SC-100 Practice Questions — Page 20

You have a Microsoft 365 E5 subscription that uses Microsoft Teams.

Your company has an investment department and a research department. Each department has a compliance team.

You are designing a Microsoft Purview Information Barriers (IBs) solution to restrict communication between the departments. The solution must meet the following requirements:

• The employees in each department must only be able to communicate with the employees in their respective department.

• The employees on the compliance team of each department must be able to communicate with the employees on the compliance team of the other department.

What is the minimum number of segments and IB policies required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have 500 Windows 11 devices and 200 macOS devices. The devices are managed by using Microsoft Intune and are subject to compliance policies.

You plan to deploy the following Intune features:

• Security baselines

• Remote lock of noncompliant devices

Which feature will be supported by each platform? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point

You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named contoso.com. Sub1 contains 20 virtual networks named Sub1_VNet1 through Sub1_VNet20.

You have an Azure subscription named Sub2 that is linked to a Microsoft Entra tenant named fabrikam.com. Sub2 contains 20 virtual networks named Sub2_VNet1 through Sub2_VNet20.

You need to deploy an Azure Virtual Network Manager solution that meets the following requirements:

• Blocks SSH traffic on Sub1_VNet20 and Sub2_VNet20 by using network security groups (NSGs)

• Blocks SSH traffic on Sub1_VNet1 through Sub1_VNet19 and Sub2_VNet1 through Sub2_VNet19

• Allows SSH traffic on Sub1_VNet20 and Sub2_VNet20

• Blocks FTP traffic on all the virtual networks

• Minimizes administrative effort

What is minimum number of components required for the deployment?

You have an Azure subscription.

You have a subscription to a third-party cloud provider. The subscription contains 100 virtual machines.

You manage cloud security for both subscriptions from the Azure subscription.

You need to recommend a solution to validate the security posture of the virtual machines.

Which two services should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have Amazon Web Services (AWS), Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI) subscriptions.

You create a custom security standard in Defender for Cloud.

To which subscriptions can the Defender for Cloud standard be applied?

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Your company plans to provision blob storage by using an Azure Storage account. The blob storage will be accessible from 20 application servers on the internet.

You need to recommend a solution to ensure that only the application servers can access the storage account.

What should you recommend using to secure the blob storage?

Your company has an on-premises network and an Azure subscription.

The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.

You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.

You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet- accessible endpoints to the on-premises network.

What should you include in the recommendation?

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).

You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment.

What should you include during the application design phase?

Your company has Microsoft 365 E5 licenses and Azure subscriptions.

The company plans to automatically label sensitive data stored in the following locations:

✑ Microsoft SharePoint Online

✑ Microsoft Exchange Online

✑ Microsoft Teams

You need to recommend a strategy to identify and protect sensitive data.

Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place: