ExamGecko
Login
Home / Microsoft / SC-100 / List of questions
Ask Question

Microsoft SC-100 Practice Test - Questions Answers, Page 9

List of questions

Question 81

Report
Export
Collapse

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD) The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment.

What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

role-based authorization

role-based authorization

Azure AD Privileged Identity Management (PIM)

Azure AD Privileged Identity Management (PIM)

resource-based authorization

resource-based authorization

Azure AD Multi-Factor Authentication

Azure AD Multi-Factor Authentication
Suggested answer: D

Explanation:

(https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim- configure) https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory- pricing?rtc=1

asked 05/10/2024
Jorge Correa
40 questions

Question 82

Report
Export
Collapse

A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

Microsoft SC-100 image Question 63 107674 10052024010833000000

You need to design an identity strategy for the app. The solution must meet the following requirements:

• Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.

• Be managed separately from the identity store of the customer.

• Support fully customizable branding for each app.

Which service should you recommend to complete the design?

Azure Active Directory (Azure AD) B2C

Azure Active Directory (Azure AD) B2C

Azure Active Directory (Azure AD) B2B

Azure Active Directory (Azure AD) B2B

Azure AD Connect

Azure AD Connect

Azure Active Directory Domain Services (Azure AD DS)

Azure Active Directory Domain Services (Azure AD DS)
Suggested answer: A

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider- facebook?pivots=b2c-user-flow https://docs.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c- user-flow

asked 05/10/2024
Reinhard KOhl
38 questions

Question 83

Report
Export
Collapse

A customer has a Microsoft 365 E5 subscription and an Azure subscription.

The customer wants to centrally manage security incidents, analyze log, audit activity, and search for potential threats across all deployed services. You need to recommend a solution for the customer. The solution must minimize costs.

What should you include in the recommendation?

Microsoft 365 Defender

Microsoft 365 Defender

Microsoft Defender for Cloud

Microsoft Defender for Cloud

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps

Microsoft Sentinel

Microsoft Sentinel
Suggested answer: D
asked 05/10/2024
Guillermo Carrasco
33 questions

Question 84

Report
Export
Collapse

You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?

Add Microsoft Sentinel data connectors.

Add Microsoft Sentinel data connectors.

Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.

Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.

Enable the Defender plan for all resource types in Microsoft Defender for Cloud.

Enable the Defender plan for all resource types in Microsoft Defender for Cloud.

Obtain Azure Active Directory Premium Plan 2 licenses.

Obtain Azure Active Directory Premium Plan 2 licenses.
Suggested answer: A
asked 05/10/2024
Akshi Raj
42 questions

Question 85

Report
Export
Collapse

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

Microsoft SC-100 image Question 66 107677 10052024010833000000

You need to recommend a solution to isolate the compute components on an Azure virtual network.

What should you include in the recommendation?

Azure Active Directory (Azure AD) enterprise applications

Azure Active Directory (Azure AD) enterprise applications

an Azure App Service Environment (ASE)

an Azure App Service Environment (ASE)

Azure service endpoints

Azure service endpoints

an Azure Active Directory (Azure AD) application proxy

an Azure Active Directory (Azure AD) application proxy
Suggested answer: B

Explanation:

App Service environments (ASEs) are appropriate for application workloads that require: Very high scale,Isolation and secure network access,High memory utilization.This capability can host your: Windows web apps,Linux web apps Docker containers,Mobile apps Functionshttps://docs.microsoft.com/en-us/azure/app-service/environment/overview

asked 05/10/2024
Salah Dabwan
46 questions

Question 86

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents. You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared. Which two components should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

data loss prevention (DLP) policies

data loss prevention (DLP) policies

sensitivity label policies

sensitivity label policies

retention label policies

retention label policies

eDiscovery cases

eDiscovery cases
Suggested answer: A, B

Explanation:

Data loss prevention in Office 365. Data loss prevention (DLP) helps you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data without hindering the productivity of users and their ability to collaborate.Plan for integration into a broader information protection scheme. On top of coexistence with OME, sensitivity labels can be used along-side capabilities like Microsoft Purview Data Loss Prevention (DLP) and Microsoft Defender for Cloud Apps.

https://motionwave.com.au/keeping-your-confidential-data-secure-with-microsoft-office-365/ https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-protect- information?view=o365-worldwide#sensitivity-labels

asked 05/10/2024
Junaid Sahebzada
33 questions

Question 87

Report
Export
Collapse

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices:

• Computers that run either Windows 10 or Windows 11

• Tablets and phones that run either Android or iOS

You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?

eDiscovery

eDiscovery

retention policies

retention policies

Compliance Manager

Compliance Manager

Microsoft Information Protection

Microsoft Information Protection
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwide

asked 05/10/2024
KHALID ALSHAHRANI
46 questions

Question 88

Report
Export
Collapse


You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance. Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID. Does this meet the goal?

Yes

Yes

No

No
Suggested answer: A

Explanation:

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access- to-my-backend-to-only-azure-front-door-

asked 05/10/2024
Charalambos Stavrou
34 questions

Question 89

Report
Export
Collapse

Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

Microsoft SC-100 image Question 70 107681 10052024010833000000

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend creating private endpoints for the web app and the database layer. Does this meet the goal?

Yes

Yes

No

No
Suggested answer: A

Explanation:

When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-private-endpoints

asked 05/10/2024
Francisco Sanchez Valdes
44 questions

Question 90

Report
Export
Collapse

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

Does this meet the goal?

Yes

Yes

No

No
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

asked 05/10/2024
Paula Castanheira
36 questions
Total 200 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have legacy operational technology (OT) devices and loT devices. You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance. Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID. Does this meet the goal?
Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit. You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation?
HOTSPOT Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online. You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams. You need to recommend an Azure AD identity Governance solution that meets the following requirements: * Project managers must verify that their project group contains only the current members of their project team * The members of each project team must only have access to the resources of the project to which they are assigned * Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days. * Administrative effort must be minimized. What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription. You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents. You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared. Which two components should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos. You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos. What should you include in the recommendation?
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected. What should you use?
You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1. You plan to migrate DB1 to Azure. You need to recommend an encrypted Azure database solution that meets the following requirements: * Minimizes the risks of malware that uses elevated privileges to access sensitive data * Prevents database administrators from accessing sensitive data * Enables pattern matching for server-side database operations * Supports Microsoft Azure Attestation * Uses hardware-based encryption What should you include in the recommendation?