Practice Free SC-100 Exam Online Questions
HOTSPOT
Your company has offices in New York City and Los Angeles.
The New York City office contains an on-premises app named Appl.
You have an Azure subscription. The subscription is linked to a Microsoft Entra tenant that is hosted in North America.
You plan to manage access to App1 for the users in the Los Angeles office by using Microsoft Entra Private Access.
You will deploy Private Access by performing the following actions:
• Provision an ExpressRoute circuit from the New York City office to the closest peering location.
• Create an Azure virtual network named VNet1 in the East US Azure region.
• Deploy a Microsoft Entra application proxy connector to VNet1.
You need to optimize the network for the planned deployment
The solution must meet the following requirements:
• Maximize redundancy for connectivity to App1.
• Minimize network latency when accessing App1
• Minimize complexity.
• Minimize costs.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 E5 subscription.
You need to recommend a security solution that meets the following requirements:
• Automatically identifies and stops external, brute force attacks against accounts in the subscription
• Automatically identifies and stops external attacks that use an internal account to exfiltrate data from Microsoft SharePoint Online sites in the subscription
What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
- A . Azure Active Directory (Azure AD) Conditional Access App Control policies
- B . Auth app policies in Microsoft Defender for Cloud Apps
- C . app protection policies in Microsoft Endpoint Manager
- D . application control policies in Microsoft Defender for Endpoint
D
Explanation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-policy-rules
HOTSPOT
You have three Microsoft Entra tenants named Tenant 1. Tenant2. and Tenant3.
You have three Azure subscriptions named Sub1, Sub2, and Sub3. Each tenant is associated with multiple Azure subscriptions.
Each subscription contains a single Microsoft Sentinel workspace as shown in the following table.
You need to recommend a solution that meets the following requirements:
• Ensures that the users in Tenant1 can manage the resources in Sub2 and Sub3 without having to switch subscriptions or sign in to a different tenant
• Implements multiple workspace view for Sentinel2 and Sentinel3
What should you use to delegate permissions, and which Microsoft Sentinel feature will users be able to manage in multiple workspace view? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company has the virtual machine infrastructure shown in the following table.
The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.
You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.
What should you include in the recommendation?
- A . Use geo-redundant storage (GRS).
- B . Use customer-managed keys (CMKs) for encryption.
- C . Require PINs to disable backups.
- D . Implement Azure Site Recovery replication.
C
Explanation:
https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware#azure-backup
A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.
You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.
Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Configure auto provisioning.
- B . Assign regulatory compliance policies.
- C . Review the inventory.
- D . Add a workflow automation.
- E . Enable Defender plans.
AE
Explanation:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages
https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
You have an Azure subscription.
You plan to deploy Azure App Services apps by using Azure DevOps.
You need to recommend a solution to ensure that deployed apps maintain compliance with Microsoft cloud security benchmark (MCSB) recommendations.
What should you include in the recommendation?
- A . DevOps security in Microsoft Defender for Cloud
- B . Microsoft Defender for App Service
- C . a branch policy in Azure DevOps
- D . Azure Policy
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
You need to recommend a network security solution for App1.
The solution must meet the following requirements:
• Only the virtual machines that are connected to Subnet1 must be able to connect to D81.
• DB1 must be inaccessible from the internet
• Costs must be minimized.
What should you include in the recommendation? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.
You have an Azure subscription. The subscription contains multiple Azure App Service web apps that are distributed across multiple Azure regions and are accessed via the internet
You need to ensure that all incoming requests to the apps are inspected for threats based on the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP).
The solution must meet the following requirements:
• Support the use of Microsoft-managed X.509 certificates.
• Route users to the geographically closest app.
• Minimize administrative effort.
What should you use?
- A . Azure Firewall Premium
- B . Azure Front Door with a web application firewall (WAF)
- C . Azure Firewall Standard
- D . Azure Application Gateway with a web application firewall (WAF)
You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials.
What should you include in the recommendation?
- A . an Azure AD enterprise application
- B . a retying party trust in Active Directory Federation Services (AD FS)
- C . Azure AD Application Proxy
- D . Azure AD B2C