Azure SC-100 Questions PDF

Azure SC‑100 Ques ons Certlib ‑ Ques on 1 Exam SC‑100 topic 1 ques on 1 discussion ‑ ExamTopics Your company has a Microso 365 ES subscrip on. The Chief Compliance Oﬃcer plans to enhance privacy management in the working environment. You need to recommend a solu on to enhance the privacy management. The solu on must meet the following requirements꞉ ✑ Iden fy unused personal data and empower users to make smart data handling decisions. ✑ Provide users with no ﬁca ons and guidance when a user sends personal data in Microso Teams. ✑ Provide users with recommenda ons to mi gate privacy risks. What should you include in the recommenda on? A. communica on compliance in insider risk management B. Microso Viva Insights C. Privacy Risk Management in Microso Priva D. Advanced eDiscovery Certlib ‑ Ques on 2 Exam SC‑100 topic 1 ques on 2 discussion ‑ ExamTopics You have an Azure subscrip on that has Microso Defender for Cloud enabled. Suspicious authen ca on ac vity alerts have been appearing in the Workload protec ons dashboard. You need to recommend a solu on to evaluate and remediate the alerts by using workﬂow automa on. The solu on must minimize development eﬀort. What should you include in the recommenda on? A. Azure Monitor webhooks B. Azure Event Hubs C. Azure Func ons apps D. Azure Logics Apps Certlib ‑ Ques on 3 Exam SC‑100 topic 1 ques on 3 discussion ‑ ExamTopics Your company is moving a big data solu on to Azure. The company plans to use the following storage workloads꞉ ✑ Azure Storage blob containers ✑ Azure Data Lake Storage Gen2 ✑ Azure Storage ﬁle shares ✑ Azure Disk Storage Which two storage workloads support authen ca on by using Azure Ac ve Directory (Azure AD)? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Azure Storage ﬁle shares B. Azure Disk Storage C. Azure Storage blob containers D. Azure Data Lake Storage Gen2 Certlib ‑ Ques on 4 Exam SC‑100 topic 1 ques on 4 discussion ‑ ExamTopics HOTSPOT ‑ Your company is migra ng data to Azure. The data contains Personally Iden ﬁable Informa on (PII). The company plans to use Microso Informa on Protec on for the PII data store in Azure. You need to recommend a solu on to discover PII data at risk in the Azure resources. What should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Hot Area꞉ Answer area To connect the Azure data sources to Microso Informa on Protec on꞉ To triage security alerts related to resources that contain PII data꞉ Op ons꞉ Azure Purview Endpoint data loss preven on Microso Defender for Cloud Apps Microso Informa on Protec on Azure Monitor Microso Defender for Cloud Certlib ‑ Ques on 5 Exam SC‑100 topic 1 ques on 5 discussion ‑ ExamTopics You have a Microso 365 E5 subscrip on and an Azure subscrip on. You are designing a Microso deployment. You need to recommend a solu on for the security opera ons team. The solu on must include custom views and a dashboard for analyzing security events. What should you recommend using in Microso Sen nel? A. notebooks B. playbooks C. workbooks D. threat intelligence Certlib ‑ Ques on 6 Exam SC‑100 topic 1 ques on 6 discussion ‑ ExamTopics Your company has a Microso 365 subscrip on and uses Microso Defender for Iden ty. You are informed about incidents that relate to compromised iden es. You need to recommend a solu on to expose several accounts for a ackers to exploit. When the a ackers a empt to exploit the accounts, an alert must be triggered. Which Defender for Iden ty feature should you include in the recommenda on? A. sensi vity labels B. custom user tags C. standalone sensors D. honeytoken en ty tags Certlib ‑ Ques on 7 Exam SC‑100 topic 1 ques on 7 discussion ‑ ExamTopics Your company is moving all on‑premises workloads to Azure and Microso 365. You need to design a security orchestra on, automa on, and response (SOAR) strategy in Microso Sen nel that meets the following requirements꞉ ✑ Minimizes manual interven on by security opera on analysts ✑ Supports triaging alerts within Microso Teams channels What should you include in the strategy? A. KQL B. playbooks C. data connectors D. workbooks Certlib ‑ Ques on 8 Exam SC‑100 topic 1 ques on 8 discussion ‑ ExamTopics You have an Azure subscrip on that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up mul ple mes a day by using Azure Backup. You are developing a strategy to protect against ransomware a acks. You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware a ack. Which two controls should you include in the recommenda on? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Enable so delete for backups. B. Require PINs for cri cal opera ons. C. Encrypt backups by using customer‑managed keys (CMKs). D. Perform oﬄine backups to Azure Data Box. E. Use Azure Monitor no ﬁca ons when backup conﬁgura ons change. Certlib ‑ Ques on 9 Exam SC‑100 topic 1 ques on 9 discussion ‑ ExamTopics HOTSPOT ‑ You are crea ng the security recommenda ons for an Azure App Service web app named App1. App1 has the following speciﬁca ons꞉ ✑ Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests. ✑ Users will authen cate by using Azure Ac ve Directory (Azure AD) user accounts. You need to recommend an access security architecture for App1. What should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. To enable azure ad authen ca onfor app1, use꞉ Azure AD Applica on Azure AD Applica on Proxy Azure Applica on Gateway A managed iden ty in Azure AD Micros Defender for App To implement access request for app1, use꞉ An access package in Iden ty Governance An access policy in Micros Defender for Cloud Apps An access review in Iden ty Governance Azure AD Condi onal Access App Control An OAuth app policy in Micros Defender for Cloud Apps Certlib ‑ Ques on 10 Exam SC‑100 topic 1 ques on 10 discussion ‑ ExamTopics HOTSPOT ‑ Your company uses Microso Defender for Cloud and Microso Sen nel. The company is designing an applica on that will have the architecture shown in the following exhibit. You are designing a logging and audi ng solu on for the proposed architecture. The solu on must meet the following requirements꞉ ✑ Integrate Azure Web Applica on Firewall (WAF) logs with Microso Sen nel. ✑ Use Defender for Cloud to review alerts from the virtual machines. What should you include in the solu on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Hot Area꞉ Answer area For WAF꞉ For the virtual machines꞉ Op ons꞉ The Azure Diagnos cs extension Azure Network Watcher Data Connectors Workﬂow automa on Azure Storage Analy cs The log Analy cs agent Certlib ‑ Ques on 11 Exam SC‑100 topic 1 ques on 11 discussion ‑ ExamTopics Your company has a third‑party security informa on and event management (SIEM) solu on that uses Splunk and Microso Sen nel. You plan to integrate Microso Sen nel with Splunk. You need to recommend a solu on to send security events from Microso Sen nel to Splunk. What should you include in the recommenda on? A. a Microso Sen nel data connector B. Azure Event Hubs C. a Microso Sen nel workbook D. Azure Data Factory Certlib ‑ Ques on 12 Exam SC‑100 topic 1 ques on 12 discussion ‑ ExamTopics A customer follows the Zero Trust model and explicitly veriﬁes each a empt to access its corporate applica ons. The customer discovers that several endpoints are infected with malware. The customer suspends access a empts from the infected endpoints. The malware is removed from the endpoints. Which two condi ons must be met before endpoint users can access the corporate applica ons again? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. The client access tokens are refreshed. B. Microso Intune reports the endpoints as compliant. C. A new Azure Ac ve Directory (Azure AD) Condi onal Access policy is enforced. D. Microso Defender for Endpoint reports the endpoints as compliant. Certlib ‑ Ques on 13 Exam SC‑100 topic 1 ques on 13 discussion ‑ ExamTopics HOTSPOT ‑ You have a Microso 365 subscrip on and an Azure subscrip on. Microso 365 Defender and Microso Defender for Cloud are enabled. The Azure subscrip on contains a Microso Sen nel workspace. Microso Sen nel data connectors are conﬁgured for Microso 365, Microso 365 Defender, Defender for Cloud, and Azure. You plan to deploy Azure virtual machines that will run Windows Server. You need to enable extended detec on and response (EDR) and security orchestra on, automa on, and response (SOAR) capabili es for Microso Sen nel. How should you recommend enabling each capability? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Hot Area꞉ EDR Op ons꞉ Add a Microso Sen nel data connector for Azure AD Add a Microso Sen nel data connector for Microsfot Defender for Cloud Apps Onboard the servers to Azure Arc Onboard the servers to Defender for Cloud SOAR op ons꞉ Conﬁgure Microso Sen nel analy cs rules Conﬁgure Microso Sen nel playbooks Conﬁgure regulatory compliance standards in Defender for Cloud Conﬁgure workﬂow automa on in Defender for Cloud Certlib ‑ Ques on 14 Exam SC‑100 topic 1 ques on 14 discussion ‑ ExamTopics You have a customer that has a Microso 365 subscrip on and uses the Free edi on of Azure Ac ve Directory (Azure AD). The customer plans to obtain an Azure subscrip on and provision several Azure resources. You need to evaluate the customer’s security environment. What will necessitate an upgrade from the Azure AD Free edi on to the Premium edi on? A. Azure AD Privileged Iden ty Management (PIM) B. role‑based authoriza on C. resource‑based authoriza on D. Azure AD Mul ‑Factor Authen ca on Certlib ‑ Ques on 15 Exam SC‑100 topic 1 ques on 15 discussion ‑ ExamTopics You are designing the security standards for a new Azure environment. You need to design a privileged iden ty strategy based on the Zero Trust model. Which framework should you follow to create the design? A. Microso Security Development Lifecycle (SDL) B. Enhanced Security Admin Environment (ESAE) C. Rapid Moderniza on Plan (RaMP) D. Microso Opera onal Security Assurance (OSA) Certlib ‑ Ques on 16 Exam SC‑100 topic 1 ques on 16 discussion ‑ ExamTopics A customer has a hybrid cloud infrastructure that contains a Microso 365 E5 subscrip on and an Azure subscrip on. All on‑premises servers in the perimeter network are prevented from connec ng directly to the internet. The customer recently recovered from a ransomware a ack. The customer plans to deploy Microso Sen nel. You need to recommend solu ons to meet the following requirements꞉ ✑ Ensure that the security opera ons team can access the security logs and the opera on logs. ✑ Ensure that the IT opera ons team can access only the opera ons logs, including the event logs of the servers in the perimeter network. Which two solu ons should you include in the recommenda on? