Refined Microsoft SC-100 Samples Online

NEW QUESTION 1

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.
Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

• A. Azure AD Conditional Access
• B. Microsoft Defender for Cloud Apps
• C. Microsoft Defender for Cloud
• D. Microsoft Defender for Endpoint
• E. access reviews in Azure AD

Answer: BE

NEW QUESTION 2

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?

• A. Azure Active Directory Domain Services (Azure AD DS)
• B. Azure Active Directory (Azure AD) B2C
• C. Azure Active Directory (Azure AD)
• D. Active Directory Domain Services (AD DS)

Answer: A

NEW QUESTION 3

Your company has Microsoft 365 E5 licenses and Azure subscriptions.
The company plans to automatically label sensitive data stored in the following locations:
• Microsoft SharePoint Online
• Microsoft Exchange Online
• Microsoft Teams
You need to recommend a strategy to identify and protect sensitive data.
Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.


You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate?

• A. Data Protection
• B. Incident Response
• C. Posture and Vulnerability Management
• D. Asset Management
• E. Endpoint Security

Answer: E

NEW QUESTION 7

You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.
What should you recommend as part of the landing zone deployment?

• A. service chaining
• B. local network gateways
• C. forced tunneling
• D. a VNet-to-VNet connection

Answer: A

NEW QUESTION 8

Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF). Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 9

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 11

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive data. What should you include in the recommendation?

• A. Microsoft Defender for Cloud Apps
• B. insider risk management
• C. Microsoft Information Protection
• D. Azure Purview

Answer: A

NEW QUESTION 13

Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

• A. Azure Traffic Manager with priority traffic-routing methods
• B. Azure Application Gateway v2 with user-defined routes (UDRs).
• C. Azure Front Door with Azure Web Application Firewall (WAF)
• D. Azure Firewall with policy rule sets

Answer: A

NEW QUESTION 14

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD)
The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

• A. role-based authorization
• B. Azure AD Privileged Identity Management (PIM)
• C. resource-based authorization
• D. Azure AD Multi-Factor Authentication

Answer: A

NEW QUESTION 15

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?

• A. From Defender for Cloud, review the Azure security baseline for audit report.
• B. From Defender for Cloud, add a regulatory compliance standard.
• C. From Defender for Cloud, enable Defender for Cloud plans.
• D. From Defender for Cloud, review the secure score recommendations.

Answer: D

NEW QUESTION 16

Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States.
You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attach surface.
What should you include in the recommendation?

• A. Azure Firewall Premium
• B. Azure Application Gateway Web Application Firewall (WAF)
• C. network security groups (NSGs)
• D. Azure Traffic Manager and application security groups

Answer: D

NEW QUESTION 17
......