Microsoft SC-100 Practice Test - Questions Answers, Page 6
Question list
List of questions
Related questions
You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive dat a. What should you include in the recommendation?
Microsoft Defender for Cloud Apps
insider risk management
Microsoft Information Protection
Azure Purview
Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network. The company's security policy prevents the use of personal devices for accessing company data and applications. You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand. What should you include in the recommendation?
Migrate the on-premises applications to cloud-based applications.
Redesign the VPN infrastructure by adopting a split tunnel configuration.
Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful\ ransonvware attack. Which two controls should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Use Azure Monitor notifications when backup configurations change.
Require PINs for critical operations.
Perform offline backups to Azure Data Box.
Encrypt backups by using customer-managed keys (CMKs).
Enable soft delete for backups.
Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?
activity policies in Microsoft Defender for Cloud Apps
sign-in risk policies in Azure AD Identity Protection
device compliance policies in Microsoft Endpoint Manager
Azure AD Conditional Access policies
user risk policies in Azure AD Identity Protection
Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities. You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation?
standalone sensors
honeytoken entity tags
sensitivity labels
custom user tags
You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft Sentinel deployment. You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?
playbooks
workbooks
notebooks
threat intelligence
Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server. The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription. Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server. You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency tor developers. Which three actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.
Implement Azure Firewall to restrict host pool outbound access.
Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication
(MFA) and named locations.
Migrate from the Remote Desktop server to Azure Virtual Desktop.
Deploy a Remote Desktop server to an Azure region located in France.
Your company is moving all on-premises workloads to Azure and Microsoft 365. Vou need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:
• Minimizes manual intervention by security operation analysts
• Supports Waging alerts within Microsoft Teams channels
What should you include in the strategy?
data connectors
playbooks
workbooks
KQL
Your company plans to provision blob storage by using an Azure Storage account The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?
service tags in network security groups (NSGs)
managed rule sets in Azure Web Application Firewall (WAF) policies
inbound rules in network security groups (NSGs)
firewall rules for the storage account
inbound rules in Azure Firewall
Your company has a Microsoft 365 E5 subscription.
The company plans to deploy 45 mobile self-service kiosks that will run Windows
10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:
• Ensure that only authorized applications can run on the kiosks.
• Regularly harden the kiosks against new threats.
Which two actions should you include in the recommendations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Onboard the kiosks to Azure Monitor.
Implement Privileged Access Workstation (PAW) for the kiosks.
Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.
Implement threat and vulnerability management in Microsoft Defender for Endpoint.
Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.
Question