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. a custom collector that uses the Log Analy cs agent B. the Azure Monitor agent C. resource‑based role‑based access control (RBAC) D. Azure Ac ve Directory (Azure AD) Condi onal Access policies Certlib ‑ Ques on 17 Exam SC‑100 topic 1 ques on 17 discussion ‑ ExamTopics Your company is developing a serverless applica on in Azure that will have the architecture shown in the following exhibit. You need to recommend a solu on to isolate the compute components on an Azure virtual network. What should you include in the recommenda on? A. Azure Ac ve Directory (Azure AD) enterprise applica ons B. an Azure App Service Environment (ASE) C. Azure service endpoints D. an Azure Ac ve Directory (Azure AD) applica on proxy Certlib ‑ Ques on 18 Exam SC‑100 topic 1 ques on 18 discussion ‑ ExamTopics HOTSPOT ‑ You are planning the security levels for a security access strategy. You need to iden fy which job roles to conﬁgure at which security levels. The solu on must meet security best prac ces of the Microso Cybersecurity Reference Architectures (MCRA). Which security level should you conﬁgure for each job role? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Op ons꞉ Enterprise security Privileged security Specialized security Answer꞉ Developer Standard User IT Administrator Certlib ‑ Ques on 19 Exam SC‑100 topic 1 ques on 19 discussion ‑ ExamTopics Your company plans to apply the Zero Trust Rapid Moderniza on Plan (RaMP) to its IT environment. You need to recommend the top three moderniza on areas to priori ze as part of the plan. Which three areas should you recommend based on RaMP? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. data, compliance, and governance B. infrastructure and development C. user access and produc vity D. opera onal technology (OT) and IoT E. modern security opera ons Certlib ‑ Ques on 20 Exam SC‑100 topic 1 ques on 20 discussion ‑ ExamTopics HOTSPOT ‑ For a Microso cloud environment, you are designing a security architecture based on the Microso Cybersecurity Reference Architectures (MCRA). You need to protect against the following external threats of an a ack chain꞉ An a acker a empts to exﬁltrate data to external websites. An a acker a empts lateral movement across domain‑joined computers. What should you include in the recommenda on for each threat? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Op ons꞉ Microso Defender for Cloud Apps Microso Defender for Iden ty Microso Defender for Oﬃce 365 Certlib ‑ Ques on 21 Exam SC‑100 topic 1 ques on 21 discussion ‑ ExamTopics For an Azure deployment, you are designing a security architecture based on the Microso Cloud Security Benchmark. You need to recommend a best prac ce for implemen ng service accounts for Azure API management. What should you include in the recommenda on? A. applica on registra ons in Azure AD B. managed iden es in Azure C. Azure service principals with usernames and passwords D. device registra ons in Azure AD E. Azure service principals with cer ﬁcate creden als Certlib ‑ Ques on 22 Exam SC‑100 topic 1 ques on 22 discussion ‑ ExamTopics You have an Azure AD tenant that syncs with an Ac ve Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid‑joined to Azure AD. You are designing a strategy to protect endpoints against ransomware. The strategy follows Microso Security Best Prac ces. You plan to remove all the domain accounts from the Administrators groups on the Windows computers. You need to recommend a solu on that will provide users with administra ve access to the Windows computers only when access is required. The solu on must minimize the lateral movement of ransomware a acks if an administrator account on a computer is compromised. What should you include in the recommenda on? A. Local Administrator Password Solu on (LAPS) B. Azure AD Iden ty Protec on C. Azure AD Privileged Iden ty Management (PIM) D. Privileged Access Worksta ons (PAWs) Certlib ‑ Ques on 23 Exam SC‑100 topic 1 ques on 23 discussion ‑ ExamTopics 29 DRAG DROP For a Microso cloud environment, you need to recommend a security architecture that follows the Zero Trust principles of the Microso Cybersecurity Reference Architectures (MCRA). Which security methodologies should you include in the recommenda on? To answer, drag the appropriate methodologies to the correct principles. Each methodology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE꞉ Each correct selec on is worth one point. Methodology꞉ Business con nuity Data classiﬁca on Just‑in‑ me (JIT) access Segmen ng access Answer꞉ Assume breach Verify explicitly Use least privilege access Certlib ‑ Ques on 24 Exam SC‑100 topic 1 ques on 24 discussion ‑ ExamTopics You have legacy opera onal technology (OT) devices and IoT devices. You need to recommend best prac ces for applying Zero Trust principles to the OT and IoT devices based on the Microso Cybersecurity Reference Architectures (MCRA). The solu on must minimize the risk of disrup ng business opera ons. Which two security methodologies should you include in the recommenda on? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. ac ve scanning B. threat monitoring C. so ware patching D. passive traﬃc monitoring Certlib ‑ Ques on 25 Exam SC‑100 topic 1 ques on 25 discussion ‑ ExamTopics You have an on‑premises network and a Microso 365 subscrip on. You are designing a Zero Trust security strategy. Which two security controls should you include as part of the Zero Trust solu on? Each correct answer presents part of the solu on. NOTE꞉ Each correct answer is worth one point. A. Always allow connec ons from the on‑premises network. B. Disable passwordless sign‑in for sensi ve accounts. C. Block sign‑in a empts from unknown loca ons. D. Block sign‑in a empts from noncompliant devices. Certlib ‑ Ques on 26 Exam SC‑100 topic 1 ques on 26 discussion ‑ ExamTopics You are designing a ransomware response plan that follows Microso Security Best Prac ces. You need to recommend a solu on to minimize the risk of a ransomware a ack encryp ng local user ﬁles. What should you include in the recommenda on? A. Windows Defender Device Guard B. Microso Defender for Endpoint C. Azure Files D. BitLocker Drive Encryp on (BitLocker) E. protected folders Certlib ‑ Ques on 27 Exam SC‑100 topic 1 ques on 27 discussion ‑ ExamTopics You have an Azure AD tenant that syncs with an Ac ve Directory Domain Services (AD DS) domain. You are designing an Azure DevOps solu on to deploy applica ons to an Azure subscrip on by using con nuous integra on and con nuous deployment (CI/CD) pipelines. You need to recommend which types of iden es to use for the deployment creden als of the service connec on. The solu on must follow DevSecOps best prac ces from the Microso Cloud Adop on Framework for Azure. What should you recommend? A. a managed iden ty in Azure B. an Azure AD user account that has role assignments in Azure AD Privileged Iden ty Management (PIM) C. a group managed service account (gMSA) D. an Azure AD user account that has a password stored in Azure Key Vault Certlib ‑ Ques on 28 Exam SC‑100 topic 1 ques on 28 discussion ‑ ExamTopics You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes. You need to recommend a solu on to ensure that deployed worker nodes have the latest kernel updates. The solu on must minimize administra ve eﬀort. What should you recommend? A. The nodes must restart a er the updates are applied. B. The updates must ﬁrst be applied to the image used to provision the nodes. C. The AKS cluster version must be upgraded. Certlib ‑ Ques on 29 Exam SC‑100 topic 1 ques on 29 discussion ‑ ExamTopics You have the following on‑premises servers that run Windows Server꞉ Two domain controllers in an Ac ve Directory Domain Services (AD DS) domain Two applica on servers named Server1 and Server2 that run ASP.NET web apps A VPN server named Served that authen cates by using RADIUS and AD DS End users use a VPN to access the web apps over the internet. You need to redesign a user access solu on to increase the security of the connec ons to the web apps. The solu on must minimize the a ack surface and follow the Zero Trust principles of the Microso Cybersecurity Reference Architectures (MCRA). What should you include in the recommenda on? A. Publish the web apps by using Azure AD Applica on Proxy. B. Conﬁgure the VPN to use Azure AD authen ca on. C. Conﬁgure connectors and rules in Microso Defender for Cloud Apps. D. Conﬁgure web protec on in Microso Defender for Endpoint. Certlib ‑ Ques on 30 Exam SC‑100 topic 1 ques on 30 discussion ‑ ExamTopics HOTSPOT ‑ You have a Microso 365 E5 subscrip on that uses Microso Purview, SharePoint Online, and OneDrive for Business. You need to recommend a ransomware protec on solu on that meets the following requirements꞉ Mi gates a acks that make copies of ﬁles, encrypt the copies, and then delete the original ﬁles Mi gates a acks that encrypt ﬁles in place Minimizes administra ve eﬀort What should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. The op ons are꞉ Data loss preven on (DLP) policies The recycle Bin Versioning Certlib ‑ Ques on 31 Exam SC‑100 topic 1 ques on 31 discussion ‑ ExamTopics You are designing a security opera ons strategy based on the Zero Trust framework. You need to minimize the opera onal load on Tier 1 Microso Security Opera ons Center (SOC) analysts. What should you do? A. Enable built‑in compliance policies in Azure Policy. B. Enable self‑healing in Microso 365 Defender. C. Automate data classiﬁca on. D. Create hun ng queries in Microso 365 Defender. Certlib ‑ Ques on 32 Exam SC‑100 topic 1 ques on 32 discussion ‑ ExamTopics You are designing a security opera ons strategy based on the Zero Trust framework. You need to increase the opera onal eﬃciency of the Microso Security Opera ons Center (SOC). Based on the Zero Trust framework, which three deployment objec ves should you priori ze in sequence? To answer move the appropriate objec ves from the list of objec ves to the answer area and arrange them in the correct order. These are the 5 ac on to choose from꞉ Establish ransommware recovery readiness Enable addi onal protec on and detec on controls Establish visibility Implement disaster recovery Enable automa on Certlib ‑ Ques on 33 Exam SC‑100 topic 2 ques on 1 discussion ‑ ExamTopics You are evalua ng an Azure environment for compliance. You need to design an Azure Policy implementa on that can be used to evaluate compliance without changing any resources. Which eﬀect should you use in Azure Policy? A. Deny B. Modify C. Append D. Disabled Certlib ‑ Ques on 34 Exam SC‑100 topic 2 ques on 2 discussion ‑ ExamTopics You have an Azure subscrip on that has Microso Defender for Cloud enabled. You are evalua ng the Azure Security Benchmark V3 report as shown in the following exhibit. You need to verify whether Microso Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate? A. Asset Management B. Posture and Vulnerability Management C. Data Protec on D. Endpoint Security E. Incident Response Certlib ‑ Ques on 35 Exam SC‑100 topic 2 ques on 3 discussion ‑ ExamTopics HOTSPOT ‑ You have a Microso 365 E5 subscrip on and an Azure subscrip on. You need to evaluate the exis ng environment to increase the overall security posture for the following components꞉ ✑ Windows 11 devices managed by Microso Intune ✑ Azure Storage accounts ✑ Azure virtual machines What should you use to evaluate the components? