Microsoft SC-100 Practice Test - Questions Answers, Page 3
Question list
List of questions
Related questions
You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys. You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications. What should you include in the recommendation?
Apply read-only locks on the storage accounts.
Set the AllowSharcdKeyAccess property to false.
Set the AllowBlobPublicAcccss property to false.
Configure automated key rotation.
Azure subscription that uses Azure Storage.
The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be t\me-Vim\ted. What should you include in the recommendation?
Create shared access signatures (SAS).
Share the connection string of the access key.
Configure private link connections.
Configure encryption by using customer-managed keys (CMKs)
You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Enable Microsoft Defender for Cosmos DB.
Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.
Disable local authentication for Azure Cosmos DB.
Enable Microsoft Defender for Identity.
Send the Azure Cosmos DB logs to a Log Analytics workspace.
You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements:
• Prevent the need to enable ports 3389 and 22 from the internet.
• Only provide permission to connect the virtual machines when required.
• Ensure that administrators use the Azure portal to connect to the virtual machines.
Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
Configure Azure VPN Gateway.
Enable Just Enough Administration (JEA).
Enable just-in-time (JIT) VM access.
Configure Azure Bastion.
Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)
Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the onpremises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network. What should you include in the recommendation?
Azure Traffic Manager with priority traffic-routing methods
Azure Application Gateway v2 with user-defined routes (UDRs).
Azure Front Door with Azure Web Application Firewall (WAF)
Azure Firewall with policy rule sets
You have Windows 11 devices and Microsoft 365 E5 licenses.
You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites. What should you include in the recommendation?
Microsoft Endpoint Manager
Compliance Manager
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.
You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?
1
2
3
4
5
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 2700V2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically. What should you use?
the regulatory compliance dashboard in Defender for Cloud
Azure Policy
Azure Blueprints
Azure role-based access control (Azure RBAC)
You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)
After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?
Storage account public access should be disallowed
Azure Key Vault Managed HSM should have purge protection enabled
Storage accounts should prevent shared key access
Storage account keys should not be expired
Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.
Azure Firewall
Azure Web Application Firewall (WAF)
Microsoft Defender for Cloud alerts
Azure Active Directory (Azure AD Privileged Identity Management (PIM)
Microsoft Sentinel
Question