SC-100 Practice Questions — Page 17

Your company has on-premises Microsoft SQL Server databases.

The company plans to move the databases to Azure.

You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.

What should you include in the recommendation?

You have an on-premises datacenter and an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to restrict internet access to the public endpoint of AKS1. The solution must ensure that AKS1 can be accessed only from the public IP addresses associated with the on-premises datacenter.

What should you use?

You have a multi-cloud environment that contains an Azure subscription and an Amazon Web Services (AWS) account.

You need to implement security services in Azure to manage the resources in both subscriptions. The solution must meet the following requirements:

• Automatically identify threats found in AWS CloudTrail events.

• Enforce security settings on AWS virtual machines by using Azure policies.

What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server and 50 virtual machines that run Linux.

You need to perform vulnerability assessments on the virtual machines. The solution must meet the following requirements:

• Identify missing updates and insecure configurations.

• Use the Qualys engine.

What should you use?

You have an Azure subscription that contains 100 virtual machines, a virtual network named VNet1, and 20 users. The virtual machines run Windows Server and are connected to VNet1. The users work remotely and access Azure resources from Linux workstations.

You need to ensure that the users can connect to the virtual machines from the workstations by using Secure Shell (SSH). The solution must meet the following requirements:

• Ensure that the users authenticate by using their Microsoft Entra credentials.

• Prevent the users from transferring files from the virtual machines by using SSH.

• Prevent the users from directly accessing the virtual machines by using the public IP address of the virtual machines.

What should you include in the solution?

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service.

You are migrating the on-premises infrastructure to a cloud-only infrastructure.

You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.

Which identity service should you include in the recommendation?

You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos.

You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos.

What should you include in the recommendation?

You have on-premises servers and virtual machines that run Windows Server, Red Hat Enterprise Linux (RHEL) 7, or RHEL 8.

You have an Azure subscription. The subscription contains virtual machines that run Windows Server Datacenter: Azure Edition.

You need to recommend a solution to manage operating system updates for the on-premises servers and the virtual machines. The solution must meet the following requirements:

• Enable hotpatching for the Azure virtual machines.

• Enable the on-demand inventory and deployment of updates.

• Enable the deployment of Extended Security Update (ESU) patches to the on-premises servers.

What should you include in the recommendation? To answer, select the options in the answer area.

NOTE: Each correct answer is worth one point.

You have an Azure subscription. The subscription contains an Azure Bastion host and 100 virtual machines that run Windows Server 2022. The virtual machines have Microsoft Defender for Servers Plan 2 enabled.

You need to recommend a security solution for the virtual machines that meets the following requirements:

• Administrators must request RDP access to the virtual machines by using the Azure portal.

• Remote Desktop sessions must be limited to a maximum of three hours.

• Agentless scanning must be scheduled to run on each virtual machine.

What should you recommend using? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.