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Hot Area꞉ Windows 11 deviecs꞉ Azure virtual machines꞉ Azure Storage accounts꞉ Op ons꞉ Microso 365 compliance center Microso 365 Defender Microso Defender for Cloud Microso Sen nel Certlib ‑ Ques on 36 Exam SC‑100 topic 2 ques on 4 discussion ‑ ExamTopics Your company has an Azure subscrip on that has enhanced security enabled for Microso Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscrip on for NIST 800‑53 compliance. What should you do ﬁrst? A. From Azure Policy, assign a built‑in ini a ve that has a scope of the subscrip on. B. From Microso Sen nel, conﬁgure the Microso Defender for Cloud data connector. C. From Defender for Cloud, review the Azure security baseline for audit report. D. From Microso Defender for Cloud Apps, create an access policy for cloud applica ons. E. From Azure Policy, assign a built‑in policy deﬁni on that has a scope of the subscrip on. Certlib ‑ Ques on 37 Exam SC‑100 topic 2 ques on 30 discussion ‑ ExamTopics You have an Azure subscrip on that has Microso Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementa on. You plan to extend the Azure security strategy to the AWS implementa on. The solu on will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Microso Defender for Containers B. Microso Defender for servers C. Azure Ac ve Directory (Azure AD) Condi onal Access D. Azure Ac ve Directory (Azure AD) Privileged Iden ty Management (PIM) E. Azure Policy Certlib ‑ Ques on 38 Exam SC‑100 topic 2 ques on 6 discussion ‑ ExamTopics Your company has on‑premises network in Sea le and an Azure subscrip on. The on‑premises network contains a Remote Desktop server. The company contracts a third‑party development ﬁrm from France to develop and deploy resources to the virtual machines hosted in the Azure subscrip on. Currently, the ﬁrm establishes an RDP connec on to the Remote Desktop server. From the Remote Desktop connec on, the ﬁrm can access the virtual machines hosted in Azure by using custom administra ve tools installed on the Remote Desktop server. All the traﬃc to the Remote Desktop server is captured by a ﬁrewall, and the ﬁrewall only allows speciﬁc connec ons from France to the server. You need to recommend a modern security solu on based on the Zero Trust model. The solu on must minimize latency for developers. Which three ac ons should you recommend? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Conﬁgure network security groups (NSGs) to allow access from only speciﬁc logical groupings of IP address ranges. B. Deploy a Remote Desktop server to an Azure region located in France. C. Migrate from the Remote Desktop server to Azure Virtual Desktop. D. Implement Azure Firewall to restrict host pool outbound access. E. Conﬁgure Azure Ac ve Directory (Azure AD) Condi onal Access with mul ‑factor authen ca on (MFA) and named loca ons. Certlib ‑ Ques on 39 Exam SC‑100 topic 2 ques on 7 discussion ‑ ExamTopics HOTSPOT ‑ Your company has a mul ‑cloud environment that contains a Microso 365 subscrip on, an Azure subscrip on, and Amazon Web Services (AWS) implementa on. You need to recommend a security posture management solu on for the following components꞉ ✑ Azure IoT Edge devices ✑ AWS EC2 instances Which services should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Op ons꞉ Azure arc only Microfso defender for cloud and azure arc Microfso defender for clouds apps only Microfso defender for Cloud Only Microfso defender for Endpoint and Azure Arc Microfso defender for Endpoint only Microfso defender for IoT Certlib ‑ Ques on 40 Exam SC‑100 topic 2 ques on 8 discussion ‑ ExamTopics Your company has a hybrid cloud infrastructure. The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applica ons and data on the company’s on‑premises network. The company’s secu ty policy prevents the use of personal devices for accessing company data and applica ons. You need to recommend a solu on to provide the temporary employee with access to company resources. The solu on must be able to scale on demand. What should you include in the recommenda on? A. Deploy Azure Virtual Desktop, Azure Ac ve Directory (Azure AD) Condi onal Access, and Microso Defender for Cloud Apps. B. Redesign the VPN infrastructure by adop ng a split tunnel conﬁgura on. C. Deploy Microso Endpoint Manager and Azure Ac ve Directory (Azure AD) Condi onal Access. D. Migrate the on‑premises applica ons to cloud‑based applica ons. Certlib ‑ Ques on 41 Exam SC‑100 topic 2 ques on 9 discussion ‑ ExamTopics Your company is preparing for cloud adop on. You are designing security for Azure landing zones. Which two preventa ve controls can you implement to increase the secure score? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Azure Web Applica on Firewall (WAF) B. Azure Ac ve Directory (Azure AD) Privileged Iden ty Management (PIM) C. Microso Sen nel D. Azure Firewall E. Microso Defender for Cloud alerts Certlib ‑ Ques on 42 Exam SC‑100 topic 2 ques on 10 discussion ‑ ExamTopics You are designing security for an Azure landing zone. Your company iden ﬁes the following compliance and privacy requirements꞉ ✑ Encrypt cardholder data by using encryp on keys managed by the company. ✑ Encrypt insurance claim ﬁles by using encryp on keys hosted on‑premises. Which two conﬁgura ons meet the compliance and privacy requirements? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Store the cardholder data in an Azure SQL database that is encrypted by using Microso ‑managed keys. B. Store the insurance claim data in Azure Blob storage encrypted by using customer‑provided keys. C. Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM. D. Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM. Certlib ‑ Ques on 43 Exam SC‑100 topic 2 ques on 11 discussion ‑ ExamTopics You have an Azure subscrip on that has Microso Defender for Cloud enabled. You need to enforce ISO 27001꞉2013 standards for the subscrip on. The solu on must ensure that noncompliant resources are remediated automa cally. What should you use? A. Azure Policy B. Azure Blueprints C. the regulatory compliance dashboard in Defender for Cloud D. Azure role‑based access control (Azure RBAC) Certlib ‑ Ques on 44 Exam SC‑100 topic 2 ques on 12 discussion ‑ ExamTopics You have a Microso 365 subscrip on. You need to recommend a security solu on to monitor the following ac vi es꞉ ✑ User accounts that were poten ally compromised ✑ Users performing bulk ﬁle downloads from Microso SharePoint Online What should you include in the recommenda on for each ac vity? To answer, drag the appropriate components to the correct ac vi es. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE꞉ Each correct selec on is worth one point. Answer area User accounts that were poten ally compromised꞉ Users performing bulk ﬁle downloads from Microso SharePoint Online꞉ Op ons A data loss preven on (DLP) policy Azure Ac ve Directory (Azure AD) Condi on Access Azure Ac ve Directory (Azure AD) Iden ty Protec on Microso Defender for Cloud Microso Defender for Cloud Apps Certlib ‑ Ques on 45 Exam SC‑100 topic 2 ques on 13 discussion ‑ ExamTopics Your company ﬁnalizes the adop on of Azure and is implemen ng Microso Defender for Cloud. You receive the following recommenda ons in Defender for Cloud ✑ Access to storage accounts with ﬁrewall and virtual network conﬁgura ons should be restricted. ✑ Storage accounts should restrict network access using virtual network rules. ✑ Storage account should use a private link connec on. ✑ Storage account public access should be disallowed. You need to recommend a service to mi gate iden ﬁed risks that relate to the recommenda ons. What should you recommend? A. Azure Policy B. Azure Network Watcher C. Azure Storage Analy cs D. Microso Sen nel Certlib ‑ Ques on 46 Exam SC‑100 topic 2 ques on 14 discussion ‑ ExamTopics You receive a security alert in Microso Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.) MicroBurst exploita on tollkit used to extract keys to your storage accounts A er remedia ng the threat, which policy deﬁni on should you assign to prevent the threat from reoccurring? A. Storage account public access should be disallowed B. Azure Key Vault Managed HSM should have purge protec on enabled C. Storage accounts should prevent shared key access D. Storage account keys should not be expired Certlib ‑ Ques on 47 Exam SC‑100 topic 2 ques on 15 discussion ‑ ExamTopics You have 50 Azure subscrip ons. You need to monitor the resource in the subscrip ons for compliance with the ISO 27001꞉2013 standards. The solu on must minimize the eﬀort required to modify the list of monitored policy deﬁni ons for the subscrip ons. What are two ways to achieve the goal? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Assign an ini a ve to a management group. B. Assign a policy to each subscrip on. C. Assign a policy to a management group. D. Assign an ini a ve to each subscrip on. E. Assign a blueprint to each subscrip on. F. Assign a blueprint to a management group. Certlib ‑ Ques on 48 Exam SC‑100 topic 2 ques on 16 discussion ‑ ExamTopics You open Microso Defender for Cloud as shown in the following exhibit. Use the drop‑down menus to select the answer choice that completes each statement based on the informa on presented in the graphic. NOTE꞉ Each correct selec on is worth one point. To increase the score for the Restrict unauthorized network access control implement꞉ Azure Ac ve Directory (Azure AD) Condi onal Access Policies Azure Web Applica on ﬁrewall (WAF) Azure Network Security Groups (NSGs) To increase the score for the enable endpoint protec on control implement꞉ Microso Defender for Resource Manager Microso Defender for servers private endpoints Certlib ‑ Ques on 49 ‑ group Azure Security Benchmark V3 report Exam SC‑100 topic 2 ques on 17 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You have an Azure subscrip on that has Microso Defender for Cloud enabled. You are evalua ng the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a poten al 8 points. You need to recommend conﬁgura ons to increase the score of the Secure management ports controls. Solu on꞉ You recommend enabling the VMAccess extension on all virtual machines. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 50 ‑ group Azure Security Benchmark V3 report Exam SC‑100 topic 2 ques on 18 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You have an Azure subscrip on that has Microso Defender for Cloud enabled. You are evalua ng the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a poten al 8 points. You need to recommend conﬁgura ons to increase the score of the Secure management ports controls. Solu on꞉ You recommend enabling adap ve network hardening. