SC-100 Practice Questions — Page 10

You have a customer that has a Microsoft 365 subscription and an Azure subscription.

The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.

You need to design a security solution to assess whether all the devices meet the customer's compliance rules.

What should you include in the solution?

You have a Microsoft 365 subscription.

You have an Azure subscription.

You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:

• Assign compliance policies to Microsoft 365 groups based on custom Microsoft Exchange Online attributes.

• Minimize the number of compliance policies.

• Minimize administrative effort.

What should you include in the solution?

You have an Azure subscription that contains a Microsoft Sentinel workspace named MSW1. MSW11 includes 50 scheduled analytics rules.

You need to design a security orchestration automated response (SOAR) solution by using Microsoft Sentinel playbooks. The solution must meet the following requirements:

• Ensure that expiration dates can be configured when a playbook runs.

• Minimize the administrative effort required to configure individual analytics rules.

What should you use to invoke the playbooks, and which type of Microsoft Sentinel trigger should you use? To answer, select the options in the answer area.

NOTE: Each correct selection is worth one point.

You have three Microsoft Entra tenants named Tenant1, Tenant2, and Tenant3.

You have three Azure subscriptions named Sub1, Sub2, and Sub3. Each tenant is associated with multiple Azure subscriptions.

Each subscription contains a single Microsoft Sentinel workspace as shown in the following table.

You need to recommend a solution that meets the following requirements:

• Ensures that the users in Tenant1 can manage the resources in Sub2 and Sub3 without having to switch subscriptions or sign in to a different tenant.

• Implements multiple workspace view for Sentinel2 and Sentinel3.

What should you use to delegate permissions, and which Microsoft Sentinel feature will users be able to manage in multiple workspace view? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company, named Contoso, Ltd., has a Microsoft Entra tenant named contoso.com. Contoso has a partner company named Fabrikam, Inc. that has a Microsoft Entra tenant named fabrikam.com.

You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso. The solution must meet the following requirements:

• Follow the principle of least privilege.

• Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have multiple on-premises Hyper-V hosts that contain virtual machines. The virtual machines run Windows Server 2022.

You have an Azure subscription.

You need to recommend a solution to collect Security event logs from the virtual machines by using Microsoft Sentinel. The Solution must meet the following requirements:

• Leverage the Windows Security Events via AMA data connector.

• Ensure that only specific events are collected.

• Minimize costs.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one port.

You have an Azure subscription that contains 100 virtual machines. The virtual machines are accessed by using Azure Bastion.

You need to recommend a solution to ensure that only specific users in specific locations can access the virtual machines. The solution must meet the following requirements:

• Restrict access to the virtual machines based on an originating IP address or a connection request by using just-in-time (JIT) VM access network-based controls.

• Restrict access to the virtual machines based on role-based access control (RBAC) role assignments by using JIT VM access authorization controls.

Which Microsoft cloud services should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have the Azure subscriptions shown in the following table.

The tenants contain the groups shown in the following table.

You perform the flowing actions:

• Configure multi-user authorization (MUA) for Vault1 by using a resource guard deployed to Sub2.

• Enable all available MUA controls for Vault1.

• In contoso.com, create a Privileged Identity Management (PIM) assignment named Assignment1.

• Configure Assignment1 to enable Group1 to activate the Contributor role for Vault1.

For each of the following statements, select Yes if the statements is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a 10-node virtual machine scale set that hosts a web search app named App1. Customers access App1 from the internet. The nodes establish outbound HTTP and HTTPS connections to the internet.

You need to recommend a network security solution for App1. The solution must meet the following requirements:

• Inbound connections to App1 that contain security threats specified in the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP) must be blocked.

• Outbound HTTP and HTTPS connections from the virtual machine scale set that contain security threats identified by the Microsoft Defender Threat Intelligence (Defender TI) feed must be blocked.

What should you include in the recommendation? To answer, select the options in the answer area.

NOTE: Each correct answer is worth one point.

You have a Microsoft Entra tenant named contoso.com.

You have an external partner that has a Microsoft Entra tenant named fabnkam.com.

You need to recommend an identity governance solution for contoso.com that meets the following requirements:

• Enables the users in contoso.com and fabrikam.com to communicate by using shared Microsoft Teams channels

• Manages access to shared Teams channels in contoso.com by using groups in fabrikam.com

• Supports single sign-on (SSO)

• Minimizes administrative effort

• Maximizes security

What should you include in the recommendation?