Microsoft SC-100 Practice Test - Questions Answers, Page 4
Question list
List of questions
Related questions
You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:
• Encrypt cardholder data by using encryption keys managed by the company.
• Encrypt insurance claim files by using encryption keys hosted on-premises.
Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.
Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM
Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.
Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.
Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud
• Access to storage accounts with firewall and virtual network configurations should be restricted,
• Storage accounts should restrict network access using virtual network rules.
• Storage account should use a private link connection.
• Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations.
What should you recommend?
Azure Storage Analytics
Azure Network Watcher
Microsoft Sentinel
Azure Policy
You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions. NOTE: Each correct selection is worth one point.
Assign an initiative to a management group.
Assign a policy to each subscription.
Assign a policy to a management group.
Assign an initiative to each subscription.
Assign a blueprint to each subscription.
Assign a blueprint to a management group.
Your company has a Microsoft 365 E5 subscription. The company wants to identify and classify data in Microsoft Teams, SharePoint Online, and Exchange Online. You need to recommend a solution to identify documents that contain sensitive information. What should you include in the recommendation?
data classification content explorer
data loss prevention (DLP)
eDiscovery
Information Governance
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE:
Each correct selection is worth one point.
Azure AD Conditional Access integration with user flows and custom policies
Azure AD workbooks to monitor risk detections
custom resource owner password credentials (ROPC) flows in Azure AD B2C
access packages in Identity Governance
smart account lockout in Azure AD B2C
Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?
insider risk management policies
data loss prevention (DLP) policies
sensitivity label policies
retention policies
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers. In which two environments can you use Defender for Containers to scan for known vulnerabilities?
Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Linux containers deployed to Azure Container Registry
Linux containers deployed to Azure Kubernetes Service (AKS)
Windows containers deployed to Azure Container Registry
Windows containers deployed to Azure Kubernetes Service (AKS)
Linux containers deployed to Azure Container Instances
Your company has an on-premises network and an Azure subscription.
The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.
You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network. You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network. What should you include in the recommendation?
a private endpoint
hybrid connections
virtual network NAT gateway integration
virtual network integration
Your company has a hybrid cloud infrastructure that contains an on-premises Active Directory Domain Services (AD DS) forest, a Microsoft B65 subscription, and an Azure subscription. The company's on-premises network contains internal web apps that use Kerberos authentication.
Currently, the web apps are accessible only from the network.
You have remote users who have personal devices that run Windows 11.
You need to recommend a solution to provide the remote users with the ability to access the web apps. The solution must meet the following requirements:
• Prevent the remote users from accessing any other resources on the network.
• Support Azure Active Directory (Azure AD) Conditional Access.
• Simplify the end-user experience.
What should you include in the recommendation?
Azure AD Application Proxy
Azure Virtual WAN
Microsoft Tunnel
web content filtering in Microsoft Defender for Endpoint
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk. You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
Azure Event Hubs
Azure Data Factor
a Microsoft Sentinel workbook
a Microsoft Sentinel data connector
Question