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 51 ‑ group Azure Security Benchmark V3 report Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You have an Azure subscrip on that has Microso Defender for Cloud enabled. You are evalua ng the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a poten al 8 points. You need to recommend conﬁgura ons to increase the score of the Secure management ports controls. Solu on꞉ You recommend enabling just‑in‑ me (JIT) VM access on all virtual machines. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 52 ‑ group MongoDB Exam SC‑100 topic 2 ques on 20 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. Your on‑premises network contains an e‑commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solu on architecture team proposes the following architecture as an Azure landing zone. You need to provide recommenda ons to secure the connec on between the web app and the database. The solu on must follow the Zero Trust model. Solu on꞉ You recommend crea ng private endpoints for the web app and the database layer. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 53 ‑ group MongoDB Exam SC‑100 topic 2 ques on 21 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. Your on‑premises network contains an e‑commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solu on architecture team proposes the following architecture as an Azure landing zone. You need to provide recommenda ons to secure the connec on between the web app and the database. The solu on must follow the Zero Trust model. Solu on꞉ You recommend implemen ng Azure Key Vault to store creden als. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 54 ‑ group MongoDB Exam SC‑100 topic 2 ques on 22 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. Your on‑premises network contains an e‑commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solu on architecture team proposes the following architecture as an Azure landing zone. You need to provide recommenda ons to secure the connec on between the web app and the database. The solu on must follow the Zero Trust model. Solu on꞉ You recommend implemen ng Azure Applica on Gateway with Azure Web Applica on Firewall (WAF). Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 55 Exam SC‑100 topic 2 ques on 23 discussion ‑ ExamTopics You have a Microso 365 subscrip on and an Azure subscrip on. Microso 365 Defender and Microso Defender for Cloud are enabled. The Azure subscrip on contains 50 virtual machines. Each virtual machine runs diﬀerent applica ons on Windows Server 2019. You need to recommend a solu on to ensure that only authorized applica ons can run on the virtual machines. If an unauthorized applica on a empts to run or be installed, the applica on must be blocked automa cally un l an administrator authorizes the applica on. Which security control should you recommend? A. adap ve applica on controls in Defender for Cloud B. app protec on policies in Microso Endpoint Manager C. app discovery anomaly detec on policies in Microso Defender for Cloud Apps D. Azure Security Benchmark compliance controls in Defender for Cloud Ques on 56 ‑ group MongoDB Exam SC‑100 topic 2 ques on 20 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. Your on‑premises network contains an e‑commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solu on architecture team proposes the following architecture as an Azure landing zone. You need to provide recommenda ons to secure the connec on between the web app and the database. The solu on must follow the Zero Trust model. Solu on꞉ You recommend crea ng private endpoints for the web app and the database layer. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 57 Exam SC‑100 topic 2 ques on 47 discussion ‑ ExamTopics You have a customer that has a Microso 365 subscrip on and an Azure subscrip on. The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on‑premises and in Azure. You need to design a security solu on to assess whether all the devices meet the customer’s compliance rules. What should you include in the solu on? A. Microso Defender for Endpoint B. Microso Endpoint Manager C. Microso Purview Informa on Protec on D. Microso Sen nel E. Microso Intune Certlib ‑ Ques on 58 ‑ group Azure Security Benchmark V3 report Exam SC‑100 topic 2 ques on 26 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You have an Azure subscrip on that has Microso Defender for Cloud enabled. You are evalua ng the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a poten al 8 points. You need to recommend conﬁgura ons to increase the score of the Secure management ports controls. Solu on꞉ You recommend onboarding all virtual machines to Microso Defender for Endpoint. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 59 Exam SC‑100 topic 2 ques on 4 discussion ‑ ExamTopics Your company has an Azure subscrip on that has enhanced security enabled for Microso Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscrip on for NIST 800‑53 compliance. What should you do ﬁrst? A. From Defender for Cloud, review the secure score recommenda ons. B. From Microso Sen nel, conﬁgure the Microso Defender for Cloud data connector. C. From Defender for Cloud, review the Azure security baseline for audit report. D. From Defender for Cloud, add a regulatory compliance standard. E. From Azure Policy, assign a built‑in ini a ve that has a scope of the subscrip on. F. From Microso Defender for Cloud Apps, create an access policy for cloud applica ons. Certlib ‑ Ques on 60 Exam SC‑100 topic 2 ques on 28 discussion ‑ ExamTopics Your company has devices that run either Windows 10, Windows 11, or Windows Server. You are in the process of improving the security posture of the devices. You plan to use security baselines from the Microso Security Compliance Toolkit. What should you recommend using to compare the baselines to the current device conﬁgura ons? A. Microso Intune B. Local Group Policy Object (LGPO) C. Windows Autopilot D. Policy Analyzer Certlib ‑ Ques on 61 Exam SC‑100 topic 2 ques on 29 discussion ‑ ExamTopics You have an Azure subscrip on that is used as an Azure landing zone for an applica on. You need to evaluate the security posture of all the workloads in the landing zone. What should you do ﬁrst? A. Conﬁgure Con nuous Integra on/Con nuous Deployment (CI/CD) vulnerability scanning. B. Obtain Azure AD Premium Plan 2 licenses. C. Add Microso Sen nel data connectors. D. Enable the Defender plan for all resource types in Microso Defender for Cloud. Certlib ‑ Ques on 62 Exam SC‑100 topic 2 ques on 33 discussion ‑ ExamTopics Your company has an Azure subscrip on that has enhanced security enabled for Microso Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscrip on for NIST 800‑53 compliance. What should you do ﬁrst? A. From Azure Policy, assign a built‑in ini a ve that has a scope of the subscrip on. B. From Azure Policy, assign a built‑in policy deﬁni on that has a scope of the subscrip on. C. From Defender for Cloud, review the Azure security baseline for audit report. D. From Microso Defender for Cloud Apps, create an access policy for cloud applica ons. Certlib ‑ Ques on 63 Exam SC‑100 topic 2 ques on 27 discussion ‑ ExamTopics Your company has an Azure subscrip on that uses Microso Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscrip on for NIST 800‑53 compliance. What should you do ﬁrst? A. From Defender for Cloud, review the Azure security baseline for audit report. B. From Microso Defender for Cloud Apps, create an access policy for cloud applica ons. C. From Defender for Cloud, enable Defender for Cloud plans. D. From Azure Policy, assign a built‑in ini a ve that has a scope of the subscrip on. Certlib ‑ Ques on 64 Exam SC‑100 topic 2 ques on 4 discussion ‑ ExamTopics Your company has an Azure subscrip on that uses Microso Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscrip on for NIST 800‑53 compliance. What should you do ﬁrst? A. From Microso Sen nel, conﬁgure the Microso Defender for Cloud data connector. B. From Microso Defender for Cloud Apps, create an access policy for cloud applica ons. C. From Defender for Cloud, enable Defender for Cloud plans. D. From Defender for Cloud, add a regulatory compliance standard. Certlib ‑ Ques on 65 Exam SC‑100 topic 2 ques on 4 discussion ‑ ExamTopics Your company has an Azure subscrip on that uses Microso Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscrip on for NIST 800‑53 compliance. What should you do ﬁrst? A. From Defender for Cloud, enable Defender for Cloud plans. B. From Defender for Cloud, review the Azure security baseline for audit report. C. From Defender for Cloud, add a regulatory compliance standard. D. From Microso Defender for Cloud Apps, create an access policy for cloud applica ons. Certlib ‑ Ques on 68 Exam SC‑100 topic 2 ques on 36 discussion ‑ ExamTopics You have an Azure subscrip on. Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions. What should you recommend using to enforce the governance requirement? A. Azure management groups B. custom Azure roles C. Azure Policy assignments D. regulatory compliance standards in Microso Defender for Cloud Certlib ‑ Ques on 69 Exam SC‑100 topic 2 ques on 37 discussion ‑ ExamTopics HOTSPOT ‑ You have a Microso 365 subscrip on that is protected by using Microso 365 Defender. You are designing a security opera ons strategy that will use Microso Sen nel to monitor events from Microso 365 and Microso 365 Defender. You need to recommend a solu on to meet the following requirements꞉ Integrate Microso Sen nel with a third‑party security vendor to access informa on about known malware. Automa cally generate incidents when the IP address of a command‑and‑control server is detected in the events. What should you conﬁgure in Microso Sen nel to meet each requirement? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Integrate Microso Sen nel with a third‑party꞉ Automa cally generate incidents꞉ Op ons꞉ Custom en ty ac vi es A playbook A threat detec on rule A threat indicator A threat intelligence connector Certlib ‑ Ques on 70 Exam SC‑100 topic 2 ques on 11 discussion ‑ ExamTopics You have an Azure subscrip on that has Microso Defender for Cloud enabled. You need to enforce ISO 27001꞉2013 standards for new resources deployed to the subscrip on. The solu on must ensure that noncompliant resources are automa cally detected. What should you use? A. Azure Blueprints B. the regulatory compliance dashboard in Defender for Cloud C. Azure Policy D. Azure role‑based access control (Azure RBAC) Certlib ‑ Ques on 71 Exam SC‑100 topic 2 ques on 39 discussion ‑ ExamTopics DRAG DROP ‑ You have a hybrid Azure AD tenant that has pass‑through authen ca on enabled. You are designing an iden ty security strategy. You need to minimize the impact of brute force password a acks and leaked creden als of hybrid iden es. What should you include in the design? