Explanation:

Microsoft Entra ID Protection is designed to detect and respond to identity compromise by calculating user risk and sign-in risk and surfacing risk detections such as "leaked credentials," "anonymous IP address,"
"impossible travel," and related signals. Microsoft explains that Identity Protection "uses adaptive machine learning and threat intelligence to detect risky users and risky sign-ins and assigns each a risk level of Low, Medium, or High." These detections include "Leaked credentials (found on public or dark-web lists)", confirming that Identity Protection can detect when user credentials have been exposed.
ID Protection is integrated with Conditional Access to take policy-driven actions: "Risk-based Conditional Access policies let you require multi-factor authentication (MFA), block access, or require password change when a user or sign-in risk level is met." The built-in policies include User risk policy and Sign-in risk policy, which can automatically enforce MFA or password reset when the configured risk threshold is reached.
However, Identity Protection does not manage Azure AD group membership. There is no capability to add users to groups based on risk level; group membership changes are outside the scope of Identity Protection's controls. Instead, remediation is applied through Conditional Access or password reset policies driven by the calculated risk.
Therefore: adding users to groups based on risk (No); detecting leaked credentials (Yes); invoking MFA based on risk via Conditional Access (Yes).

Explanation:

Microsoft's identity platform (Microsoft Entra ID, formerly Azure AD) supports built-in and custom directory roles. The official guidance states that you can "create your own custom roles to grant permissions for management of Microsoft Entra resources," and those roles consist of specific role permissions that you select to tailor least-privilege administration. The documentation also lists Global administrator (formerly Company Administrator) as a built-in role that "has access to all administrative features" and can delegate role assignments, reset passwords for all users, and manage identity settings across the tenant. Regarding assignments, Microsoft is explicit that role assignment is many-to-many: administrators can "assign one or more roles to a user," and the user's effective permissions are the union of the privileges from all assigned roles. Consequently, (1) creating custom roles is supported (Yes), (2) Global administrator is indeed a defined Azure AD/Microsoft Entra role (Yes), and (3) a user being limited to only one role is incorrect (No) because multiple role assignments to the same user are permitted and commonly used to implement least privilege and separation of duties.
Box 1: Yes
Azure AD supports custom roles.
Box 2: Yes
Global Administrator has access to all administrative features in Azure Active Directory. Box 3: No Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles https://docs.microsoft.
com/en-us/azure/active-directory/roles/permissions-reference

Explanation:

Microsoft Entra Conditional Access evaluates signals to make real-time access decisions. Microsoft describes it as bringing "signals together to make decisions and enforce organizational policies," where administrators choose controls such as Block access, Require multi-factor authentication, Require device to be marked as compliant, or Require hybrid Azure AD joined device. Because MFA is only one of several grant controls, it is incorrect that policies always enforce MFA; they can also simply block, allow, or require other conditions.
Location is a first-class condition. Microsoft states you can define named locations (by countries/regions or IP ranges) and then use them in policy conditions to block or grant access. A common scenario is "Block access from specific locations" or require additional controls when a sign-in originates from an untrusted network.
Therefore, Conditional Access can block access to an application based on user location.
Finally, Conditional Access targets users, groups, workload identities, and cloud apps regardless of device join state. Device-related conditions and filters are optional; policies are not limited to "Azure AD-joined devices." Controls like Require device to be marked as compliant or Require Hybrid Azure AD joined device are only enforced if configured. Hence, Conditional Access does not only affect users on Azure AD-joined devices.

Explanation:
Compliance Manager tracks only customer-managed controls. No
Compliance Manager provides predefined templates for creating assessments. Yes Compliance Manager can help you assess whether data adheres to specific data protection standards. No Microsoft Purview Compliance Manager is described as a feature that "helps you manage your organization's compliance requirements" by giving you assessments, improvement actions, and a compliance score that
"measures your progress in completing recommended actions" aligned to regulations and standards. The service does not track only customer-managed controls; Microsoft's documentation clarifies that Compliance Manager includes "Microsoft-managed controls and customer-managed controls," and it tracks both within each assessment to show overall posture. It also provides prebuilt (predefined) assessment templates for common regulations and industry standards so organizations can "create assessments from templates" such as GDPR, ISO/IEC 27001, and the Data Protection Baseline.
Importantly, Compliance Manager evaluates control implementation and improvement actions mapped to requirements; it does not scan or classify individual data to determine whether specific data items "adhere" to a standard. Instead, it helps you assess organizational compliance posture by tracking the status of controls, assigning actions, and recording evidence. Thus:
"Tracks only customer-managed controls" # No (it tracks Microsoft-managed and customer-managed).
"Provides predefined templates for creating assessments" # Yes (prebuilt templates are a core feature).
"Helps you assess whether data adheres to specific data protection standards" # No (it measures control
/compliance posture, not data-level adherence).
Box 1: No
Compliance Manager tracks Microsoft managed controls, customer-managed controls, and shared controls.
Box 2: Yes
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Explanation:

In Microsoft Sentinel, automation is delivered through playbooks, which are built on Azure Logic Apps.
Microsoft's Sentinel documentation explains that playbooks "help automate and orchestrate your response to threats" and can be triggered by analytics alerts or incidents to run predefined actions. Typical automated tasks include "enriching alerts with data, blocking IP addresses, disabling users, or creating tickets," allowing security teams to standardize and speed up their response and remediation processes. Sentinel also uses automation rules to decide when a playbook should run (for example, on incident creation or update), enabling consistent handling of common SOC tasks.
By contrast, the other options are not intended for automation: deep investigation tools are used to investigate incidents and entities; hunting search-and-query tools (built on KQL) are for proactive threat hunting rather than automating responses; and workbooks provide dashboards and visualizations for monitoring and reporting. Therefore, when the requirement is to automate common tasks-such as triggering actions across Microsoft 365 Defender, Azure, or third-party systems-the correct Sentinel capability is playbooks powered by Logic Apps. This aligns with the SCI guidance that emphasizes using Sentinel playbooks to "automate common workflows and response actions" and reduce manual effort while improving consistency and speed in security operations.

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Explanation:

Microsoft Purview Compliance Manager is designed to give organizations a continuous view of their compliance posture. In Microsoft's Security, Compliance, and Identity guidance, Compliance Manager is described as a capability that assesses your compliance posture against regulatory standards and data protection baselines and updates the compliance score as you implement or fail controls. The platform aggregates signals from assessments, controls, and improvement actions, then recalculates your compliance score as evidence is collected and actions are marked complete or tested. Because these evaluations are tied to live improvement actions and mapped controls (such as access, data protection, and governance controls), your organization's status isn't limited to a fixed reporting cycle; rather, it reflects ongoing progress and gaps across supported regulations and standards.
SCI study materials also emphasize that the score is not a one-time audit: it's a running indicator of risk reduction and control implementation. As you address recommendations, add or update evidence, or connect automated tests where available, the score and related dashboards refresh to show the latest compliance state.
This makes Compliance Manager suitable for continuous assessment, enabling organizations to monitor posture, prioritize work, and demonstrate incremental improvements over time-hence, it assesses compliance data continually for an organization.

Explanation:
No
No
Yes
Microsoft states that Communication Compliance is administered in Microsoft Purview, not the Microsoft
365 admin center. The Learn article shows configuration and policy templates "in the Microsoft Purview portal" and directs admins to "configure Communication Compliance" there, confirming the management plane is the Purview compliance portal, not the M365 admin center.
Regarding supported locations, Microsoft lists the communication channels that policies can inspect:
"Microsoft Teams... Exchange Online... Viva Engage... [and] Third-party sources." SharePoint Online is not listed among supported channels, so SharePoint content isn't monitored by Communication Compliance policies.
Finally, Communication Compliance includes built-in workflows to address findings. The Learn page explicitly provides a Remediate step: "Remediate Communication Compliance issues you investigate by using the following options:" such as "Notify the user" and "Escalate to another reviewer." These actions demonstrate that the solution does more than detect; it supports remediation within the Purview portal workflow.
Exact extracts (selected):
"You can choose from the following policy templates in the Microsoft Purview portal."
"Communication Compliance policies check... Microsoft Teams... Exchange Online... Viva Engage... Third- party sources."
"Remediate Communication Compliance issues you investigate by using the following options: Notify the user... Escalate to another reviewer."

Reference:
In Microsoft SCI terminology, authorization is the stage that answers "what can this authenticated user do?" Microsoft Learn explains that authorization is "the process of determining what a user is allowed to do or access after they have been authenticated" and governs access to specific resources (apps, APIs, data) through policies such as role assignments, permissions, and Conditional Access. By contrast, authentication is "the process of proving identity," for example by entering a password, using MFA, or presenting a certificate- authentication verifies who the user is, not what they can access.
SCI guidance further clarifies adjacent concepts: single sign-on (SSO) streamlines the authentication experience by allowing a user to sign in once and then access multiple applications without repeated prompts; it does not decide the user's rights within those apps. Federation establishes trust between identity providers and service providers to enable cross-domain authentication, but authorization decisions still occur based on the receiving service's policies and the user's claims/roles.
Therefore, when the sentence asks for "the process of identifying whether a signed-in user can access a specific resource," the correct concept is authorization, because it evaluates the user's permissions and enforces access control after successful authentication.