Practical Microsoft SC-100 Dumps Questions Online

NEW QUESTION 1

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.
You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.
Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Configure auto provisioning.
• B. Assign regulatory compliance policies.
• C. Review the inventory.
• D. Add a workflow automation.
• E. Enable Defender plans.

Answer: BD

NEW QUESTION 2

Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

• A. Azure Traffic Manager with priority traffic-routing methods
• B. Azure Application Gateway v2 with user-defined routes (UDRs).
• C. Azure Front Door with Azure Web Application Firewall (WAF)
• D. Azure Firewall with policy rule sets

Answer: A

NEW QUESTION 3

Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.

• A. Azure Firewall
• B. Azure Web Application Firewall (WAF)
• C. Microsoft Defender for Cloud alerts
• D. Azure Active Directory (Azure AD Privileged Identity Management (PIM)
• E. Microsoft Sentinel

Answer: BD

NEW QUESTION 4

You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.

• A. Assign an initiative to a management group.
• B. Assign a blueprint to each subscription.
• C. Assign a policy to each subscription.
• D. Assign a blueprint to a management group.
• E. Assign an initiative to each subscription.
• F. Assign a policy to a management group.

Answer: CD

NEW QUESTION 5

Your company has on-premises Microsoft SQL Server databases. The company plans to move the databases to Azure.
You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.
What should you include in the recommendation?

• A. Azure SQL Managed Instance
• B. Azure Synapse Analytics dedicated SQL pools
• C. Azure SQL Database
• D. SQL Server on Azure Virtual Machines

Answer: D

NEW QUESTION 6

You have a Microsoft 365 E5 subscription.
You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.
You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared.
Which two components should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. data loss prevention (DLP) policies
• B. sensitivity label policies
• C. retention label policies
• D. eDiscovery cases

Answer: AD

NEW QUESTION 7

Your company has a hybrid cloud infrastructure.
Data and applications are moved regularly between cloud environments.
The company's on-premises network is managed as shown in the following exhibit.

NOTE Each correct selection is worth one point.

• A. Azure VPN Gateway
• B. guest configuration in Azure Policy
• C. on-premises data gateway
• D. Azure Bastion
• E. Azure Arc

Answer: CE

NEW QUESTION 8

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

• A. Azure Key Vault
• B. GitHub Advanced Security
• C. Application Insights in Azure Monitor
• D. Azure DevTest Labs

Answer: D

NEW QUESTION 10

You need to recommend a solution to meet the requirements for connections to ClaimsDB.
What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 11

You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 13

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementation.
You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
• B. Azure Active Directory (Azure AD) Conditional Access
• C. Microsoft Defender for servers
• D. Azure Policy
• E. Microsoft Defender for Containers

Answer: BE

NEW QUESTION 14

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Azure AD Conditional Access integration with user flows and custom policies
• B. Azure AD workbooks to monitor risk detections
• C. custom resource owner password credentials (ROPC) flows in Azure AD B2C
• D. access packages in Identity Governance
• E. smart account lockout in Azure AD B2C

Answer: BE

NEW QUESTION 15

Your company has devices that run either Windows 10, Windows 11, or Windows Server. You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?

• A. Microsoft Intune
• B. Policy Analyzer
• C. Local Group Policy Object (LGPO)
• D. Windows Autopilot

Answer: D

NEW QUESTION 16
......