentless scanning, regulatory compliance assessments, Just-in-Time (JIT) VM access, and integration with Azure Policy to maintain continuous enforcement. Defender for Cloud is the right answer when the goal is to monitor cloud security posture, identify misconfigurations, and protect workloads from threats in Azure, hybrid, or multi-cloud environments. It brings together security posture management (CSPM) with workload protection (CWPP), making it a comprehensive security solution.

B) Azure Key Vault
Azure Key Vault is a service designed to securely store and manage secrets, certificates, encryption keys, and passwords used by applications and cloud services. Key Vault helps prevent unauthorized access by using hardware security modules (HSMs) and access control policies. While it plays a critical role in protecting cryptographic material and sensitive application configurations, it does not provide cloud security posture management, threat detection, or security recommendations. Its purpose is limited to securing secrets rather than evaluating or protecting entire cloud environments. Therefore, Key Vault is not the correct choice for tasks involving cloud security posture assessment or threat prevention across workloads.

C) Microsoft Purview
Microsoft Purview is a suite of data governance, data cataloging, risk, and compliance tools. Its primary role is to help organizations classify data, manage data lineage, apply data loss prevention controls, and ensure compliance with regulatory standards. Purview provides visibility into where sensitive data is stored and how it is used, but it does not evaluate security configurations of cloud resources or detect attacks. It focuses on data governance and compliance, not workload or infrastructure security. As such, it is not the appropriate solution for maintaining or improving cloud security posture.

D) Microsoft Intune
Microsoft Intune is a cloud-based service for mobile device management (MDM) and mobile application management (MAM). It ensures that devices accessing corporate resources are compliant with security requirements, such as encryption, password policies, and OS updates. Intune focuses on endpoint and device management rather than securing cloud resources like VMs, databases, containers, or applications. While Intune is essential for device compliance and Zero Trust strategies, it does not provide holistic cloud security assessments or threat detection across Azure, hybrid, or multi-cloud environments. Thus, it is not the right option when the objective is securing cloud workloads.

Other solutions, such as Azure Key Vault, Purview, and Intune, do not provide comprehensive cloud workload security monitoring. Benefits of Defender for Cloud include continuous security assessment, actionable remediation, threat detection, compliance reporting, and automated response, supporting a strong cloud security posture and Zero Trust principles.

Question 178

Your organization wants to detect risky Azure AD sign-ins, including logins from unfamiliar devices or locations, and automatically enforce multi-factor authentication or password resets. Which solution should you implement?

A) Azure AD Identity Protection
B) Microsoft Intune
C) Azure Firewall
D) Microsoft Purview

Answer: Azure AD Identity Protection

Explanation

User accounts are frequently targeted by attackers using compromised credentials. Azure AD Identity Protection evaluates each sign-in and user account risk using signals such as impossible travel, unfamiliar devices, and leaked credentials. Each sign-in and user receives a risk score.

Administrators can configure automated policies to remediate high-risk sign-ins, including requiring MFA, enforcing password resets, or temporarily blocking access. Integration with Conditional Access allows dynamic, real-time enforcement while maintaining user productivity.

Alternative solutions such as Intune, Azure Firewall, and Purview do not detect identity risks or provide automatic remediation. Benefits include real-time detection of risky sign-ins, automated mitigation, granular risk scoring, audit logging for compliance, and Zero Trust alignment. Using Azure AD Identity Protection enables proactive reduction of account compromise risk and protects critical resources.

Question 179

Your organization wants to detect insider threats in hybrid Active Directory environments, including abnormal behavior, lateral movement, and privilege escalation attempts. Which solution should you deploy?

A) Microsoft Defender for Identity
B) Azure Firewall
C) Microsoft Intune
D) Microsoft Purview

Answer: Microsoft Defender for Identity

Explanation

Insider threats are difficult to detect because they originate from trusted accounts with legitimate access. Microsoft Defender for Identity monitors hybrid Active Directory environments by analyzing authentication requests, Kerberos tickets, LDAP queries, and group modifications. Behavioral analytics detect anomalies such as unusual logins, lateral movement, and privilege escalation.

Defender for Identity provides detailed alerts with context, including affected users, devices, and systems. Integration with Microsoft Sentinel enables correlation across endpoints and cloud data, offering a holistic view of potential insider threats. Automated responses can block or remediate suspicious activity, preventing damage.

Alternative solutions such as Azure Firewall, Intune, and Purview do not monitor identity behavior or detect insider threats. Benefits include real-time monitoring, anomaly detection via behavioral analytics, centralized alerting, SIEM integration, and Zero Trust alignment. Deploying Defender for Identity allows proactive detection and mitigation of insider threats.

