SC-100 Practice Questions — Page 24

Your company has two offices named Office1 and Office2. The offices contain 1,000 on-premises Windows 11 devices that are Microsoft Entra joined.

You have a Microsoft 365 subscription and use Microsoft Intune.

You plan to deploy Microsoft Entra Internet Access from the offices to Microsoft 365.

You enable the Microsoft 365 profile and configure the following:

• A traffic policy for all Microsoft 365 traffic

• A linked Conditional Access policy that has the following configurations:

o Applies to all users

o Performs compliant network checks

o Allows Microsoft 365 traffic from compliant devices

• An assignment to all devices

• An assignment to the remote network associated with Office1

You deploy the Global Secure Access client to all the devices in Office2 and establish connections.

Which users can access Microsoft 365 services from compliant devices, and which users are blocked from accessing Microsoft 365 services when using noncompliant devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains multiple storage accounts. The accounts contain Azure Files shares and Azure Blob Storage containers. The accounts have encryption scopes and infrastructure encryption enabled.

You need to implement customer-managed key-based encryption for the shares and the containers. The solution must ensure that the encryption keys are applied at the most granular level.

At which level should you apply the encryption keys? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription.

You plan to implement Azure Synapse Analytics SQL dedicated pools and SQL serverless pools.

You need to recommend a solution to provide additional encryption-at-rest security for each type of pool. The solution must use customer-managed keys, whenever possible.

What should you recommend for each pool type? To answer, drag the appropriate recommendations to the correct pool types. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a resources group named RG1. RG1 contains multiple Azure Files shares.

You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:

• Prevent the deletion of backups and the vault used to store the backups.

• Prevent privilege escalation attacks against the backup solution.

• Prevent the modification of the backup retention period.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have a Microsoft 365 E5 subscription.

You plan to deploy Global Secure Access universal tenant restrictions v2.

Which authentication plane resources and which data plane resources will be protected? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains App Service apps in four Azure regions. Users connect to the apps from the internet.

You plan to block requests to the apps if the requests contain security threats specified in the Core Rule Set (CRS) of the Open Web Application Security Project (OWASP).

You need to design a solution to block the requests. The solution must meet the following requirements:

• Maintain access to the apps in the event of a region outage.

• Minimize the number of resources required.

What should you include in the design? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to deploy an Azure API Management solution that will enable different groups of developers to access different sets of APIs at random times and rates.

You need to recommend the pricing tier that should be purchased and the scope at which the rate limit policies should be applied. The solution must meet the following requirements:

• Ensure that each group of developers can access only specific sets of APIs.

• Ensure that each set of APIs can be configured with specific rate limits.

• Minimize development and administrative effort and costs.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure key vault named Vault1.

You plan to deploy multiple virtual machines that will host a custom app named App1. App1 will use secrets stored in Vault1. The virtual machines will be redeployed regularly based on the usage demands of App1.

You need to recommend a solution that will enable App1 to access the secrets stored in Vault1. The solution must meet the following requirements:

• Minimize the number of security principals that can access Vault1.

• Minimize the storage of sensitive data on the virtual machines.

• Minimize administrative effort.

Which type of endpoint should App1 use to access the secrets, and which type of identity should App1 use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have two Azure subscriptions named Sub1 and Sub2 that contain the vaults shown in the following table.

You need to design a multi-user authorization (MUA) solution for security operations on the vaults. The solution must meet the following requirements:

• RSVault1 and RSVault2 must require MUA for disabling soft delete, removing MUA protection, and disabling immutability.

• BackupVault1 and BackupVault2 must require MUA for disabling soft delete and removing MUA protection.

What is the minimum number of Resource Guard resources required?