Microsoft SC-100 Free Practice Questions

NEW QUESTION 1

You need to recommend a solution to meet the security requirements for the InfraSec group. What should you use to delegate the access?

• A. a subscription
• B. a custom role-based access control (RBAC) role
• C. a resource group
• D. a management group

Answer: D

NEW QUESTION 2

You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?

• A. Storage account public access should be disallowed
• B. Azure Key Vault Managed HSM should have purge protection enabled
• C. Storage accounts should prevent shared key access
• D. Storage account keys should not be expired

Answer: A

NEW QUESTION 3

Your company has the virtual machine infrastructure shown in the following table.

The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure. You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks
such as ransomware.
What should you include in the recommendation?

• A. Use geo-redundant storage (GRS).
• B. Use customer-managed keys (CMKs) for encryption.
• C. Require PINs to disable backups.
• D. Implement Azure Site Recovery replication.

Answer: C

NEW QUESTION 4

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool.
Which type of diagram should you create?

• A. dataflow
• B. system flow
• C. process flow
• D. network flow

Answer: C

NEW QUESTION 5

You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:
• Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
• Users will authenticate by using Azure Active Directory (Azure AD) user accounts. You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6

You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.

What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.
You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.
What should you include in the recommendation?

• A. Apply read-only locks on the storage accounts.
• B. Set the AllowSharcdKeyAccess property to false.
• C. Set the AllowBlobPublicAcccss property to false.
• D. Configure automated key rotation.

Answer: A

NEW QUESTION 9

Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud. You receive the following recommendations in Defender for Cloud
• Access to storage accounts with firewall and virtual network configurations should be restricted,
• Storage accounts should restrict network access using virtual network rules.
• Storage account should use a private link connection.
• Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

• A. Azure Storage Analytics
• B. Azure Network Watcher
• C. Microsoft Sentinel
• D. Azure Policy

Answer: A

NEW QUESTION 10

Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

• A. Azure Traffic Manager with priority traffic-routing methods
• B. Azure Application Gateway v2 with user-defined routes (UDRs).
• C. Azure Front Door with Azure Web Application Firewall (WAF)
• D. Azure Firewall with policy rule sets

Answer: A

NEW QUESTION 11

You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?

• A. Azure Monitor webhooks
• B. Azure Logics Apps
• C. Azure Event Hubs
• D. Azure Functions apps

Answer: D

NEW QUESTION 12

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

• A. Azure Key Vault
• B. GitHub Advanced Security
• C. Application Insights in Azure Monitor
• D. Azure DevTest Labs

Answer: D

NEW QUESTION 13

You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:
• Encrypt cardholder data by using encryption keys managed by the company.
• Encrypt insurance claim files by using encryption keys hosted on-premises.
Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.
• B. Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM
• C. Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.
• D. Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.

Answer: CD

NEW QUESTION 14

Your company has a Microsoft 365 E5 subscription.
The company plans to deploy 45 mobile self-service kiosks that will run Windows 10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:
• Ensure that only authorized applications can run on the kiosks.
• Regularly harden the kiosks against new threats.
Which two actions should you include in the recommendations? Each correct answer presents part of the
solution. NOTE: Each correct selection is worth one point.

• A. Onboard the kiosks to Azure Monitor.
• B. Implement Privileged Access Workstation (PAW) for the kiosks.
• C. Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.
• D. Implement threat and vulnerability management in Microsoft Defender for Endpoint.
• E. Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.

Answer: AB

NEW QUESTION 15

Azure subscription that uses Azure Storage.
The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be
tme-Vimted. What should you include in the recommendation?

• A. Create shared access signatures (SAS).
• B. Share the connection string of the access key.
• C. Configure private link connections.
• D. Configure encryption by using customer-managed keys (CMKs)

Answer: D

NEW QUESTION 16

Your company has devices that run either Windows 10, Windows 11, or Windows Server. You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?

• A. Microsoft Intune
• B. Policy Analyzer
• C. Local Group Policy Object (LGPO)
• D. Windows Autopilot

Answer: D

NEW QUESTION 17
......