SC-100 Practice Questions — Page 23

You have an Azure subscription.

You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.

Developers use Azure DevOps to deploy web apps to App Service Environments. When a new app is deployed, a CNAME record for the app is registered in contoso.com.

You need to recommend a solution to secure the DNS record for each web app. The solution must meet the following requirements:

• Ensure that when an app is deleted, the CNAME record for the app is removed also.

• Minimize administrative effort.

What should you include in the recommendation?

You have an on-premises datacenter named Site1.

You have an Azure subscription that contains a virtual network named VNet1 and multiple Azure App Service apps. Site1 is connected to VNet1 by using a Site-to-Site (P2S) VPN connection. The apps are accessed by using public internet connections.

You need to recommend a solution for providing secure access to the apps. The solution must meet the following requirements:

• Servers on Site1 must use a VPN connection to access the apps.

• Access to the apps must be restricted to specific servers on Site1.

• Security administrators for VNet1 must be able to control which servers can access the apps.

• Costs must be minimized.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription.

You need to recommend a security solution to monitor the following activities:

• User accounts that were potentially compromised

• Users performing bulk file downloads from Microsoft SharePoint Online

What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

You need to recommend a security solution that meets the following requirements:

• Detects vulnerability scans of the apps

• Detects whether newly deployed apps are vulnerable to attack

What should you recommend using? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.

You need to enhance security on the virtual machines. The solution must meet the following requirements:

• Ensure that only apps on an allowlist can be run.

• Require administrators to confirm each app added to the allowlist.

• Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.

• Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.

What should you include in the solution?

You have a Microsoft 365 tenant.

You need to recommend a Microsoft 365 Defender solution to enhance security for the tenant. The solution must meet the following requirements:

• Identify users that are downloading an unusually high number of files from Microsoft SharePoint Online sites and are possibly involved in a data exfiltration attempt.

• Block Microsoft Teams messages that contain potentially malicious content by using zero-hour auto purge (ZAP).

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1.

You plan to migrate DB1 to Azure.

You need to recommend an encrypted Azure database solution that meets the following requirements:

• Minimizes the risks of malware that uses elevated privileges to access sensitive data

• Prevents database administrators from accessing sensitive data

• Enables pattern matching for server-side database operations

• Supports Microsoft Azure Attestation

• Uses hardware-based encryption

What should you include in the recommendation?

You have an Azure subscription that contains multiple Azure Data Lake Storage accounts.

You need to recommend a solution to encrypt the content of the accounts by using service-side encryption and customer-managed keys. The solution must ensure that individual encryption keys are applied at the most granular level.

At which level should you recommend the encryption be applied?

You have an Azure subscription.

You plan to deploy multiple containerized microservice-based apps to Azure Kubernetes Service (AKS).

You need to recommend a solution that meets the following requirements:

• Manages secrets

• Provides encryption

• Secures service-to-service communication by using mTLS encryption

• Minimizes administrative effort

What should you include in the recommendation?