Microsoft SC-100 Practice Test - Questions Answers, Page 16
Question list
List of questions
Related questions
You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.
You need to enhance security on the virtual machines. The solution must meet the following requirements:
* Ensure that only apps on an allowlist can be run.
* Require administrators to confirm each app added to the allowlist.
* Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.
* Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.
What should you include in the solution?
a compute policy in Azure Policy
admin consent settings for enterprise applications in Azure AD
adaptive application controls in Defender for Servers
app governance in Microsoft Defender for Cloud Apps
HOTSPOT
You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates. VDI devices are members of the domain.
You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Azure Active Directory Domain Services (Azure AD DS) domain.
You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:
* Ensure that the hosts are onboarded to Defender for Endpoint during the first startup sequence.
* Ensure that the Microsoft Defender 365 portal contains a single entry for each deployed VDI host.
* Minimize administrative effort.
What should you recommend? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
You design cloud-based software as a service (SaaS) solutions.
You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend doing first?
Implement data protection.
Develop a privileged access strategy.
Prepare a recovery plan.
Develop a privileged identity strategy.
HOTSPOT
You are designing the security architecture for a cloud-only environment.
You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA).
You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements:
* Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal.
* Detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting.
What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
HOTSPOT
You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG)
You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:
* Ensure that each time the support staff connects to a jump server; they must request access to the server.
* Ensure that only authorized support staff can initiate SSH connections to the jump servers.
* Maximize protection against brute-force attacks from internal networks and the internet.
* Ensure that users can only connect to the jump servers from the internet.
* Minimize administrative effort
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have the following on-premises servers that run Windows Server:
* Two domain controllers in an Active Directory Domain Services (AD DS) domain
* Two application servers named Server1 and Server2 that run ASP.NET web apps
* A VPN server named Server3 that authenticates by using RADIUS and AD DS
End users use a VPN to access the web apps over the internet.
You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
What should you include in the recommendation?
Configure connectors and rules in Microsoft Defender for Cloud Apps.
Configure web protection in Microsoft Defender for Endpoint.
Publish the web apps by using Azure AD Application Proxy.
Configure the VPN to use Azure AD authentication.
You have legacy operational technology (OT) devices and loT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
passive traffic monitoring
active scanning
threat monitoring
software patching
DRAG DROP
You are designing a security operations strategy based on the Zero Trust framework.
You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).
Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer, move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.
HOTSPOT
You have an Azure SQL database named DB1 that contains customer information.
A team of database administrators has full access to DB1.
To address customer inquiries, operators in the customer service department use a custom web app named App1 to view the customer information.
You need to design a security strategy for D81. The solution must meet the following requirements:
* When the database administrators access DB1 by using SQL management tools, they must be prevented from viewing the content of the Credit Card attribute of each customer record.
* When the operators view customer records in App1, they must view only the last four digits of the Credit Card attribute.
What should you include in the design? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a multi-cloud environment that contains an Azure subscription and an Amazon Web Services (AWS) account.
You need to implement security services in Azure to manage the resources in both subscriptions. The solution must meet the following requirements:
* Automatically identify threats found in AWS CloudTrail events.
* Enforce security settings on AWS virtual machines by using Azure policies.
What should you include in the solution for each requirement? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Question