Practice Free SC-100 Exam Online Questions
HOTSPOT
Your company, named Contoso. Ltd… has an Azure AD tenant namedcontoso.com. Contoso has a partner company named Fabrikam. Inc. that has an Azure AD tenant named fabrikam.com. You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso.
The solution must meet the following requirements:
• Follow the principle of least privilege.
• Minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You are designing the encryption standards for data at rest for an Azure resource
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For blob containers in Azure Storage, you recommend encryption that uses customer-managed keys (CMKs).
Does this meet the goal?
- A . Yes
- B . No
Your company plans to evaluate the security of its Azure environment based on the principles of the Microsoft Cloud Adoption Framework for Azure.
You need to recommend a cloud-based service to evaluate whether the Azure resources comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
What should you recommend?
- A . Compliance Manager in Microsoft Purview
- B . Microsoft Defender for Cloud
- C . Microsoft Sentinel
- D . Microsoft Defender for Cloud Apps
You have two Azure subscriptions named Sub1 and Sub2 that contain the vaults shown in the following table.
You need to design a multi-user authorization (MUA) solution for security operations on the vaults.
The solution must meet the following requirements:
• RSVault1 and RSVault2 must require MUA for disabling soft delete, removing MUA protection, and disabling immutability.
• BackupVault1 and BackupVault2 must require MUA for disabling soft delete and removing MUA protection.
What is the minimum number of Resource Guard resources required?
- A . 1
- B . 2
- C . 3
- D . 4
You have two Azure subscriptions named Sub1 and Sub2 that contain the vaults shown in the following table.
You need to design a multi-user authorization (MUA) solution for security operations on the vaults.
The solution must meet the following requirements:
• RSVault1 and RSVault2 must require MUA for disabling soft delete, removing MUA protection, and disabling immutability.
• BackupVault1 and BackupVault2 must require MUA for disabling soft delete and removing MUA protection.
What is the minimum number of Resource Guard resources required?
- A . 1
- B . 2
- C . 3
- D . 4
Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF).
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.
DRAG DROP
For a Microsoft cloud environment, you need to recommend a security architecture that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
Which security methodologies should you include in the recommendation? To answer, drag the appropriate methodologies to the correct principles. Each methodology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.
You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared.
Which two components should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . data loss prevention (DLP) policies
- B . sensitivity label policies
- C . retention label policies
- D . eDiscovery cases
A, B
Explanation:
Data loss prevention in Office 365. Data loss prevention (DLP) helps you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.
Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization’s data without hindering the productivity of users and their ability to collaborate.
Plan for integration into a broader information protection scheme. On top of coexistence with OME, sensitivity labels can be used along-side capabilities like Microsoft Purview Data Loss Prevention (DLP) and Microsoft Defender for Cloud Apps.
https://motionwave.com.au/keeping-your-confidential-data-secure-with-microsoft-office-365/ https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-protect-information?view=o365-worldwide#sensitivity-labels
You need to design a solution to provide administrators with secure remote access to the virtual machines.
The solution must meet the following requirements:
• Prevent the need to enable ports 3389 and 22 from the internet.
• Only provide permission to connect the virtual machines when required.
• Ensure that administrators use the Azure portal to connect to the virtual machines.
Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
- B . Configure Azure VPN Gateway.
- C . Enable Just Enough Administration (JEA).
- D . Enable just-in-time (JIT) VM access.
- E . Configure Azure Bastion.
D, E
Explanation:
https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.2
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
HOTSPOT
You have a Microsoft 365 tenant.
You need to recommend a Microsoft 365 Defender solution to enhance security for the tenant.
The solution must meet the following requirements:
• Identify users that are downloading an unusually high number of files from Microsoft SharePoint Online sites and are possibly involved in a data exfiltration attempt.
• Block Microsoft Teams messages that contain potentially malicious content by using zero-hour auto purge (ZAP).
What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
