ExamGecko
Search Search Login
Home Home / Microsoft / SC-100

Microsoft SC-100 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs). Does this meet the goal?
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk. You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
You have legacy operational technology (OT) devices and loT devices. You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
HOTSPOT You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG) You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements: * Ensure that each time the support staff connects to a jump server; they must request access to the server. * Ensure that only authorized support staff can initiate SSH connections to the jump servers. * Maximize protection against brute-force attacks from internal networks and the internet. * Ensure that users can only connect to the jump servers from the internet. * Minimize administrative effort What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You have a hybrid Azure AD tenant that has pass-through authentication enabled. You are designing an identity security strategy. You need to minimize the impact of brute force password attacks and leaked credentials of hybrid identities. What should you include in the design? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have an Azure subscription. You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar. Developers use Azure DevOps to deploy web apps to App Service Environments- When a new app is deployed, a CNAME record for the app is registered in contoso.com. You need to recommend a solution to secure the DNS record tor each web app. The solution must meet the following requirements: * Ensure that when an app is deleted, the CNAME record for the app is removed also * Minimize administrative effort. What should you include in the recommendation?
HOTSPOT You need to recommend a solution to meet the requirements for connections to ClaimsDB. What should you recommend using for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You are evaluating the security of ClaimsApp. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.
You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos. You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos. What should you include in the recommendation?
HOTSPOT You have an Azure subscription that contains a Microsoft Sentinel workspace named MSW1. MSW1 includes 50 scheduled analytics rules. You need to design a security orchestration automated response (SOAR) solution by using Microsoft Sentinel playbooks. The solution must meet the following requirements: * Ensure that expiration dates can be configured when a playbook runs. * Minimize the administrative effort required to configure individual analytics rules. What should you use to invoke the playbooks, and which type of Microsoft Sentinel trigger should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 11

Report
Export
Collapse

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A.

Security Assertion Markup Language (SAML)

A.

Security Assertion Markup Language (SAML)

Answers
B.

NTLMv2

B.

NTLMv2

Answers
C.

certificate-based authentication

C.

certificate-based authentication

Answers
D.

Kerberos

D.

Kerberos

Answers
Suggested answer: A, D

Question 12

Report
Export
Collapse

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements. What should you configure for each landing zone?

A.

Azure DDoS Protection Standard

A.

Azure DDoS Protection Standard

Answers
B.

an Azure Private DNS zone

B.

an Azure Private DNS zone

Answers
C.

Microsoft Defender for Cloud

C.

Microsoft Defender for Cloud

Answers
D.

an ExpressRoute gateway

D.

an ExpressRoute gateway

Answers
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure- single-sign-on-on-premises-apps https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure- single-sign-on-with-kcd

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure- custom-domain

Question 13

Report
Export
Collapse

HOTSPOT

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE; Each correct selection is worth one point.


Question 13
Correct answer: Question 13

Explanation:

1. Azure AD Identity Protection

Brute Force Detection: https://docs.microsoft.com/en-us/azure/active-directory/identity- protection/overview-identity-protection 2. Defender for Identity

MDI can detect brute force attacks: ref: https://docs.microsoft.com/en-us/defender-for- identity/compromised-credentials-alerts#suspected-brute-force-attack-ldap-external-id-2004

Question 14

Report
Export
Collapse

HOTSPOT

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE:

Each correct selection is worth one point.


Question 14
Correct answer: Question 14

Question 15

Report
Export
Collapse

HOTSPOT

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements. What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 15
Correct answer: Question 15

Question 16

Report
Export
Collapse

HOTSPOT

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements. What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 16
Correct answer: Question 16

Question 17

Report
Export
Collapse

HOTSPOT

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.


Question 17
Correct answer: Question 17

Explanation:

Box 1: Virtual Network Integration - correct Virtual network integration gives your app access to resources in your virtual network, but it doesn't grant inbound private access to your app from the virtual network. Box 2: Private Endpoints. - correct You can use Private Endpoint for your Azure Web App to allow clients located in your private network to securely access the app over Private Link.

Question 18

Report
Export
Collapse

HOTSPOT

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements. What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 18
Correct answer: Question 18

Question 19

Report
Export
Collapse

You need to design a strategy for securing the SharePoint Online and Exchange Online dat a. The solution must meet the application security requirements. Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

A.

Azure AD Conditional Access

A.

Azure AD Conditional Access

Answers
B.

Microsoft Defender for Cloud Apps

B.

Microsoft Defender for Cloud Apps

Answers
C.

Microsoft Defender for Cloud

C.

Microsoft Defender for Cloud

Answers
D.

Microsoft Defender for Endpoint

D.

Microsoft Defender for Endpoint

Answers
E.

access reviews in Azure AD

E.

access reviews in Azure AD

Answers
Suggested answer: A, B

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional- access-session#conditional-access-application-control

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-integrate- with-microsoft-cloud-application-security

Question 20

Report
Export
Collapse

Your company has on-premises Microsoft SQL Server databases.

The company plans to move the databases to Azure.

You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs. What should you include in the recommendation?

A.

Azure SQL Managed Instance

A.

Azure SQL Managed Instance

Answers
B.

Azure Synapse Analytics dedicated SQL pools

B.

Azure Synapse Analytics dedicated SQL pools

Answers
C.

Azure SQL Database

C.

Azure SQL Database

Answers
D.

SQL Server on Azure Virtual Machines

D.

SQL Server on Azure Virtual Machines

Answers
Suggested answer: C
Total 177 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms