ExamGecko
Search Search Login
Home Home / Microsoft / SC-100

Microsoft SC-100 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have legacy operational technology (OT) devices and loT devices. You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
HOTSPOT Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online. You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams. You need to recommend an Azure AD identity Governance solution that meets the following requirements: * Project managers must verify that their project group contains only the current members of their project team * The members of each project team must only have access to the resources of the project to which they are assigned * Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days. * Administrative effort must be minimized. What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs). Does this meet the goal?
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk. You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
HOTSPOT You need to recommend a solution to meet the requirements for connections to ClaimsDB. What should you recommend using for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You are evaluating the security of ClaimsApp. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.
You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos. You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos. What should you include in the recommendation?
HOTSPOT You have an Azure subscription that contains a Microsoft Sentinel workspace named MSW1. MSW1 includes 50 scheduled analytics rules. You need to design a security orchestration automated response (SOAR) solution by using Microsoft Sentinel playbooks. The solution must meet the following requirements: * Ensure that expiration dates can be configured when a playbook runs. * Minimize the administrative effort required to configure individual analytics rules. What should you use to invoke the playbooks, and which type of Microsoft Sentinel trigger should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG) You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements: * Ensure that each time the support staff connects to a jump server; they must request access to the server. * Ensure that only authorized support staff can initiate SSH connections to the jump servers. * Maximize protection against brute-force attacks from internal networks and the internet. * Ensure that users can only connect to the jump servers from the internet. * Minimize administrative effort What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You have a hybrid Azure AD tenant that has pass-through authentication enabled. You are designing an identity security strategy. You need to minimize the impact of brute force password attacks and leaked credentials of hybrid identities. What should you include in the design? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Question 81

Report
Export
Collapse

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD) The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment.

What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

A.

role-based authorization

A.

role-based authorization

Answers
B.

Azure AD Privileged Identity Management (PIM)

B.

Azure AD Privileged Identity Management (PIM)

Answers
C.

resource-based authorization

C.

resource-based authorization

Answers
D.

Azure AD Multi-Factor Authentication

D.

Azure AD Multi-Factor Authentication

Answers
Suggested answer: D

Explanation:

(https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim- configure) https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory- pricing?rtc=1

Question 82

Report
Export
Collapse

A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

You need to design an identity strategy for the app. The solution must meet the following requirements:

• Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.

• Be managed separately from the identity store of the customer.

• Support fully customizable branding for each app.

Which service should you recommend to complete the design?

A.

Azure Active Directory (Azure AD) B2C

A.

Azure Active Directory (Azure AD) B2C

Answers
B.

Azure Active Directory (Azure AD) B2B

B.

Azure Active Directory (Azure AD) B2B

Answers
C.

Azure AD Connect

C.

Azure AD Connect

Answers
D.

Azure Active Directory Domain Services (Azure AD DS)

D.

Azure Active Directory Domain Services (Azure AD DS)

Answers
Suggested answer: A

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider- facebook?pivots=b2c-user-flow https://docs.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c- user-flow

Question 83

Report
Export
Collapse

A customer has a Microsoft 365 E5 subscription and an Azure subscription.

The customer wants to centrally manage security incidents, analyze log, audit activity, and search for potential threats across all deployed services. You need to recommend a solution for the customer. The solution must minimize costs.

What should you include in the recommendation?

A.

Microsoft 365 Defender

A.

Microsoft 365 Defender

Answers
B.

Microsoft Defender for Cloud

B.

Microsoft Defender for Cloud

Answers
C.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud Apps

Answers
D.

Microsoft Sentinel

D.

Microsoft Sentinel

Answers
Suggested answer: D

Question 84

Report
Export
Collapse

You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?

A.

Add Microsoft Sentinel data connectors.

A.

Add Microsoft Sentinel data connectors.

Answers
B.

Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.

B.

Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.

Answers
C.

Enable the Defender plan for all resource types in Microsoft Defender for Cloud.

C.

Enable the Defender plan for all resource types in Microsoft Defender for Cloud.

Answers
D.

Obtain Azure Active Directory Premium Plan 2 licenses.

D.

Obtain Azure Active Directory Premium Plan 2 licenses.

Answers
Suggested answer: A

Question 85

Report
Export
Collapse

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

You need to recommend a solution to isolate the compute components on an Azure virtual network.

What should you include in the recommendation?

A.

Azure Active Directory (Azure AD) enterprise applications

A.

Azure Active Directory (Azure AD) enterprise applications

Answers
B.

an Azure App Service Environment (ASE)

B.

an Azure App Service Environment (ASE)

Answers
C.

Azure service endpoints

C.

Azure service endpoints

Answers
D.

an Azure Active Directory (Azure AD) application proxy

D.

an Azure Active Directory (Azure AD) application proxy

Answers
Suggested answer: B

Explanation:

App Service environments (ASEs) are appropriate for application workloads that require: Very high scale,Isolation and secure network access,High memory utilization.This capability can host your: Windows web apps,Linux web apps Docker containers,Mobile apps Functionshttps://docs.microsoft.com/en-us/azure/app-service/environment/overview

Question 86

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents. You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared. Which two components should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

data loss prevention (DLP) policies

A.

data loss prevention (DLP) policies

Answers
B.

sensitivity label policies

B.

sensitivity label policies

Answers
C.

retention label policies

C.

retention label policies

Answers
D.

eDiscovery cases

D.

eDiscovery cases

Answers
Suggested answer: A, B

Explanation:

Data loss prevention in Office 365. Data loss prevention (DLP) helps you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data without hindering the productivity of users and their ability to collaborate.Plan for integration into a broader information protection scheme. On top of coexistence with OME, sensitivity labels can be used along-side capabilities like Microsoft Purview Data Loss Prevention (DLP) and Microsoft Defender for Cloud Apps.

https://motionwave.com.au/keeping-your-confidential-data-secure-with-microsoft-office-365/ https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-protect- information?view=o365-worldwide#sensitivity-labels

Question 87

Report
Export
Collapse

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices:

• Computers that run either Windows 10 or Windows 11

• Tablets and phones that run either Android or iOS

You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?

A.

eDiscovery

A.

eDiscovery

Answers
B.

retention policies

B.

retention policies

Answers
C.

Compliance Manager

C.

Compliance Manager

Answers
D.

Microsoft Information Protection

D.

Microsoft Information Protection

Answers
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwide

Question 88

Report
Export
Collapse


You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance. Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID. Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: A

Explanation:

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access- to-my-backend-to-only-azure-front-door-

Question 89

Report
Export
Collapse

Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend creating private endpoints for the web app and the database layer. Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: A

Explanation:

When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-private-endpoints

Question 90

Report
Export
Collapse

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

Total 177 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms