ExamGecko
Login
Home / Microsoft / SC-100 / List of questions
Ask Question

Microsoft SC-100 Practice Test - Questions Answers, Page 8

Add to Whishlist

List of questions

Question 71

Report Export Collapse

You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?

Azure Monitor webhooks

Azure Monitor webhooks

Azure Logics Apps

Azure Logics Apps

Azure Event Hubs

Azure Event Hubs

Azure Functions apps

Azure Functions apps

Suggested answer: B
Explanation:

The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance.Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios.

asked 05/10/2024
Christian Knarvik
46 questions

Question 72

Report Export Collapse

Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

Microsoft SC-100 image Question 53 107664 10052024010833000000

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF). Does this meet the goal?

Yes

Yes

No

No

Suggested answer: B
Explanation:

When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.

asked 05/10/2024
Jessica Martinada
40 questions

Question 73

Report Export Collapse

You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements. What should you recommend as part of the landing zone deployment?

service chaining

service chaining

local network gateways

local network gateways

forced tunneling

forced tunneling

a VNet-to-VNet connection

a VNet-to-VNet connection

Suggested answer: A
asked 05/10/2024
Michael Marzotto
43 questions

Question 74

Report Export Collapse

Your company has devices that run either Windows 10, Windows 11, or Windows Server.

You are in the process of improving the security posture of the devices.

You plan to use security baselines from the Microsoft Security Compliance Toolkit.

What should you recommend using to compare the baselines to the current device configurations?

Microsoft Intune

Microsoft Intune

Policy Analyzer

Policy Analyzer

Local Group Policy Object (LGPO)

Local Group Policy Object (LGPO)

Windows Autopilot

Windows Autopilot

Suggested answer: B
Explanation:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security- configuration-framework/security-compliance-toolkit-10

asked 05/10/2024
CHARLES ADAMA
39 questions

Question 75

Report Export Collapse

A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications. The customer discovers that several endpoints are infected with malware.

The customer suspends access attempts from the infected endpoints.

The malware is removed from the end point.

Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Microsoft Defender for Endpoint reports the endpoints as compliant.

Microsoft Defender for Endpoint reports the endpoints as compliant.

Microsoft Intune reports the endpoints as compliant.

Microsoft Intune reports the endpoints as compliant.

A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.

A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.

The client access tokens are refreshed.

The client access tokens are refreshed.

Suggested answer: B, D
asked 05/10/2024
Stephanie Scheffers
45 questions

Question 76

Report Export Collapse


A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All the on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

• Ensure that the security operations team can access the security logs and the operation logs.

• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Configure Azure Active Directory (Azure AD) Conditional Access policies.

Configure Azure Active Directory (Azure AD) Conditional Access policies.

Use the Azure Monitor agent with the multi-homing configuration.

Use the Azure Monitor agent with the multi-homing configuration.

Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

Create a custom collector that uses the Log Analytics agent.

Create a custom collector that uses the Log Analytics agent.

Suggested answer: B, C
asked 05/10/2024
Vijayakumar Dhandapani
45 questions

Question 77

Report Export Collapse

Your company has the virtual machine infrastructure shown in the following table.

Microsoft SC-100 image Question 58 107669 10052024010833000000

The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure. You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware. What should you include in the recommendation?

Use geo-redundant storage (GRS).

Use geo-redundant storage (GRS).

Use customer-managed keys (CMKs) for encryption.

Use customer-managed keys (CMKs) for encryption.

Require PINs to disable backups.

Require PINs to disable backups.

Implement Azure Site Recovery replication.

Implement Azure Site Recovery replication.

Suggested answer: C
asked 05/10/2024
Leandro Ruwer
50 questions

Question 78

Report Export Collapse

You have a customer that has a Microsoft 365 subscription and an Azure subscription.

The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure. You need to design a security solution to assess whether all the devices meet the customer's compliance rules. What should you include in the solution?

Microsoft Information Protection

Microsoft Information Protection

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

Microsoft Sentinel

Microsoft Sentinel

Microsoft Endpoint Manager

Microsoft Endpoint Manager

Suggested answer: D
asked 05/10/2024
Jean-Bosco Muganza
41 questions

Question 79

Report Export Collapse

Your company has a hybrid cloud infrastructure.

Data and applications are moved regularly between cloud environments.

The company's on-premises network is managed as shown in the following exhibit.

Microsoft SC-100 image Question 60 107671 10052024010833000000

You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements: Govern virtual machines and servers across multiple environments.Enforce standards for all the resources across all the environment across the Azure policy.Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.

Azure VPN Gateway

Azure VPN Gateway

guest configuration in Azure Policy

guest configuration in Azure Policy

on-premises data gateway

on-premises data gateway

Azure Bastion

Azure Bastion

Azure Arc

Azure Arc

Suggested answer: B, E
Explanation:

https://docs.microsoft.com/en-us/azure/governance/machine-configuration/overview

asked 05/10/2024
Brian Bell
48 questions

Question 80

Report Export Collapse

You are designing the security standards for a new Azure environment.

You need to design a privileged identity strategy based on the Zero Trust model.

Which framework should you follow to create the design?

Enhanced Security Admin Environment (ESAE)

Enhanced Security Admin Environment (ESAE)

Microsoft Security Development Lifecycle (SDL)

Microsoft Security Development Lifecycle (SDL)

Rapid Modernization Plan (RaMP)

Rapid Modernization Plan (RaMP)

Microsoft Operational Security Assurance (OSA)

Microsoft Operational Security Assurance (OSA)

Suggested answer: C
Explanation:

https://docs.microsoft.com/en-us/security/compass/security-rapid-modernization-plan This rapid modernization plan (RAMP) will help you quickly adopt Microsoft's recommended privileged access strategy.

asked 05/10/2024
Taka Masa
38 questions
Total 200 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have legacy operational technology (OT) devices and loT devices. You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance. Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID. Does this meet the goal?
Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit. You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation?
HOTSPOT Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online. You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams. You need to recommend an Azure AD identity Governance solution that meets the following requirements: * Project managers must verify that their project group contains only the current members of their project team * The members of each project team must only have access to the resources of the project to which they are assigned * Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days. * Administrative effort must be minimized. What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription. You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents. You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared. Which two components should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos. You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos. What should you include in the recommendation?
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected. What should you use?
You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1. You plan to migrate DB1 to Azure. You need to recommend an encrypted Azure database solution that meets the following requirements: * Minimizes the risks of malware that uses elevated privileges to access sensitive data * Prevents database administrators from accessing sensitive data * Enables pattern matching for server-side database operations * Supports Microsoft Azure Attestation * Uses hardware-based encryption What should you include in the recommendation?