Ask Question
Microsoft SC-100 Practice Test - Questions Answers, Page 3
Add to Whishlist
List of questions
Question 21
You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys. You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications. What should you include in the recommendation?
Apply read-only locks on the storage accounts.
Set the AllowSharcdKeyAccess property to false.
Set the AllowBlobPublicAcccss property to false.
Configure automated key rotation.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Question 22
Azure subscription that uses Azure Storage.
The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be t\me-Vim\ted. What should you include in the recommendation?
Create shared access signatures (SAS).
Share the connection string of the access key.
Configure private link connections.
Configure encryption by using customer-managed keys (CMKs)
Question 23
You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Enable Microsoft Defender for Cosmos DB.
Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.
Disable local authentication for Azure Cosmos DB.
Enable Microsoft Defender for Identity.
Send the Azure Cosmos DB logs to a Log Analytics workspace.
Question 24
You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements:
β’ Prevent the need to enable ports 3389 and 22 from the internet.
β’ Only provide permission to connect the virtual machines when required.
β’ Ensure that administrators use the Azure portal to connect to the virtual machines.
Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
Configure Azure VPN Gateway.
Enable Just Enough Administration (JEA).
Enable just-in-time (JIT) VM access.
Configure Azure Bastion.
https://docs.microsoft.com/en- us/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.2 https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 25
Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)
Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the onpremises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network. What should you include in the recommendation?
Azure Traffic Manager with priority traffic-routing methods
Azure Application Gateway v2 with user-defined routes (UDRs).
Azure Front Door with Azure Web Application Firewall (WAF)
Azure Firewall with policy rule sets
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
Question 26
You have Windows 11 devices and Microsoft 365 E5 licenses.
You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites. What should you include in the recommendation?
Microsoft Endpoint Manager
Compliance Manager
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
ttps://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content- filtering?view=o365-worldwide#configure-web-content-filtering-policies
Question 27
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.
You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?
1
2
3
4
5
https://docs.microsoft.com/en-us/azure/bastion/vnet-peering https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure- bastion
Question 28
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 2700V2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically. What should you use?
the regulatory compliance dashboard in Defender for Cloud
Azure Policy
Azure Blueprints
Azure role-based access control (Azure RBAC)
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/iso27001-shared/control-mapping https://docs.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive https://docs.microsoft.com/en-us/azure/defender-for-cloud/prevent-misconfigurations
Question 29
You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)
After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?
Storage account public access should be disallowed
Azure Key Vault Managed HSM should have purge protection enabled
Storage accounts should prevent shared key access
Storage account keys should not be expired
https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent
Question 30
Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.
Azure Firewall
Azure Web Application Firewall (WAF)
Microsoft Defender for Cloud alerts
Azure Active Directory (Azure AD Privileged Identity Management (PIM)
Microsoft Sentinel
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question