Practice Free SC-100 Exam Online Questions
You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions. NOTE: Each correct selection is worth one point.
- A . Assign an initiative to a management group.
- B . Assign a policy to each subscription.
- C . Assign a policy to a management group.
- D . Assign an initiative to each subscription.
- E . Assign a blueprint to each subscription.
- F . Assign a blueprint to a management group.
AF
Explanation:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
HOTSPOT
You are planning the security levels for a security access strategy.
You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA).
Which security level should you configure for each job role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.
You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.
What should you recommend?
- A . The AKS cluster version must be upgraded.
- B . The updates must first be applied to the image used to provision the nodes.
- C . The nodes must restart after the updates are applied.
HOTSPOT
You have a Microsoft Entra tenant and an Azure subscription.
You are evaluating the use of a risk-based Conditional Access policy to control the access of workload identities to resources.
To which type of identity should you apply the policy, and which signal source can you use as part of the policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 E5 subscription. The subscription contains 1,000 devices that run Windows 11 Pro and are enrolled in Microsoft Intune.
You need to recommend a Microsoft Defender for Cloud Apps solution that meets the following requirements:
• When a user downloads a file from Microsoft SharePoint Online, a label must be applied to the file in real time based on the file’s contents.
• Only users that use Intune-compliant devices must be able to sign in to Dropbox.
Which type of policy should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You are designing a privileged access strategy for a company named Contoso, Ltd. and its partner company named Fabrikam, Inc. Contoso has a Microsoft Entra tenant named contoso.com. Fabrikam has a Microsoft Entra tenant named fabrikam.com. Users at Fabrikam must access the resources in contoso.com.
You need to provide the Fabrikam users with access to the Contoso resources by using access packages.
The solution must meet the following requirements:
• Ensure that the Fabrikam users can use the Contoso access packages without explicitly creating guest accounts in contoso.com.
• Allow non-administrative users in contoso.com to create the access packages.
What should you use for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.
In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Linux containers deployed to Azure Container Registry
- B . Linux containers deployed to Azure Kubernetes Service (AKS)
- C . Windows containers deployed to Azure Container Registry
- D . Windows containers deployed to Azure Kubernetes Service (AKS)
- E . Linux containers deployed to Azure Container Instances
A, C
Explanation:
https://docs.microsoft.com/en-us/learn/modules/design-strategy-for-secure-paas-iaas-saas-services/9-specify-security-requirements-for-containers
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction#view-vulnerabilities-for-running-images
DRAG DROP
You have a hybrid Azure AD tenant that has pass-through authentication enabled.
You are designing an identity security strategy.
You need to minimize the impact of brute force password attacks and leaked credentials of hybrid identities.
What should you include in the design? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 subscription that is protected by using Microsoft 365 Defender
You are designing a security operations strategy that will use Microsoft Sentinel to monitor events from Microsoft 365 and Microsoft 365 Defender
You need to recommend a solution to meet the following requirements:
• Integrate Microsoft Sentinel with a third-party security vendor to access information about known malware
• Automatically generate incidents when the IP address of a command-and control server is detected in the events
What should you configure in Microsoft Sentinel to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All the on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend configurations to meet the following requirements:
• Ensure that the security operations team can access the security logs and the operation logs.
• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Azure Active Directory (Azure AD) Conditional Access policies
- B . a custom collector that uses the Log Analytics agent
- C . resource-based role-based access control (RBAC)
- D . the Azure Monitor agent
C, D
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent