Vce SC-900 Questions Latest

 Azure DDoS Protection Standard protects against man-in-the-middle (MITM) attacks. = No

 Azure DDoS Protection Standard is enabled by default in an Azure subscription. = No

 Azure DDoS Protection Standard protects against protocol attacks. = Yes

Microsoft’s security guidance for Azure states that DDoS Protection is designed to defend internet-facing resources from distributed denial-of-service events at the network and transport layers (L3/L4). The documentation explains that DDoS Protection Standard provides “adaptive, real-time tuning and automatic attack mitigation for volumetric and protocol attacks (for example, SYN/ACK floods, UDP amplification, and other L3/L4 patterns).” It further clarifies that DDoS Protection is not intended to address attacks like man-in-the-middle (MITM), which are interception/alteration threats rather than traffic-exhaustion scenarios.

Regarding enablement, Microsoft notes that Azure DDoS Protection Standard is not enabled by default. The platform provides “basic DDoS protection for all Azure public IP addresses,” but the Standard plan must be explicitly enabled on a virtual network and then applied to public IP resources in that VNet to gain its enhanced telemetry, mitigation policies, and cost-protection benefits.

Putting this together: (1) MITM is out of scope for DDoS Protection Standard → No; (2) Standard is opt-in, not automatic → No; (3) Protection against protocol attacks is a primary capability of the Standard plan → Yes.

In Microsoft Sentinel, playbooks are the feature that integrates with Azure Logic Apps to automate response. Microsoft’s documentation describes them as “collections of procedures that can be run from Microsoft Sentinel in response to an alert” and clarifies that “playbooks are built on Azure Logic Apps” providing a workflow engine and a gallery of connectors to other Microsoft and third-party services. Playbooks can be triggered automatically from analytics rules or manually from incidents and alerts, enabling orchestration such as assigning owners, creating tickets, disabling accounts, blocking IPs, or posting to collaboration channels. The platform emphasizes that the Logic Apps foundation gives security teams a visual designer, managed connectors, and run history to track execution and outcomes. In short, Sentinel uses playbooks to “automate and orchestrate responses to alerts and incidents”, reducing mean-time-to-respond and standardizing actions across your SOC. Other Sentinel components serve different purposes: analytic rules detect threats, hunting queries aid proactive investigation, and workbooks provide dashboards and visualizations. Therefore, the correct completion is: Microsoft Sentinel playbooks use Azure Logic Apps to automate and orchestrate responses to alerts.

Microsoft’s official description of Azure Key Vault in the Security, Compliance, and Identity learning materials states that Key Vault is “a cloud service for securely storing and accessing secrets.” The same guidance clarifies that “a secret is anything you want to tightly control, such as API keys, passwords, or connection strings.” In addition to secrets, Key Vault provides key management: “Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services.” It further explains that organizations can “generate, import, rotate, disable, and delete keys” and use them for operations such as “encrypt and decrypt, sign and verify, wrap and unwrap.” These excerpts confirm that Key Vault’s core capabilities include the secure storage and lifecycle management of secrets and cryptographic keys.

By contrast, the SCI content makes clear that infrastructure features like Azure DDoS Protection and Network Security Groups (NSGs) are networking/security controls delivered by Azure networking services, not Key Vault. Likewise, ARM templates are deployment artifacts stored in repositories such as Azure Repos or GitHub; Key Vault does not store or manage template files. Therefore, the two correct actions you can perform with Azure Key Vault—aligned with Microsoft’s documentation—are to store (and manage) keys and store (and manage) secrets.