FEFreeExamDumps.in

SC-100 Practice Questions — Page 15

Question 141

Open question ↗

Your company has an office in Seattle.

The company has two Azure virtual machine scale sets hosted on different virtual networks.

The company plans to contract developers in India.

You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:

✑ Prevent exposing the public IP addresses of the virtual machines.

✑ Provide the ability to connect without using a VPN.

✑ Minimize costs.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Create a hub and spoke network by using virtual network peering.
  • B.Deploy Azure Bastion to each virtual network.
  • C.Deploy Azure Bastion to one virtual network.
  • D.Create NAT rules and network rules in Azure Firewall.
  • E.Enable just-in-time VM access on the virtual machines.

Question 142

Open question ↗

You have Windows 11 devices and Microsoft 365 E5 licenses.

You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites.

What should you include in the recommendation?

  • A.Compliance Manager
  • B.Microsoft Defender for Cloud Apps
  • C.Microsoft Endpoint Manager
  • D.Microsoft Defender for Endpoint

Question 143

Open question ↗

Your company has a Microsoft 365 E5 subscription.

The company plans to deploy 45 mobile self-service kiosks that will run Windows 10.

You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:

✑ Ensure that only authorized applications can run on the kiosks.

✑ Regularly harden the kiosks against new threats.

Which two actions should you include in the recommendations? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Implement Automated investigation and Remediation (AIR) in Microsoft Defender for Endpoint.
  • B.Onboard the kiosks to Microsoft intune and Microsoft Defender for Endpoint.
  • C.Implement threat and vulnerability management in Microsoft Defender for Endpoint.
  • D.Onboard the kiosks to Azure Monitor.
  • E.Implement Privileged Access Workstation (PAW) for the kiosks.

Question 144

Open question ↗

Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States.

You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attack surface.

What should you include in the recommendation?

  • A.Azure Firewall Premium
  • B.Azure Traffic Manager and application security groups
  • C.Azure Application Gateway Web Application Firewall (WAF)
  • D.network security groups (NSGs)

Question 145

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing the encryption standards for data at rest for an Azure resource.

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For blob containers in Azure Storage, you recommend encryption that uses Microsoft-managed keys within an encryption scope.

Does this meet the goal?

  • A.Yes
  • B.No

Question 146

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing the encryption standards for data at rest for an Azure resource.

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses Microsoft-managed keys.

Does this meet the goal?

  • A.Yes
  • B.No

Question 147

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.

Does this meet the goal?

  • A.Yes
  • B.No

Question 148

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID.

Does this meet the goal?

  • A.Yes
  • B.No

Question 149

Open question ↗

You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts.

You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts.

Which two configurations should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.
  • B.Enable Microsoft Defender for Identity.
  • C.Send the Azure Cosmos DB logs to a Log Analytics workspace.
  • D.Disable local authentication for Azure Cosmos DB.
  • E.Enable Microsoft Defender for Cosmos DB.

Question 150

Open question ↗

You are designing the security standards for containerized applications onboarded to Azure.

You are evaluating the use of Microsoft Defender for Containers.

In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  • A.Linux containers deployed to Azure Container Instances
  • B.Windows containers deployed to Azure Kubernetes Service (AKS)
  • C.Windows containers deployed to Azure Container Registry
  • D.Linux containers deployed to Azure Container Registry
  • E.Linux containers deployed to Azure Kubernetes Service (AKS)