Practice Free SC-100 Exam Online Questions
HOTSPOT
Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Prioritize security actions by data sensitivity, https://docs.microsoft.com/en-us/azure/defender-for-cloud/information-protection. As to Azure SQL Database Azure SQL Managed Instance Azure Synapse Analytics (Azure resources as well): https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview?view=azuresql
Your company has an on-premises network and an Azure subscription.
The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.
You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.
You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.
What should you include in the recommendation?
- A . a private endpoint
- B . hybrid connections
- C . virtual network NAT gateway integration
- D . virtual network integration
B
Explanation:
https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
HOTSPOT
You have an Azure subscription that contains an Azure Synapse Analytics workspace named workspace1. workspace1 contains a built-in serverless SQL pool and a dedicated SQL pool named Pool1.
You need to recommend a second layer of data encryption for workspace1.
What should you include in the recommendation for each pool? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription.
You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
You need to recommend a solution that automatically restricts access to Microsoft Exchange Online.
SharePoint Online, and Teams m near-real-lime (NRT) in response to the following Azure AD events:
• A user account is disabled or deleted
• The password of a user is changed or reset.
• All the refresh tokens for a user are revoked
• Multi-factor authentication (MFA) is enabled for a user
Which two features should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . continuous access evaluation
- B . a sign-in risk policy
- C . Azure AD Privileged Identity Management (PIM)
- D . Conditional Access
- E . Azure AD Application Proxy
HOTSPOT
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains multiple Azure Data Lake Storage accounts.
You need to recommend a solution to encrypt the content of the accounts by using service-side encryption and customer-managed keys. The solution must ensure that individual encryption keys are applied at the most granular level.
At which level should you recommend the encryption be applied?
- A . account
- B . folder
- C . file
- D . container
You have a Microsoft Entra tenant. The tenant contains 500 Windows devices that have the Global Secure Access client deployed.
You have a third-party software as a service (SaaS) app named App1.
You plan to implement Global Secure Access to manage access to App1.
You need to recommend a solution to manage connections to App1. The solution must ensure that users authenticate by using their Microsoft Entra credentials before they can connect to App1.
What should you include the recommendation?
- A . a Global Secure Access app
- B . a private access traffic forwarding profile
- C . an internet access traffic forwarding profile
- D . a Quick Access app
You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).
You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices.
What is the first step in the recovery plan?
- A . Disable Microsoft OneDnve sync and Exchange ActiveSync.
- B . Recover files to a cleaned computer or device.
- C . Contact law enforcement.
- D . From Microsoft Defender for Endpoint perform a security scan.
You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.
Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion!
You need to ensure that the virtual machines can be accessed only by using bastion! The solution must prevent the use of NSG rules to bypass bastion1.
What should you include in the solution?
- A . Azure Virtual Network Manager connectivity configurations
- B . Azure Virtual Network Manager security admin rules
- C . Azure Firewall application rules
- D . Azure Firewall network rules
You have a multicloud environment that contains Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) subscriptions.
You need to discover and review role assignments across the subscriptions.
What should you use?
- A . Microsoft Entra Permissions Management
- B . Microsoft Defender for Identity
- C . Azure Lighthouse
- D . Microsoft Entra ID Governance