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE꞉ Each correct selec on is worth one point. Features Azure AD Password Protec on Extranet Smart Lockout (ESL) Password hash synchroniza on Answer꞉ For brute force password a acks For leaked creden als Certlib ‑ Ques on 72 Exam SC‑100 topic 2 ques on 40 discussion ‑ ExamTopics HOTSPOT ‑ You are designing the security architecture for a cloud‑only environment. You are reviewing the integra on point between Microso 365 Defender and other Microso cloud services based on Microso Cybersecurity Reference Architectures (MCRA). You need to recommend which Microso cloud services integrate directly with Microso 365 Defender and meet the following requirements꞉ Enforce data loss preven on (DLP) policies that can be managed directly from the Microso 365 Defender portal. Detect and respond to security threats based on User and En ty Behavior Analy cs (UEBA) with uniﬁed aler ng. What should you include in the recommenda on for each requirement? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. DLP꞉ Azure Data Catalog Azure Data Explorer Microso Purview UEBA꞉ Azure AD Iden ty Protec on Microso Defender for Iden ty Microso Entra Veriﬁed ID Certlib ‑ Ques on 73 Exam SC‑100 topic 2 ques on 41 discussion ‑ ExamTopics HOTSPOT ‑ You have a Microso 365 E5 subscrip on that uses Microso Exchange Online. You need to recommend a solu on to prevent malicious actors from impersona ng the email addresses of internal senders. What should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Service꞉ Azure AD Iden ty Protec on Microso Defender for DNS Microso Defender for Oﬃce 365 Microso Purview Policy Type꞉ An ‑phishing An ‑spam Data loss preven on (DLP) Insider risk managment Certlib ‑ Ques on 74 Exam SC‑100 topic 2 ques on 42 discussion ‑ ExamTopics HOTSPOT ‑ Your network contains an on‑premises Ac ve Directory Domain Services (AD DS) domain. The domain contains a server that runs Windows Server and hosts shared folders. The domain syncs with Azure AD by using Azure AD Connect. Azure AD Connect has group writeback enabled. You have a Microso 365 subscrip on that uses Microso SharePoint Online. You have mul ple project teams. Each team has an AD DS group that syncs with Azure AD. Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users rou nely move between project teams. You need to recommend an Azure AD Iden ty Governance solu on that meets the following requirements꞉ Project managers must verify that their project group contains only the current members of their project team. The members of each project team must only have access to the resources of the project to which they are assigned. Users must be removed from a project group automa cally if the project manager has NOT veriﬁed the group’s membership for 30 days. Administra ve eﬀort must be minimized. What should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Iden ty Governance feature꞉ Access reviews Azure AD Privileged Iden ty Mangement (PIM) En tlement management Lifecycle workﬂows Project team conﬁgura on꞉ Enable group writeback for exis ng synced groups From Azure AD, create a new cloud‑only security group for each project Azure AD, create security group for each project and enable group writeback for each group Certlib ‑ Ques on 75 Exam SC‑100 topic 2 ques on 43 discussion ‑ ExamTopics HOTSPOT ‑ You are designing a privileged access strategy for a company named Contoso, Ltd. and its partner company named Fabrikam, Inc. Contoso has an Azure AD tenant named contoso.com. Fabrikam has an Azure AD tenant named fabrikam.com. Users at Fabrikam must access the resources in contoso.com. You need to provide the Fabrikam users with access to the Contoso resources by using access packages. The solu on must meet the following requirements꞉ Ensure that the Fabrikam users can use the Contoso access packages without explicitly crea ng guest accounts in contoso.com. Allow non‑administra ve users in contoso.com to create the access packages. What should you use for each requirement? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Ensure that the Fabrikam users can use the access packages without explicitly crea ng guest accounts in contoso.com꞉ A connected orginiza on An external organiza on An iden ty provider Allow non‑administra ve users in contoso.com to create the access packages by crea ng꞉ Administra ve units Catalogs Programs Certlib ‑ Ques on 76 Exam SC‑100 topic 4 ques on 1 discussion ‑ ExamTopics You have a Microso 365 subscrip on and an Azure subscrip on. Microso 365 Defender and Microso Defender for Cloud are enabled. The Azure subscrip on contains 50 virtual machines. Each virtual machine runs diﬀerent applica ons on Windows Server 2019. You need to recommend a solu on to ensure that only authorized applica ons can run on the virtual machines. If an unauthorized applica on a empts to run or be installed, the applica on must be blocked automa cally un l an administrator authorizes the applica on. Which security control should you recommend? A. app discovery anomaly detec on policies in Microso Defender for Cloud Apps B. Azure Security Benchmark compliance controls in Defender for Cloud C. app registra ons in Azure AD D. applica on control policies in Microso Defender for Endpoint Certlib ‑ Ques on 78 Exam SC‑100 topic 4 ques on 1 discussion ‑ ExamTopics You have a Microso 365 subscrip on and an Azure subscrip on. Microso 365 Defender and Microso Defender for Cloud are enabled. The Azure subscrip on contains 50 virtual machines. Each virtual machine runs diﬀerent applica ons on Windows Server 2019. You need to recommend a solu on to ensure that only authorized applica ons can run on the virtual machines. If an unauthorized applica on a empts to run or be installed, the applica on must be blocked automa cally un l an administrator authorizes the applica on. Which security control should you recommend? A. app registra ons in Azure Ac ve Directory (Azure AD) B. OAuth app policies in Microso Defender for Cloud Apps C. Azure Security Benchmark compliance controls in Defender for Cloud D. applica on control policies in Microso Defender for Endpoint Certlib ‑ Ques on 79 Exam SC‑100 topic 2 ques on 47 discussion ‑ ExamTopics You have a customer that has a Microso 365 subscrip on and an Azure subscrip on. The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on‑premises and in Azure. You need to design a security solu on to assess whether all the devices meet the customer’s compliance rules. What should you include in the solu on? A. Microso Sen nel B. Microso Purview Informa on Protec on C. Microso Intune D. Microso Defender for Endpoint Certlib ‑ Ques on 80 Exam SC‑100 topic 3 ques on 1 discussion ‑ ExamTopics You have Microso Defender for Cloud assigned to Azure management groups. You have a Microso Sen nel deployment. During the triage of alerts, you require addi onal informa on about the security events, including sugges ons for remedia on. Which two components can you use to achieve the goal? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Microso Sen nel threat intelligence workbooks B. Microso Sen nel notebooks C. threat intelligence reports in Defender for Cloud D. workload protec ons in Defender for Cloud Certlib ‑ Ques on 81 Exam SC‑100 topic 3 ques on 2 discussion ‑ ExamTopics A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscrip ons. You are evalua ng the security posture of the customer. You discover that the AKS resources are excluded from the secure score recommenda ons. You need to produce accurate recommenda ons and update the secure score. Which two ac ons should you recommend in Microso Defender for Cloud? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Enable Defender plans. B. Conﬁgure auto provisioning. C. Add a workﬂow automa on. D. Assign regulatory compliance policies. E. Review the inventory. Certlib ‑ Ques on 82 Exam SC‑100 topic 3 ques on 3 discussion ‑ ExamTopics Your company has an oﬃce in Sea le. The company has two Azure virtual machine scale sets hosted on diﬀerent virtual networks. The company plans to contract developers in India. You need to recommend a solu on provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solu on must meet the following requirements꞉ ✑ Prevent exposing the public IP addresses of the virtual machines. ✑ Provide the ability to connect without using a VPN. ✑ Minimize costs. Which two ac ons should you perform? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Create a hub and spoke network by using virtual network peering. B. Deploy Azure Bas on to each virtual network. C. Deploy Azure Bas on to one virtual network. D. Create NAT rules and network rules in Azure Firewall. E. Enable just‑in‑ me VM access on the virtual machines. Certlib ‑ Ques on 83 Exam SC‑100 topic 3 ques on 4 discussion ‑ ExamTopics HOTSPOT ‑ You are designing security for a runbook in an Azure Automa on account. The runbook will copy data to Azure Data Lake Storage Gen2. You need to recommend a solu on to secure the components of the copy process. What should you include in the recommenda on for each component? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Data security꞉ Network access control꞉ Op ons꞉ Access keys stored in Azure Key Vault Automa on Contributor built‑in role Azure Private Link with network service tags Azure Web Applica on Firewall rules with network service tags Certlib ‑ Ques on 84 Exam SC‑100 topic 3 ques on 5 discussion ‑ ExamTopics You have Windows 11 devices and Microso 365 E5 licenses. You need to recommend a solu on to prevent users from accessing websites that contain adult content such as gambling sites. What should you include in the recommenda on? A. Compliance Manager B. Microso Defender for Cloud Apps C. Microso Endpoint Manager D. Microso Defender for Endpoint Certlib ‑ Ques on 85 Exam SC‑100 topic 3 ques on 6 discussion ‑ ExamTopics Your company has a Microso 365 E5 subscrip on. The company plans to deploy 45 mobile self‑service kiosks that will run Windows 10. You need to provide recommenda ons to secure the kiosks. The solu on must meet the following requirements꞉ ✑ Ensure that only authorized applica ons can run on the kiosks. ✑ Regularly harden the kiosks against new threats. Which two ac ons should you include in the recommenda ons? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Implement Automated inves ga on and Remedia on (AIR) in Microso Defender for Endpoint. B. Onboard the kiosks to Microso intune and Microso Defender for Endpoint. C. Implement threat and vulnerability management in Microso Defender for Endpoint. D. Onboard the kiosks to Azure Monitor. E. Implement Privileged Access Worksta on (PAW) for the kiosks. Certlib ‑ Ques on 86 Exam SC‑100 topic 3 ques on 7 discussion ‑ ExamTopics You have a Microso 365 E5 subscrip on. You need to recommend a solu on to add a watermark to email a achments that contain sensi ve data. What should you include in the recommenda on? A. Microso Defender for Cloud Apps B. Microso Informa on Protec on C. insider risk management D. Azure Purview Certlib ‑ Ques on 87 Exam SC‑100 topic 3 ques on 8 discussion ‑ ExamTopics Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States. You need to recommend a solu on to prevent malicious bots from scanning the web apps for vulnerabili es. The solu on must minimize the a ack surface. What should you include in the recommenda on? A. Azure Firewall Premium B. Azure Traﬃc Manager and applica on security groups C. Azure Applica on Gateway Web Applica on Firewall (WAF) D. network security groups (NSGs) Certlib ‑ Ques on 88 ‑ group AES‑256 keys Exam SC‑100 topic 3 ques on 9 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You are designing the encryp on standards for data at rest for an Azure resource. You need to provide recommenda ons to ensure that the data at rest is encrypted by using AES‑256 keys. The solu on must support rota ng the encryp on keys monthly. Solu on꞉ For blob containers in Azure Storage, you recommend encryp on that uses Microso ‑managed keys within an encryp on scope. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 89 ‑ group AES‑256 keys Exam SC‑100 topic 3 ques on 10 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You are designing the encryp on standards for data at rest for an Azure resource. You need to provide recommenda ons to ensure that the data at rest is encrypted by using AES‑256 keys. The solu on must support rota ng the encryp on keys monthly. Solu on꞉ For Azure SQL databases, you recommend Transparent Data Encryp on (TDE) that uses Microso ‑ managed keys. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 90 ‑ group AES‑256 keys Exam SC‑100 topic 3 ques on 11 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You are designing the encryp on standards for data at rest for an Azure resource. You need to provide recommenda ons to ensure that the data at rest is encrypted by using AES‑256 keys. The solu on must support rota ng the encryp on keys monthly. Solu on꞉ For blob containers in Azure Storage, you recommend encryp on that uses customer‑managed keys (CMKs). Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 91 ‑ group Azure Front Door Exam SC‑100 topic 3 ques on 12 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solu on to ensure that the web apps only allow access through the Front Door instance. Solu on꞉ You recommend access restric ons to allow traﬃc from the backend IP address of the Front Door instance. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 92 ‑ group Azure Front Door Exam SC‑100 topic 4 ques on 14 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solu on to ensure that the web apps only allow access through the Front Door instance. Solu on꞉ You recommend access restric ons that allow traﬃc from the Front Door service tags. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 93 ‑ group Azure Front Door Exam SC‑100 topic 3 ques on 14 discussion ‑ ExamTopics Note꞉ This ques on is part of a series of ques ons that present the same scenario. Each ques on in the series contains a unique solu on that might meet the stated goals. Some ques on sets might have more than one correct solu on, while others might not have a correct solu on. A er you answer a ques on in this sec on, you will NOT be able to return to it. As a result, these ques ons will not appear in the review screen. You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solu on to ensure that the web apps only allow access through the Front Door instance. Solu on꞉ You recommend access restric ons based on HTTP headers that have the Front Door ID. Does this meet the goal? A. Yes B. No Certlib ‑ Ques on 94 Exam SC‑100 topic 3 ques on 15 discussion ‑ ExamTopics Your company is designing an applica on architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.) Communica on between the on‑premises network and Azure uses an ExpressRoute connec on. You need to recommend a solu on to ensure that the web apps can communicate with the on‑premises applica on server. The solu on must minimize the number of public IP addresses that are allowed to access the on‑premises network. What should you include in the recommenda on? A. Azure Traﬃc Manager with priority traﬃc‑rou ng methods B. Azure Firewall with policy rule sets C. Azure Front Door with Azure Web Applica on Firewall (WAF) D. Azure Applica on Gateway v2 with user‑deﬁned routes (UDRs) Certlib ‑ Ques on 95 Exam SC‑100 topic 3 ques on 16 discussion ‑ ExamTopics You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solu on to audit all users that access the data in the Azure Cosmos DB accounts. Which two conﬁgura ons should you include in the recommenda on? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Send the Azure Ac ve Directory (Azure AD) sign‑in logs to a Log Analy cs workspace. B. Enable Microso Defender for Iden ty. C. Send the Azure Cosmos DB logs to a Log Analy cs workspace. D. Disable local authen ca on for Azure Cosmos DB. E. Enable Microso Defender for Cosmos DB. Certlib ‑ Ques on 96 Exam SC‑100 topic 3 ques on 17 discussion ‑ ExamTopics You have an Azure subscrip on that contains several storage accounts. The storage accounts are accessed by legacy applica ons that are authen cated by using access keys. You need to recommend a solu on to prevent new applica ons from obtaining the access keys of the storage accounts. The solu on must minimize the impact on the legacy applica ons. What should you include in the recommenda on? A. Set the AllowSharedKeyAccess property to false. B. Apply read‑only locks on the storage accounts. C. Set the AllowBlobPublicAccess property to false. D. Conﬁgure automated key rota on. Certlib ‑ Ques on 97 Exam SC‑100 topic 3 ques on 18 discussion ‑ ExamTopics You are designing the security standards for containerized applica ons onboarded to Azure. You are evalua ng the use of Microso Defender for Containers. In which two environments can you use Defender for Containers to scan for known vulnerabili es? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Linux containers deployed to Azure Container Instances B. Windows containers deployed to Azure Kubernetes Service (AKS) C. Windows containers deployed to Azure Container Registry D. Linux containers deployed to Azure Container Registry E. Linux containers deployed to Azure Kubernetes Service (AKS) Certlib ‑ Ques on 98 Exam SC‑100 topic 3 ques on 19 discussion ‑ ExamTopics Your company has a hybrid cloud infrastructure that contains an on‑premises Ac ve Directory Domain Services (AD DS) forest, a Microso 365 subscrip on, and an Azure subscrip on. The company’s on‑premises network contains internal web apps that use Kerberos authen ca on. Currently, the web apps are accessible only from the network. You have remote users who have personal devices that run Windows 11. You need to recommend a solu on to provide the remote users with the ability to access the web apps. The solu on must meet the following requirements꞉ ✑ Prevent the remote users from accessing any other resources on the network. ✑ Support Azure Ac ve Directory (Azure AD) Condi onal Access. ✑ Simplify the end‑user experience. What should you include in the recommenda on? A. Azure AD Applica on Proxy B. web content ﬁltering in Microso Defender for Endpoint C. Microso Tunnel D. Azure Virtual WAN Certlib ‑ Ques on 99 Exam SC‑100 topic 3 ques on 20 discussion ‑ ExamTopics You have an on‑premises network that has several legacy applica ons. The applica ons perform LDAP queries against an exis ng directory service. You are migra ng the on‑premises infrastructure to a cloud‑only infrastructure. You need to recommend an iden ty solu on for the infrastructure that supports the legacy applica ons. The solu on must minimize the administra ve eﬀort to maintain the infrastructure. Which iden ty service should you include in the recommenda on? A. Azure Ac ve Directory (Azure AD) B2C B. Azure Ac ve Directory Domain Services (Azure AD DS) C. Azure Ac ve Directory (Azure AD) D. Ac ve Directory Domain Services (AD DS) Certlib ‑ Ques on 100 Exam SC‑100 topic 3 ques on 21 discussion ‑ ExamTopics HOTSPOT ‑ Your company has a Microso 365 ES subscrip on, an Azure subscrip on, on‑premises applica ons, and Ac ve Directory Domain Services (AD DS). You need to recommend an iden ty security strategy that meets the following requirements꞉ ✑ Ensures that customers can use their Facebook creden als to authen cate to an Azure App Service website ✑ Ensures that partner companies can access Microso SharePoint Online sites for the project to which they are assigned The solu on must minimize the need to deploy addi onal infrastructure components. What should you include in the recommenda on? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Hot Area꞉ For the customers꞉ For the partners꞉ Op ons꞉ Azure AD B2B authen ca on with access package assigments Azure AD B2C authen ca on Federa on in Azure AD Connect with Ac ve Directory Federa on Services Pass‑through authen ca on in Azure AD Connect Pass hash synchroniza on in Azure AD Connect pass4future ‑ Ques on 1 Exam SC‑100 topic 5 ques on 10 discussion ‑ ExamTopics You have a Microso 365 subscrip on. You are designing a user access solu on that follows the Zero Trust principles of the Microso Cybersecurity Reference Architectures (MCRA). You need to recommend a solu on that automa cally restricts access to Microso Exchange Online. SharePoint Online, and Teams m near‑real‑lime (NRT) in response to the following Azure AD events꞉ A user account is disabled or deleted The password of a user is changed or reset. All the refresh tokens for a user are revoked Mul ‑factor authen ca on (MFA) is enabled for a user Which two features should you include in the recommenda on? