SC-100 Practice Questions — Page 16

Your company has a main office and a branch office.

The main office contains 20 on-premises servers that run Windows Server and host apps that are published by using Microsoft Entra application proxy. The main office contains 500 on-premises computers that run Windows 11. The branch office contains 100 on-premises computers that run Windows 11.

All the main office computers are enrolled in Microsoft Intune. The branch office computers are NOT enrolled in Intune.

You have a Microsoft 365 ES subscription.

You have a Microsoft Entra tenant. You have a third-party software as a service (SaaS) app that is registered in the Microsoft Entra tenant.

You plan to implement Global Secure Access.

You are evaluating the use of compliant network check and Conditional Access.

Which two scenarios are supported by compliant network check? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point

Your company has a Microsoft 365 ES subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DS).

You need to recommend an identity security strategy that meets the following requirements:

✑ Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website

✑ Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned

The solution must minimize the need to deploy additional infrastructure components.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

You have an Azure subscription that contains virtual machines.

Port 3389 and port 22 are disabled for outside access.

You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements:

✑ Prevent the need to enable ports 3389 and 22 from the internet.

✑ Only provide permission to connect the virtual machines when required.

✑ Ensure that administrators use the Azure portal to connect to the virtual machines.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Your company has on-premises Microsoft SQL Server databases.

The company plans to move the databases to Azure.

You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.

What should you include in the recommendation?

Your company has an Azure App Service plan that is used to deploy containerized web apps.

You are designing a secure DevOps strategy for deploying the web apps to the App Service plan.

You need to recommend a strategy to integrate code scanning tools into a secure software development lifecycle. The code must be scanned during the following two phases:

✑ Uploading the code to repositories

✑ Building containers

Where should you integrate code scanning for each phase? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

You need to design an identity strategy for the app. The solution must meet the following requirements:

✑ Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.

✑ Use a customer identity store.

✑ Support fully customizable branding for the app.

Which service should you recommend to complete the design?

Your company has a hybrid cloud infrastructure.

Data and applications are moved regularly between cloud environments.

The company's on-premises network is managed as shown in the following exhibit.

You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements:

✑ Govern virtual machines and servers across multiple environments.

✑ Enforce standards for all the resources across all the environments by using Azure Policy.

Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A customer has a Microsoft 365 E5 subscription and an Azure subscription.

The customer wants to centrally manage security incidents, analyze logs, audit activities, and search for potential threats across all deployed services

You need to recommend a solution for the customer.

What should you include in the recommendation?

Your company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure to integrate DevSecOps processes into continuous integration and continuous deployment (CI/CD) DevOps pipelines.

You need to recommend which security-related tasks to integrate into each stage of the DevOps pipelines.

What should recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.

What are three best practices for identity management based on the Azure Security Benchmark? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.