ExamGecko
Login
Home / Microsoft / SC-100 / List of questions
Ask Question

Microsoft SC-100 Practice Test - Questions Answers, Page 6

List of questions

Question 51

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You need to recommend a solution to add a watermark to email attachments that contain sensitive dat a. What should you include in the recommendation?

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps

insider risk management

insider risk management

Microsoft Information Protection

Microsoft Information Protection

Azure Purview

Azure Purview
Suggested answer: C

Explanation:

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

You can use sensitivity labels to: Provide protection settings that include encryption and content markings. For example, apply a "Confidential" label to a document or email, and that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content. Protect content in Office apps across different platforms and devices. Supported by Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web. Supported on Windows, macOS, iOS, and Android. Protect content in third-party apps and services by using Microsoft Defender for Cloud Apps. With Defender for Cloud Apps, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.

asked 05/10/2024
Maxwell Konetzki
29 questions

Question 52

Report
Export
Collapse

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network. The company's security policy prevents the use of personal devices for accessing company data and applications. You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand. What should you include in the recommendation?

Migrate the on-premises applications to cloud-based applications.

Migrate the on-premises applications to cloud-based applications.

Redesign the VPN infrastructure by adopting a split tunnel configuration.

Redesign the VPN infrastructure by adopting a split tunnel configuration.

Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual- desktop https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-microsoft- defender-for-cloud-apps/ba-p/2835842

asked 05/10/2024
JED MEDIA
37 questions

Question 53

Report
Export
Collapse

You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks.

You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful\ ransonvware attack. Which two controls should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Use Azure Monitor notifications when backup configurations change.

Use Azure Monitor notifications when backup configurations change.

Require PINs for critical operations.

Require PINs for critical operations.

Perform offline backups to Azure Data Box.

Perform offline backups to Azure Data Box.

Encrypt backups by using customer-managed keys (CMKs).

Encrypt backups by using customer-managed keys (CMKs).

Enable soft delete for backups.

Enable soft delete for backups.
Suggested answer: A, B

Explanation:

https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against- ransomware'You need to recommend which CONTROLS must be enabled to ENSURE that Azure Backup can be used to RESTORE the resources in the event of a successful ransomware attack.' Whilst helpful for auditing purposes and detection of a malicious attack, monitoring configuration changes and alerting after a change is made does not represent a CONTROL which ENSURES Azure Backup can be used to RESTORE the resources.

asked 05/10/2024
Matthew Farrington
35 questions

Question 54

Report
Export
Collapse

Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

activity policies in Microsoft Defender for Cloud Apps

activity policies in Microsoft Defender for Cloud Apps

sign-in risk policies in Azure AD Identity Protection

sign-in risk policies in Azure AD Identity Protection

device compliance policies in Microsoft Endpoint Manager

device compliance policies in Microsoft Endpoint Manager

Azure AD Conditional Access policies

Azure AD Conditional Access policies

user risk policies in Azure AD Identity Protection

user risk policies in Azure AD Identity Protection
Suggested answer: A

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional- access-policy-location https://docs.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules

asked 05/10/2024
Francesco Facco
29 questions

Question 55

Report
Export
Collapse

Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities. You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation?

standalone sensors

standalone sensors

honeytoken entity tags

honeytoken entity tags

sensitivity labels

sensitivity labels

custom user tags

custom user tags
Suggested answer: B

Explanation:

https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide#honeytoken- activityThe Sensitive tag is used to identify high value assets.(user / devices / groups)Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. and Defender for Identity considers Exchange servers as high-value assets and automatically tags them as Sensitive

asked 05/10/2024
isaac linares
26 questions

Question 56

Report
Export
Collapse

You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft Sentinel deployment. You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?

playbooks

playbooks

workbooks

workbooks

notebooks

notebooks

threat intelligence

threat intelligence
Suggested answer: B

Explanation:

https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview

asked 05/10/2024
garima sharma
51 questions

Question 57

Report
Export
Collapse

Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server. The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription. Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server. You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency tor developers. Which three actions should you recommend? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.

Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.

Implement Azure Firewall to restrict host pool outbound access.

Implement Azure Firewall to restrict host pool outbound access.

Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication

(MFA) and named locations.

Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication

(MFA) and named locations.

Migrate from the Remote Desktop server to Azure Virtual Desktop.

Migrate from the Remote Desktop server to Azure Virtual Desktop.

Deploy a Remote Desktop server to an Azure region located in France.

Deploy a Remote Desktop server to an Azure region located in France.
Suggested answer: B, C, D

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop

asked 05/10/2024
Ajay Vijayan
34 questions

Question 58

Report
Export
Collapse

Your company is moving all on-premises workloads to Azure and Microsoft 365. Vou need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:

• Minimizes manual intervention by security operation analysts

• Supports Waging alerts within Microsoft Teams channels

What should you include in the strategy?

data connectors

data connectors

playbooks

playbooks

workbooks

workbooks

KQL

KQL
Suggested answer: B

Explanation:


asked 05/10/2024
Sebastian van de Zweerde
43 questions

Question 59

Report
Export
Collapse

Your company plans to provision blob storage by using an Azure Storage account The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?

service tags in network security groups (NSGs)

service tags in network security groups (NSGs)

managed rule sets in Azure Web Application Firewall (WAF) policies

managed rule sets in Azure Web Application Firewall (WAF) policies

inbound rules in network security groups (NSGs)

inbound rules in network security groups (NSGs)

firewall rules for the storage account

firewall rules for the storage account

inbound rules in Azure Firewall

inbound rules in Azure Firewall
Suggested answer: D
asked 05/10/2024
Louis Flink
43 questions

Question 60

Report
Export
Collapse

Your company has a Microsoft 365 E5 subscription.

The company plans to deploy 45 mobile self-service kiosks that will run Windows

10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:

• Ensure that only authorized applications can run on the kiosks.

• Regularly harden the kiosks against new threats.

Which two actions should you include in the recommendations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Onboard the kiosks to Azure Monitor.

Onboard the kiosks to Azure Monitor.

Implement Privileged Access Workstation (PAW) for the kiosks.

Implement Privileged Access Workstation (PAW) for the kiosks.

Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.

Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.

Implement threat and vulnerability management in Microsoft Defender for Endpoint.

Implement threat and vulnerability management in Microsoft Defender for Endpoint.

Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.

Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.
Suggested answer: D, E

Explanation:

(https://docs.microsoft.com/en-us/microsoft-365/security/defender-vulnerability- management/defender-vulnerability-management?view=o365-worldwide)

asked 05/10/2024
Gary Cox
43 questions
Total 200 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have legacy operational technology (OT) devices and loT devices. You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance. Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID. Does this meet the goal?
Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit. You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation?
HOTSPOT Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online. You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams. You need to recommend an Azure AD identity Governance solution that meets the following requirements: * Project managers must verify that their project group contains only the current members of their project team * The members of each project team must only have access to the resources of the project to which they are assigned * Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days. * Administrative effort must be minimized. What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription. You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents. You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared. Which two components should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos. You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos. What should you include in the recommendation?
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected. What should you use?
You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1. You plan to migrate DB1 to Azure. You need to recommend an encrypted Azure database solution that meets the following requirements: * Minimizes the risks of malware that uses elevated privileges to access sensitive data * Prevents database administrators from accessing sensitive data * Enables pattern matching for server-side database operations * Supports Microsoft Azure Attestation * Uses hardware-based encryption What should you include in the recommendation?