Microsoft SC-100 Practice Test - Questions Answers, Page 17

HOTSPOT

Your company, named Contoso. Ltd... has an Azure AD tenant namedcontoso.com. Contoso has a partner company named Fabrikam. Inc. that has an Azure AD tenant named fabrikam.com. You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso. The solution must meet the following requirements:

* Follow the principle of least privilege.

* Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

HOTSPOT

You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect from personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG).

You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:

* Ensure that each time the support staff connects to a jump server; they must request access to the server.

* Ensure that only authorized support staff can initiate SSH connections to the jump servers.

* Maximize protection against brute-force attacks from internal networks and the internet.

* Ensure that users can only connect to the jump servers from the internet.

* Minimize administrative effort.

What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

HOTSPOT

You plan to automate the development and deployment of a Nodejs-based app by using GitHub.

You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:

* Automate the generation of pull requests that remediate identified vulnerabilities.

* Automate vulnerability code scanning for public and private repositories.

* Minimize administrative effort.

* Minimize costs.

What should you recommend using? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server and 50 virtual machines that run Linux. You need to perform vulnerability assessments on the virtual machines. The solution must meet the following requirements:

* Identify missing updates and insecure configurations.

* Use the Qualys engine.

What should you use?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing the encryption standards for data at rest for an Azure resource.

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses Microsoft-managed keys.

Does this meet the goal?

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:

* Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.

* The Security Administrator role will be mapped to the privileged access security level.

* The users in Group1 will be assigned the Security Administrator role.

* The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.

What should you include in the solution?

You have a Microsoft 365 subscription. You have an Azure subscription.

You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:

* Assign compliance policies to Microsoft 365 groups based on custom Microsoft Exchange Online attributes.

* Minimize the number of compliance policies

* Minimize administrative effort

What should you include in the solution?

HOTSPOT

You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

You need to recommend a security solution that meets the following requirements:

* Detects vulnerability scans of the apps

* Detects whether newly deployed apps are vulnerable to attack

What should you recommend using? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1.

You plan to migrate DB1 to Azure.

You need to recommend an encrypted Azure database solution that meets the following requirements:

* Minimizes the risks of malware that uses elevated privileges to access sensitive data

* Prevents database administrators from accessing sensitive data

* Enables pattern matching for server-side database operations

* Supports Microsoft Azure Attestation

* Uses hardware-based encryption

What should you include in the recommendation?