FEFreeExamDumps.in

SC-100 Practice Questions — Page 21

Question 201

Open question ↗

Your company is developing a new Azure App Service web app.

You are providing design assistance to verify the security of the web app.

You need to recommend a solution to test the web app for vulnerabilities such as insecure server configurations, cross-site scripting (XSS), and SQL injection.

What should you include in the recommendation?

  • A.dynamic application security testing (DAST)
  • B.static application security testing (SAST)
  • C.interactive application security testing (IAST)
  • D.runtime application self-protection (RASP)

Question 202

Open question ↗

Your company has an Azure subscription that uses Azure Storage.

The company plans to share specific blobs with vendors.

You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be time- limited.

What should you include in the recommendation?

  • A.Configure private link connections.
  • B.Configure encryption by using customer-managed keys (CMKs).
  • C.Share the connection string of the access key.
  • D.Create shared access signatures (SAS).

Question 203

Open question ↗

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app.

You need to recommend a solution to the application development team to secure the application from identity-related attacks.

Which two configurations should you recommend? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Azure AD workbooks to monitor risk detections
  • B.Azure AD Conditional Access integration with user flows and custom policies
  • C.smart account lockout in Azure AD B2C
  • D.access packages in Identity Governance
  • E.custom resource owner password credentials (ROPC) flows in Azure AD B2C

Question 204

Open question ↗

Your company has a Microsoft 365 E5 subscription.

Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating.

The company identifies protected health information (PHI) within stored documents and communications.

What should you recommend using to prevent the PHI from being shared outside the company?

  • A.sensitivity label policies
  • B.data loss prevention (DLP) policies
  • C.insider risk management policies
  • D.retention policies

Question 205

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

Solution: You recommend configuring gateway-required virtual network integration.

Does this meet the goal?

  • A.Yes
  • B.No

Question 206

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

Solution: You recommend access restrictions that allow traffic from the Front Door service tags.

Does this meet the goal?

  • A.Yes
  • B.No

Question 207

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID.

Does this meet the goal?

  • A.Yes
  • B.No

Question 208

Open question ↗

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription.

The company uses the following devices:

✑ Computers that run either Windows 10 or Windows 11

✑ Tablets and phones that run either Android or iOS

You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored.

What should you include in the recommendation?

  • A.eDiscovery
  • B.Microsoft Information Protection
  • C.Compliance Manager
  • D.retention policies

Question 209

Open question ↗

Your company has the virtual machine infrastructure shown in the following table.

The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.

You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.

What should you include in the recommendation?

Question 209
  • A.Use geo-redundant storage (GRS).
  • B.Maintain multiple copies of the virtual machines.
  • C.Encrypt the backups by using customer-managed keys (CMKS).
  • D.Require PINs to disable backups.

Question 210

Open question ↗

You have a Microsoft 365 tenant that uses Microsoft SharePoint Online and Microsoft Purview. Microsoft Purview has a sensitivity

label named Label1 that is applied to the files stored on SharePoint Online sites.

You need to recommend a Microsoft Purview Data Loss Prevention (DLP) policy that meets the following requirements:

• Prevents users from uploading the files to third-party external websites

• Allows users to upload the files to Microsoft OneDrive for Business

To which location should you apply the DLP policy?

  • A.Devices
  • B.OneDrive accounts
  • C.SharePoint sites
  • D.Microsoft Defender for Cloud Apps