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. con nuous access evalua on B. a sign‑in risk policy C. Azure AD Privileged Iden ty Management (PIM) D. Condi onal Access E. Azure AD Applica on Proxy pass4future ‑ Ques on 2 Exam SC‑100 topic 3 ques on 34 discussion ‑ ExamTopics You are designing a new Azure environment based on the security best prac ces of the Microso Cloud Adop on Framework for Azure. The environment will contain one subscrip on for shared infrastructure components and three separate subscrip ons for applica ons. You need to recommend a deployment solu on that includes network security groups (NSGs) Azure Key Vault, and Azure Bas on. The solu on must minimize deployment eﬀort and follow security best prac ces of the Microso Cloud Adop on Framework for Azure. What should you include in the recommenda on? A. the Azure landing zone accelerator B. the Azure Will‑Architected Framework C. Azure Security Benchmark v3 D. Azure Advisor pass4future ‑ Ques on 3 Exam SC‑100 topic 1 ques on 25 discussion ‑ ExamTopics You have an on‑premises network and a Microso 365 subscrip on. You are designing a Zero Trust security strategy. Which two security controls should you include as part of the Zero Trust solu on? Each correct answer part of the solu on. NOTE꞉ Each correct answer is worth one point. A. Block sign‑a empts from unknown loca on. B. Always allow connec ons from the on‑premises network. C. Disable passwordless sign‑in for sensi ve account. D. Block sign‑in a empts from noncompliant devices. pass4future ‑ Ques on 4 Exam SC‑100 topic 4 ques on 33 discussion ‑ ExamTopics You have an Azure subscrip on. You have a DNS domain named contoso.com that is hosted by a third‑party DNS registrar. Developers use Azure DevOps to deploy web apps to App Service Environments‑ When a new app is deployed, a CNAME record for the app is registered in contoso.com. You need to recommend a solu on to secure the DNS record tor each web app. The solu on must meet the following requirements꞉ Ensure that when an app is deleted, the CNAME record for the app is removed also Minimize administra ve eﬀort. What should you include in the recommenda on? A. Microso Defender for DevOps B. Microso Defender for App Service C. Microso Defender for Cloud Apps D. Microso Defender for DNS pass4future ‑ Ques on 5 Discuss Microso SC‑100 Exam Topic 15 Ques on 31 | Pass4Success You have a Microso 365 subscrip on. You have an Azure subscrip on. You need to implement a Microso Purview communica on compliance solu on for Microso Teams and Yammer. The solu on must meet the following requirements꞉ Assign compliance policies to Microso 365 groups based on custom Microso Exchange Online a ributes. Minimize the number of compliance policies Minimize administra ve eﬀort What should you include in the solu on? A. Azure AD Informa on Protec on labels B. Microso 365 Defender user tags C. adap ve scopes D. administra ve units whizlabs ‑ Ques on 1 You are a security analyst for an organiza on. Your company recently ini ated a cloud adop on strategy and concerns related to threat detec on in Azure Container Registry for their Linux images. Which two Microso cloud‑na ve solu ons can integrate with Azure Container Registry to automa cally scan all Linux images pushed to a registry? (Select TWO) A. Microso Defender for Cloud B. Twistlock Enterprise Edi on C. Azure Logic Apps D. Log Analy cs Workspace whizlabs ‑ Ques on 2 You are a security architect for a company with Microso Azure and Microso 365 subscrip ons, and you recently had a ransomware a ack. A er reviewing with the team, you found that while informa on was available to help remediate the a ack, the informa on was not central to help contextualize the security incident, slowing down the remedial ac on. Which tools can provide a central console to detect, inves gate, remediate, hunt, u lize threat intelligence, and contextualize security incidents? A. Microso Sen nel B. Microso Defender for Cloud C. Microso Defender for 365 Apps D. Defender for Endpoint whizlabs ‑ Ques on 3 You are a security architect in an organiza on. The chief compliance oﬃcer has tasked you to ensure that all new Azure core services are HIPAA compliant. What opera on compliance Azure solu on can you use to automate the deployment compliance for Azure core services? A. Azure Policy B. Azure Blueprints C. Desired State Conﬁgura on D. Azure Automa on Update Management whizlabs ‑ Ques on 4 You are a security engineer tasked with ﬁnding a solu on that would help improve personal data protec on for the organiza on. The Chief Informa on Oﬃcer Has iden ﬁed three areas that this solu on should address ∙ Iden fying overexposed personal data ∙ Iden fy personal data that is being transferred across regions ∙ Provide users with feedback to reduce the amount of unused data Store A. Microso Viva Insights B. Microso defender for cloud C. Privacy Risk Management in Microso Priva D. Microso Purview eDiscovery whizlabs ‑ Ques on 5 You are a cloud security engineer, and you recently Enabled Microso Defender for Cloud on your Azure Subscrip on. You would like to remedy minor security alerts automa cally. Which solu on can you use to evaluate and apply remedial ac on via workﬂow automa on? The solu on should require the least amount of eﬀort. A. Azure Workbooks B. Azure Event Hubs C. Azure Func ons apps D. Azure Logics Apps whizlabs ‑ Ques on 6 Your company is exploring migra ng data into Azure; they would like to have a central authen ca on solu on when accessing the data; they have chosen Microso Entra ID (formerly Azure Ac ve Directory). Which two storage types na vely support Microso Entra ID authen ca on? A. Azure Data Box B. Azure Data Lake Storage Gen2 C. Azure File Share D. Azure Storage blob containers whizlabs ‑ Ques on 7 You are in charge of a security opera on center team; you recently implemented Microso Sen nel. The members of the Security Opera on Center team have requested the crea on of a dashboard with custom views focused on security alerts that is cri cal to the security of the Azure and Microso 365 environment. What feature in Microso Sen nel can accomplish this objec ve? A. notebooks B. playbooks C. workbooks D. Microso Defender for Cloud whizlabs ‑ Ques on 8 You are a security administrator for Microso 365; you implemented Microso Defender for Iden ty You have created several test accounts with speciﬁc conﬁgura ons for the purpose of vulnerability tes ng, When a ackers try to exploit these accounts, you would like to be alerted to see what areas in the conﬁgura on needs improvements. What features in Microso Defender for Iden ty can you use to meet your objec ve? A. Sensi vity labels B. System user tags C. Conﬁden al label D. Honeytoken en ty tags whizlabs ‑ Ques on 9 Your organiza on is in the process of moving its on‑premises VMs into Azure; you’re using Azure Backup to protect these VMs. The Chief Informa on Oﬃcer is concerned about ransomware a acks and has asked for an Azure na ve cost‑ eﬀec ve solu on that can be ini ated in case of a ransomware a ack, and a backup restora on is necessary. What security conﬁgura ons can you implement? A. Backup to Azure Data Box B. A Veeam backup solu on C. Require PINs for cri cal opera ons D. Enable so delete whizlabs ‑ Ques on 10 You are a cloud security administrator, and you have been tasked with providing a security solu on for an Azure App Service, a web app named web‑App0. Web‑App0 has the following requirements꞉ Users will request access to web‑App0 through the organiza on portal, and an internal stakeholder will approve. Authen ca on for users must be provided by Azure AD. What would be your recommended approach to enable AD authen ca on to web‑app0? A. Microso Entra applica on B. Microso Entra applica on proxy C. Microso Defender for 365 D. Applica on Gateway whizlabs ‑ Ques on 11 You are working as an Azure cloud security consultant for an organiza on; the customer currently has a mul ‑ cloud/hybrid environment. The customer has asked you to provide a high‑level presenta on on Microso security solu ons that will suﬃce their complex environment. Which of the following should you recommend for each requirement? Drag the appropriate workloads to the correct solu on. Answer area꞉ AWS EC2 Azure Virtual Machines Microso Entra ID Microsite 365 Ac ve Directory Op ons꞉ Microso Defender for Cloud and Azure Arc Microso Defender for Cloud Microso Defender for Iden ty Microso Defender 365 Iden ty Protec on for Microso Entra whizlabs ‑ Ques on 12 You manage a Microso 365 Environment, you have been recently tasked with crea ng a system to label sensi ve data stored in SaaS, environment automa cally. Listed below are the SaaS solu ons where the data is stored to be automa cally labeled ∙ Microso SharePoint Online ∙ Microso Exchange Online ∙ Microso Teams Please align the appropriate workload to the sensi vity label policies. Answer area꞉ Microso SharePoint Online Microso Exchange Online Microso Teams Op ons꞉ Group and sites Item previously known as (ﬁles and emails) Schema zed data asset whizlabs ‑ Ques on 13 The three fundamental principles of Zero Trust are Verify explicitly, when necessary, Use least privilege access, Assume breach A. True B. False whizlabs ‑ Ques on 14 You are an Azure solu on architect; your organiza on has an on‑premises Microso SQL server. You recently deployed an Azure App Service with a web app; the web app is required to securely connect to the Microso SQL Server in your on‑premises environment. The inten on is to establish an ExpressRoute to connect to Azure in the future, but as it stands today, there is no direct connec on to Azure. The development team is inquiring if there is a secure way to connect the Microso SQL Server to the Azure App Service for tes ng purposes without needing the ExpressRoute connec on. What would be the recommended solu on A. Virtual network NAT gateway integra on B. Hybrid connec ons C. Virtual network integra on D. A private endpoint whizlabs ‑ Ques on 15 You are a security architect, and you are working with your so ware development team and deﬁning a strategy for an applica on lifecycle management process, This process is based on the Microso Security Development Lifecycle Model. What are the two phases in the threat modeling design phase? A. Planning B. Diagram C. Iden fy D. Review p2pexams ‑ Ques on 1 Exam SC‑100 topic 9 ques on 1 discussion ‑ ExamTopics You need to recommend a strategy for rou ng internet‑bound traﬃc from the landing zones. The solu on must meet the landing zone requirements. What should you recommend as part of the landing zone deployment? Op ons꞉ A. service chaining B. local network gateways C. forced tunneling D. a VNet‑to‑VNet connec on p2pexams ‑ Ques on 2 Exam SC‑100 topic 2 ques on 40 discussion ‑ ExamTopics You are designing the security architecture for a cloud‑only environment. You are reviewing the integra on point between Microso 365 Defender and other Microso cloud services based on Microso Cybersecurity Reference Architectures (MCRA). You need to recommend which Microso cloud services integrate directly with Microso 365 Defender and meet the following requirements꞉ Enforce data loss preven on (DLP) policies that can be managed directly from the Microso 365 Defender portal. Detect and respond to security threats based on User and En ty Behavior Analy cs (UEBA) with uniﬁed aler ng. What should you include in the recommenda on for each requirement? To answer, select the appropriate op ons in the answer are a. NOTE꞉ Each correct selec on is worth one point. Op ons꞉ Azure Data Catalog Azure Data Explorer Azure AD Iden ty Protec on Microso Defender for iden ty Microso Entra Veriﬁed ID p2pexams ‑ Ques on 3 Exam SC‑100 topic 3 ques on 35 discussion ‑ ExamTopics Your company uses Azure Pipelines and Azure Repos to implement con nuous integra on and con nuous deployment (CI/CD) workﬂows for the deployment of applica ons to Azure. You are upda ng the deployment process to align with DevSecOps controls guidance in the Microso Cloud Adop on Framework for Azure. You need to recommend a solu on to ensure that all code changes are submi ed by using pull requests before being deployed by the CI/CD workﬂow. What should you include in the recommenda on? A. custom roles in Azure Pipelines B. branch policies in Azure Repos C. Azure policies D. custom Azure roles p2pexams ‑ Ques on 4 Exam SC‑100 topic 5 ques on 3 discussion ‑ ExamTopics You use Azure Pipelines with Azure Repos to implement con nuous integra on and con nuous deployment (CI/CO) workﬂows. You need to recommend best prac ces to secure the stages of the CI/CD workﬂows based on the Microso Cloud Adop on Framework for Azure. What should you include in the recommenda on for each stage? