Microsoft SC-100 Practice Test - Questions Answers, Page 8
Question list
List of questions
Related questions
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
Azure Monitor webhooks
Azure Logics Apps
Azure Event Hubs
Azure Functions apps
Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF). Does this meet the goal?
Yes
No
You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements. What should you recommend as part of the landing zone deployment?
service chaining
local network gateways
forced tunneling
a VNet-to-VNet connection
Your company has devices that run either Windows 10, Windows 11, or Windows Server.
You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?
Microsoft Intune
Policy Analyzer
Local Group Policy Object (LGPO)
Windows Autopilot
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications. The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Microsoft Defender for Endpoint reports the endpoints as compliant.
Microsoft Intune reports the endpoints as compliant.
A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
The client access tokens are refreshed.
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All the on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend configurations to meet the following requirements:
• Ensure that the security operations team can access the security logs and the operation logs.
• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Configure Azure Active Directory (Azure AD) Conditional Access policies.
Use the Azure Monitor agent with the multi-homing configuration.
Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.
Create a custom collector that uses the Log Analytics agent.
Your company has the virtual machine infrastructure shown in the following table.
The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure. You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware. What should you include in the recommendation?
Use geo-redundant storage (GRS).
Use customer-managed keys (CMKs) for encryption.
Require PINs to disable backups.
Implement Azure Site Recovery replication.
You have a customer that has a Microsoft 365 subscription and an Azure subscription.
The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure. You need to design a security solution to assess whether all the devices meet the customer's compliance rules. What should you include in the solution?
Microsoft Information Protection
Microsoft Defender for Endpoint
Microsoft Sentinel
Microsoft Endpoint Manager
Your company has a hybrid cloud infrastructure.
Data and applications are moved regularly between cloud environments.
The company's on-premises network is managed as shown in the following exhibit.
You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements: Govern virtual machines and servers across multiple environments.Enforce standards for all the resources across all the environment across the Azure policy.Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.
Azure VPN Gateway
guest configuration in Azure Policy
on-premises data gateway
Azure Bastion
Azure Arc
You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?
Enhanced Security Admin Environment (ESAE)
Microsoft Security Development Lifecycle (SDL)
Rapid Modernization Plan (RaMP)
Microsoft Operational Security Assurance (OSA)
Question