Question 180

Your organization wants to ensure that only compliant devices can access Microsoft 365 applications, enforcing OS version, encryption, and antivirus requirements. Which solution combination should you implement?

A) Microsoft Intune + Azure AD Conditional Access
B) Azure Firewall + Network Security Groups
C) Microsoft Purview + Microsoft Sentinel
D) Azure Key Vault + Microsoft Defender for Endpoint

Answer: Microsoft Intune + Azure AD Conditional Access

Explanation

Device compliance is a fundamental aspect of Zero Trust security. Microsoft Intune allows administrators to define compliance policies that specify OS version, encryption status, antivirus presence, and device configuration. Non-compliant devices are flagged and restricted.

Azure AD Conditional Access enforces access policies based on device compliance state. Non-compliant devices can be blocked or required to remediate issues before accessing Microsoft 365 applications. Conditional Access also allows additional conditions, such as user risk and location, enabling granular, context-aware access control.

Alternative solutions like Azure Firewall + NSGs, Purview + Sentinel, and Azure Key Vault + Defender for Endpoint cannot enforce access based on device compliance. Benefits include real-time compliance verification, automated remediation, contextual access decisions, audit logging for compliance reporting, and alignment with Zero Trust principles. Deploying Intune with Conditional Access ensures that only secure, compliant devices can access organizational resources.

A) Microsoft Intune + Azure AD Conditional Access (Correct Answer)
Microsoft Intune, combined with Azure AD Conditional Access, provides a powerful, modern, cloud-based security and compliance framework designed to ensure that only trusted, compliant, and secure devices can access corporate applications and data. Intune manages mobile devices and applications, allowing organizations to enforce security requirements such as encryption, password strength, OS updates, and controlled application usage. Azure AD Conditional Access then evaluates access attempts in real time, reviewing factors such as user identity, device compliance status, sign-in risk, location, and application sensitivity.

When these technologies are integrated, organizations can set rules like “Allow access only from compliant devices,” ensuring that unmanaged or risky devices are blocked from connecting to corporate resources. This combination supports Zero-Trust security principles by applying least-privilege access and continuous verification. It is especially valuable in modern workplaces where employees use multiple devices from various locations. Intune and Conditional Access together provide a scalable, cloud-native solution that protects applications while offering detailed visibility and control. This makes it the most effective solution when the goal is to secure access based on device compliance and user identity.

B) Azure Firewall + Network Security Groups (NSGs)
Azure Firewall and Network Security Groups focus mainly on controlling network traffic rather than managing device compliance or identity-based access. Azure Firewall provides centralized, stateful traffic filtering for outbound, inbound, and internal communication. It can block malicious traffic and apply application or network rules. NSGs are used to filter traffic at the subnet or network interface level based on IP addresses, ports, or protocols.

While both tools are essential for protecting Azure workloads and enforcing network segmentation, they do not check whether a device is secure, compliant, or associated with a specific user identity. Their function is to control “who can send traffic to which resource,” not “who can access an application based on security conditions.” For this reason, they cannot meet requirements where identity and device state need to be evaluated before granting access.

C) Microsoft Purview + Microsoft Sentinel
Microsoft Purview and Microsoft Sentinel provide governance, compliance, and security monitoring capabilities. Purview focuses on classifying and protecting sensitive data, enforcing data loss prevention rules, managing privacy requirements, and ensuring regulatory compliance. Sentinel is a cloud-native SIEM and SOAR platform that helps organizations detect threats, correlate alerts, investigate incidents, and automate responses.

Although both tools are crucial for data governance and security operations, they do not enforce access restrictions in real time. They analyze and monitor events rather than control whether a device or user meets the required conditions for access. Their function is reactive and investigative, not preventive in the way Conditional Access operates. Therefore, they do not fulfill the requirements of identity-driven access control.

D) Azure Key Vault + Microsoft Defender for Endpoint
Azure Key Vault secures secrets, certificates, and encryption keys, ensuring that critical assets are protected and accessed only by authorized services or users. Microsoft Defender for Endpoint provides advanced endpoint security, including threat detection, vulnerability management, and endpoint response.

Combined, these tools strengthen device security and protect encryption material, but they do not enforce conditional access rules. Defender may help identify risky devices, but it does not directly restrict access to applications. Key Vault protects sensitive information but does not participate in identity-based access decisions. As such, this pairing does not meet the requirements for real-time access enforcement based on device compliance.