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Answer Git Workﬂow꞉ Secure deployment creden als꞉ Op ons꞉ Azure Keyvault Custoer roles for build agents Protected branches Resource locks in Azure p2pexams ‑ Ques on 6 Exam SC‑100 topic 4 ques on 22 discussion ‑ ExamTopics You have a Microso 365 subscrip on that syncs with Ac ve Directory Domain Services (AD DS). You need to deﬁne the recovery steps for a ransomware a ack that encrypted data in the subscrip on The solu on must follow Microso Security Best Prac ces. What is the ﬁrst step in the recovery plan? A. Disable Microso OneDnve sync and Exchange Ac veSync. B. Recover ﬁles to a cleaned computer or device. C. Contact law enforcement. D. From Microso Defender for Endpoint perform a security scan. p2pexams ‑ Ques on 7 Exam SC‑100 topic 5 ques on 5 discussion ‑ ExamTopics You have an Azure AD tenant that syncs with an Ac ve Directory Domain Services (AD DS) domain. You have an on‑premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microso Azure Backup Server (MABS). You are designing a recovery solu on for ransomware a acks. The solu on follows Microso Security Best Prac ces. You need to ensure that a compromised administrator account cannot be used to delete the backups What should you do? A. From a Recovery Services vault generate a security PIN for cri cal opera ons. B. From Azure Backup, conﬁgure mul ‑user authoriza on by using Resource Guard. C. From Microso Azure Backup Setup, register MABS with a Recovery Services vault D. From Azure AD Privileged Iden ty Management (PIM), create a role assignment for the Backup Contributor role. p2pexams ‑ Ques on 8 Exam SC‑100 topic 4 ques on 29 discussion ‑ ExamTopics You have a Microso 365 subscrip on. You need to design a solu on to block ﬁle downloads from Microso SharePoint Online by authen cated users on unmanaged devices. Which two services should you include in the solu on? Each correct answer presents part of the solu on. NOTE꞉ Each correct selec on is worth one point. A. Microso Defender for Cloud Apps B. Azure AD Applica on Proxy C. Azure Data Catalog D. Azure AD Condi onal Access E. Microso Purview Informa on Protec on p2pexams ‑ Ques on 9 Exam SC‑100 topic 5 ques on 2 discussion ‑ ExamTopics You have an opera onal model based on the Microso Cloud Adop on framework for Azure. You need to recommend a solu on that focuses on cloud‑centric control areas to protect resources such as endpoints, database, ﬁles, and storage accounts. What should you include in the recommenda on? A. security baselines in the Microso Cloud Security Benchmark B. modern access control C. business resilience D. network isola on p2pexams ‑ Ques on 10 Exam SC‑100 topic 1 ques on 16 discussion ‑ ExamTopics A customer has a hybrid cloud infrastructure that contains a Microso 365 E5 subscrip on and an Azure subscrip on. All the on‑premises servers in the perimeter network are prevented from connec ng directly to the internet. The customer recently recovered from a ransomware a ack. The customer plans to deploy Microso Sen nel. You need to recommend conﬁgura ons to meet the following requirements꞉ Ensure that the security opera ons team can access the security logs and the opera on logs. Ensure that the IT opera ons team can access only the opera ons logs, including the event logs of the servers in the perimeter network. Which two conﬁgura ons can you include in the recommenda on? Each correct answer presents a complete solu on. NOTE꞉ Each correct selec on is worth one point. A. Azure Ac ve Directory (Azure AD) Condi onal Access policies B. a custom collector that uses the Log Analy cs agent C. resource‑based role‑based access control (RBAC) D. the Azure Monitor agent p2pexams ‑ Ques on 11 Exam SC‑100 topic 4 ques on 31 discussion ‑ ExamTopics You have a Microso 365 tenant. Your company uses a third‑party so ware as a service (SaaS) app named App1. App1 supports authen ca ng users by using Azure AO creden als. You need to recommend a solu on to enable users to authen cate to App1 by using their Azure AD creden als. What should you include in the recommenda on? A. an Azure AD enterprise applica on B. a retying party trust in Ac ve Directory Federa on Services (AD FS) C. Azure AD Applica on Proxy D. Azure AD B2C p2pexams ‑ Ques on 12 Exam SC‑100 topic 4 ques on 18 discussion ‑ ExamTopics Your company has the virtual machine infrastructure shown in the following table. The company plans to use Microso Azure Backup Server (MABS) to back up the virtual machines to Azure. You need to provide recommenda ons to increase the resiliency of the backup strategy to mi gate a acks such as ransomware. What should you include in the recommenda on? A. Use geo‑redundant storage (GRS). B. Use customer‑managed keys (CMKs) for encryp on. C. Require PINs to disable backups. D. Implement Azure Site Recovery replica on. p2pexams ‑ Ques on 13 Discuss Microso SC‑100 Exam Topic 1 Ques on 45 | Pass4Success You have a Microso 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microso 365 5 licenses and the Microso Defender Vulnerability Management add‑on. The Windows 11 devices are managed by using Microso Intune and Microso Defender for Endpoint. The Windows 11 devices are conﬁgured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11. You need to recommend a compliance solu on for the Windows 11 devices. The solu on must iden fy devices that were modiﬁed and no longer comply with the CIS benchmarks. What should you include in the recommenda on? A. Authen cated scan for Windows in Microso Defender Vulnerability Management B. Microso Secure Score for Devices in Defender for Endpoint C. a ack surface reduc on (ASR) rules in Defender for Endpoint D. security baselines assessments in Microso Defender Vulnerability Management p2pexams ‑ Ques on 14 Exam SC‑100 topic 4 ques on 32 discussion ‑ ExamTopics You have a Microso 365 tenant. Your company uses a third‑party so ware as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements꞉ Users must be able to request access to App1 by using a self‑service request. When users request access to App1, they must be prompted to provide addi onal informa on about their request. Every three months, managers must verify that the users s ll require access to Appl. What should you include in the design? A. Azure AD Applica on Proxy B. connected apps in Microso Defender for Cloud Apps C. Microso Entra Iden ty Governance D. access policies in Microso Defender for Cloud Apps p2pexams ‑ Ques on 15 Exam SC‑100 topic 3 ques on 28 discussion ‑ ExamTopics Your company has a hybrid cloud infrastructure. Data and applica ons are moved regularly between cloud environments. The company’s on‑premises network is managed as shown in the following exhibit Azure has connec on to on‑premises Windows/Linux servers. You are designing security opera ons to support the hybrid cloud infrastructure. The solu on must meet the following requirements꞉ Govern virtual machines and servers across mul ple environments. Enforce standards for all the resources across all the environment across the Azure policy. Which two components should you recommend for the on‑premises network? Each correct answer presents part of the solu on. NOTE Each correct selec on is worth one point. A. Azure VPN Gateway B. guest conﬁgura on in Azure Policy C. on‑premises data gateway D. Azure Bas on E. Azure Arc p2pexams ‑ Ques on 16 You plan to deploy a dynamically scaling, Linux‑based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staﬀ who connect from personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG). You need to design an access solu on for the Azure Virtual Machine Scale Set. The solu on must meet the following requirements꞉ Ensure that each me the support staﬀ connects to a jump server; they must request access to the server. Ensure that only authorized support staﬀ can ini ate SSH connec ons to the jump servers. Maximize protec on against brute‑force a acks from internal networks and the internet. Ensure that users can only connect to the jump servers from the internet. Minimize administra ve eﬀort. What should you include in the solu on? To answer, select the appropriate op ons in the answer are a. NOTE꞉ Each correct selec on is worth one point. Manage NSG rule by using꞉ Azure Automa on Azure Bas on Just‑in‑ me (JIT) VM access Only allow SSH connec ons to the jump servers from꞉ Any public ip addresses provided before the connec on is established Azure Bas on Subnet Gateway Subnet p2pexams ‑ Ques on 17 Exam SC‑100 topic 3 ques on 39 discussion ‑ ExamTopics You have an Azure subscrip on. The subscrip on contains 50 virtual machines that run Windows Server and 50 virtual machines that run Linux. You need to perform vulnerability assessments on the virtual machines. The solu on must meet the following requirements꞉ Iden fy missing updates and insecure conﬁgura ons. Use the Qualys engine. What should you use? A. Microso Defender for Servers B. Microso Defender Threat Intelligence (Defender Tl) C. Microso Defender for Endpoint D. Microso Defender External A ack Surface Management (Defender EASM) p2pexams ‑ Ques on 18 Your company wants to op mize using Azure to protect its resources from ransomware. You need to recommend which capabili es of Azure Backup and Azure Storage provide the strongest protec on against ransomware a acks. The solu on must follow Microso Security Best Prac ces. What should you recommend? To answer, select the appropriate op ons in the answer area. NOTE꞉ Each correct selec on is worth one point. Azure Backup꞉ Azure Storage꞉ Op ons꞉ Access policies Access ers Encryp on by using pla orm‑managed

Azure SC-100 Questions PDF

Document Details

Tags

Related

Summary

Full Transcript