SC-100 Practice Questions — Page 19

You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed.

You plan to deploy the following configuration of Microsoft Entra Internet Access:

• Enable a baseline profile.

• Create a security profile named Profile1 that has a priority of 300 and contains a single web content filtering policy named

WCFPolicy1. Configure WCFPolicy1 as follows:

o Set Action to allow.

o Include a single rule that has a fully qualified domain name (FQDN) destination of *.adatum.com.

• Link Profile1 to a Conditional Access policy named CAPolicy1, apply CAPolicy1 to all users, and grant access unless a user's device is noncompliant.

You need to evaluate the impact of the planned deployment on traffic to the following resources:

• https://www.adatum.com:8433

• https://www.fabrikam.com

Which two traffic scenarios will occur? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription. The subscription contains Windows 11 devices that are protected by using Microsoft Defender XDR.

You need to block access to file sharing sites from the devices. The solution must meet the following requirements:

• Identify file sharing sites to which users have connected during the last 90 days.

• Prevent the users from connecting to the identified file sharing sites.

• Minimize administrative effort.

What should you use to identify the file sharing sites, and which Microsoft Defender service should you use to prevent the users from connecting to the sites? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a multicloud environment that contains an Azure subscription, an Amazon Web Services (AWS) subscription, and a Google Cloud Platform (GCP) subscription.

You plan to assess data security and compliance.

You need to design a Compliance Manager solution that meets the following requirements:

• Provides recommended improvement actions that include detailed implementation guidance

• Automatically monitors regulatory compliance

• Minimizes administrative effort

What should you include in the solution?

You have 1,000 on-premises servers that run Linux.

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1 and 1,000 virtual machines that run Linux.

All the on-premises Linux servers are onboarded to Azure Arc.

You plan to collect Common Event Format (CEF) logs by using the Azure Monitor Agent connector in Microsoft Sentinel.

You need to design a solution for collecting specific events from the logs. The solution must meet the following requirements:

• Minimize the number of Microsoft Entra ID identities required.

• Minimize the number of events delivered to WS1.

• Ensure that all the required events are ingested.

• Minimize administrative effort.

What should you include in the solution? To answer, select the options in the answer area.

NOTE: Each correct answer is worth one point.

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Serve1 that runs Windows Server 2022.

You have an Azure subscription that is linked to a hybrid Microsoft Entra tenant and contains a user named User1. User1 works remotely.

You need to ensure that User1 can establish RDP connections to Server1 via the internet. The solution must ensure that User1 authenticates by using multifactor authentication (MFA).

What should you include in the solution?

You have a multicloud environment that contains an Azure subscription, an Amazon Web Services (AWS) subscription, and a Google Cloud Platform (GCP) subscription.

You plan to implement Cloud Security Posture Management (CSPM) by using Microsoft Defender for Cloud.

You need to design a solution that will provide attack path analysis functionality for each subscription.

What should you include in the solution?

You have an Azure subscription. The subscription contains 200 virtual machines that run Windows Server 2022 and are protected by using Microsoft Defender for Servers Plan 1. You have an Amazon Web Services (AWS) subscription.

To the AWS subscription, you plan to deploy 100 virtual machines that run Windows Server 2022.

You need to recommend which agent to deploy to the virtual machines in the AWS subscription. The solution must meet the following requirements:

• Provide consistent workload protection across all cloud platforms.

• Minimize the number of agents deployed to each virtual machine.

What should you recommend?

You have an Azure subscription. The subscription contains 100 virtual machines that run Linux on Windows Server. The subscription uses Microsoft Defender for Servers Plan 1.

You need to recommend a solution to identify and remediate virtual machines that have the following characteristics:

• Are NOT onboarded to Defender for Servers

• Are missing critical updates

• Have risky apps installed

The solution must minimize administrative effort.

What should you include in the recommendation?

You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows 11 Pro and are enrolled in Microsoft Intune.

You need to evaluate the use of Microsoft Defender Vulnerability Management to provide recommended configuration changes for the devices.

Which Endpoint security settings should you use to review the recommended changes?