Practice Free SC-100 Exam Online Questions
HOTSPOT
Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DS).
You need to recommend an identity security strategy that meets the following requirements:
• Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website
• Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned
The solution must minimize the need to deploy additional infrastructure components.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1 –> https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview
Box 2 — > https://docs.microsoft.com/en-us/azure/active-directory/external-identities/identity-providers
You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed.
You plan to deploy the following configuration of Microsoft Entra Internet Access:
• Enable a baseline profile.
• Create a security profile named Profile` that has a priority of 300 and contains a single web content filtering policy named WCFPolicy configure WCFPolicy1 as follows:
o Set Action to allow.
o Include a single rule that has a fully qualified domain name (FQDN) destination of ‘.
adatum.com.
• Link Profile1 to a Conditional Access policy named CAPolicy1, apply CAPolicy1 to all users, and grant access unless a user’s device is noncompliant
You need to evaluate the impact of the planned deployment on traffic to the following resources:
• https://www.adatum.com:8433
• https://www.fabrikam.com
Which two traffic scenarios will occur? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point
- A . Traffic to https://www.fabrikam.com will be allowed from all the devices.
- B . Traffic to https://www.adatum.com:8433 will be blocked from all the devices.
- C . Traffic to https://www.adatumxom:8433 will be allowed from all the devices.
- D . Traffic to https://www.fabrikam.com will be allowed from compliant devices only.
- E . Traffic to https://www.adatum.com:8433 will be allowed from compliant devices only.
- F . Traffic to https://www.fabrikam.com will be blocked from noncompliant devices only.
HOTSPOT
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
Explanation:
Box 1: Virtual Network Integration – correct
Virtual network integration gives your app access to resources in your virtual network, but it doesn’t grant inbound private access to your app from the virtual network.
Box 2: Private Endpoints. – correct
You can use Private Endpoint for your Azure Web App to allow clients located in your private network to securely access the app over Private Link.
You have a Microsoft 365 subscription. You have an Azure subscription.
You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer.
The solution must meet the following requirements:
• Assign compliance policies to Microsoft 365 groups based on custom Microsoft Exchange Online attributes.
• Minimize the number of compliance policies
• Minimize administrative effort
What should you include in the solution?
- A . Azure AD Information Protection labels
- B . Microsoft 365 Defender user tags
- C . adaptive scopes
- D . administrative units
For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management.
What should you include in the recommendation?
- A . device registrations in Azure AD
- B . application registrations m Azure AD
- C . Azure service principals with certificate credentials
- D . Azure service principals with usernames and passwords
- E . managed identities in Azure
Your company has a Microsoft 365 E5 subscription.
The company wants to identify and classify data in Microsoft Teams, SharePoint Online, and Exchange Online.
You need to recommend a solution to identify documents that contain sensitive information.
What should you include in the recommendation?
- A . data classification content explorer
- B . data loss prevention (DLP)
- C . eDiscovery
- D . Information Governance
You have a customer that has a Microsoft 365 subscription and an Azure subscription.
The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.
You need to design a security solution to assess whether all the devices meet the customer’s compliance rules.
What should you include in the solution?
- A . Microsoft Information Protection
- B . Microsoft Defender for Endpoint
- C . Microsoft Sentinel
- D . Microsoft Intune
D
Explanation:
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor#open-the-compliance-dashboard
HOTSPOT
What should you create in Azure AD to meet the Contoso developer requirements?
Explanation:
Box 1: A synced user account –
Need to use a synched user account.
Box 2: An access review
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
HOTSPOT
You have an Azure subscription that contains Azure App Service web apps.
The apps have the following characteristics:
• The apps are deployed by using continuous integration and continuous deployment (CI/CD) pipelines in Azure DevOps.
• The apps are deployed to a test environment first, and then to a production environment.
• The source code for the apps is stored in Azure Repos.
You plan to implement DevSecOps controls based on the Microsoft Cloud Adoption Framework for Azure.
You need to recommend testing controls to meet the following requirements:
• All the source code must be tested for security vulnerabilities in Azure Repos before deploying the apps.
• Once the apps are deployed to the test environment they must be tested for security vulnerabilities.
Which testing method should you recommend for each stage? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.
HOTSPOT
You need to recommend a solution to meet the compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1 = A Blueprint
Box 2 = Update an Azure Policy assignment
https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage#update-assignment-with-exclusion
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
while it is in policy assignment
– https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure