Free Microsoft SC-100 Practice Online

NEW QUESTION 1

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?

• A. Azure Active Directory Domain Services (Azure AD DS)
• B. Azure Active Directory (Azure AD) B2C
• C. Azure Active Directory (Azure AD)
• D. Active Directory Domain Services (AD DS)

Answer: A

NEW QUESTION 3

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?

• A. From Defender for Cloud, review the Azure security baseline for audit report.
• B. From Defender for Cloud, add a regulatory compliance standard.
• C. From Defender for Cloud, enable Defender for Cloud plans.
• D. From Defender for Cloud, review the secure score recommendations.

Answer: D

NEW QUESTION 4

Your company plans to provision blob storage by using an Azure Storage account The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?

• A. service tags in network security groups (NSGs)
• B. managed rule sets in Azure Web Application Firewall (WAF) policies
• C. inbound rules in network security groups (NSGs)
• D. firewall rules for the storage account
• E. inbound rules in Azure Firewall

Answer: C

NEW QUESTION 5

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. Security Assertion Markup Language (SAML)
• B. NTLMv2
• C. certificate-based authentication
• D. Kerberos

Answer: AC

NEW QUESTION 6

A customer has a Microsoft 365 E5 subscription and an Azure subscription.
The customer wants to centrally manage security incidents, analyze log, audit activity, and hunt for potential threats across all deployed services.
You need to recommend a solution for the customer. The solution must minimize costs. What should you include in the recommendation?

• A. Microsoft 365 Defender
• B. Microsoft Defender for Cloud
• C. Microsoft Defender for Cloud Apps
• D. Microsoft Sentinel

Answer: D

NEW QUESTION 7

You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.

What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

Your company has an office in Seattle.
The company has two Azure virtual machine scale sets hosted on different virtual networks. The company plans to contract developers in India.
You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:
• Prevent exposing the public IP addresses of the virtual machines.
• Provide the ability to connect without using a VPN.
• Minimize costs.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Deploy Azure Bastion to one virtual network.
• B. Deploy Azure Bastion to each virtual network.
• C. Enable just-in-time VM access on the virtual machines.
• D. Create a hub and spoke network by using virtual network peering.
• E. Create NAT rules and network rules in Azure Firewall.

Answer: DE

NEW QUESTION 9

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?

• A. Enhanced Security Admin Environment (ESAE)
• B. Microsoft Security Development Lifecycle (SDL)
• C. Rapid Modernization Plan (RaMP)
• D. Microsoft Operational Security Assurance (OSA)

Answer: A

NEW QUESTION 10

Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation?

• A. standalone sensors
• B. honeytoken entity tags
• C. sensitivity labels
• D. custom user tags

Answer: D

NEW QUESTION 11

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.
What should you configure for each landing zone?

• A. Azure DDoS Protection Standard
• B. an Azure Private DNS zone
• C. Microsoft Defender for Cloud
• D. an ExpressRoute gateway

Answer: D

NEW QUESTION 12

You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successtu\ ransonvwaTe
attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Use Azure Monitor notifications when backup configurations change.
• B. Require PINs for critical operations.
• C. Perform offline backups to Azure Data Box.
• D. Encrypt backups by using customer-managed keys (CMKs).
• E. Enable soft delete for backups.

Answer: BC

NEW QUESTION 13

Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?

• A. insider risk management policies
• B. data loss prevention (DLP) policies
• C. sensitivity label policies
• D. retention policies

Answer: A

NEW QUESTION 14

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

• A. activity policies in Microsoft Defender for Cloud Apps
• B. sign-in risk policies in Azure AD Identity Protection
• C. device compliance policies in Microsoft Endpoint Manager
• D. Azure AD Conditional Access policies
• E. user risk policies in Azure AD Identity Protection

Answer: A

NEW QUESTION 16
......