FEFreeExamDumps.in

SC-100 Practice Questions — Page 25

Question 241

Open question ↗

You have the resources shown in the following table.

You need to configure multi-user authorization (MUA) for Azure Backup to protect the Recovery Services vaults. The solution must maximize the security of the MUA configuration.

To which location should you deploy Resource Guard, and which role-based access control (RBAC) role should you assign to the team responsible for managing the backup of Resource Guard? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 241

Question 242

Open question ↗

You have an Azure subscription that contains a Microsoft Sentinel workspace named MWS1 and an Azure Data Lake Storage account named lake1. Firewall log data is ingested into MWS1.

You plan to export historical firewall log data from MWS1 to lake1.

You need to ensure that security analysts can perform threat hunting from MWS1. The solution must ensure that the firewall logs stored in lake1 can be included in threat hunting queries.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 242

Question 243

Open question ↗

You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 stores documents that are based on a predefined form and include confidential employee information.

You monitor access to Site1 by using a Microsoft Defender for Cloud Apps session policy.

You need to ensure that step-up authentication is triggered when a user downloads documents that are based on the predefined form. The solution must minimize administrative effort.

Which Microsoft Data Classification Service inspection method should you use, and which Conditional Access option should you add to the session policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 243

Question 244

Open question ↗

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices.

You need to implement a solution that meets the following requirements:

• Allows user access to SaaS apps that Microsoft has identified as low risk

• Blocks user access to Saas apps that Microsoft has identified as high risk

Solution: From the Microsoft Defender portal, you set Web content filtering to On and create a web content filtering policy.

Does this meet the goal?

  • A.Yes
  • B.No

Question 245

Open question ↗

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices.

You need to implement a solution that meets the following requirements:

• Allows user access to SaaS apps that Microsoft has identified as low risk

• Blocks user access to Saas apps that Microsoft has identified as high risk

Solution: From Microsoft Defender for Cloud Apps, you configure SaaS security posture management (SSPM) and create an access policy.

Does this meet the goal?

  • A.Yes
  • B.No

Question 246

Open question ↗

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices.

You need to implement a solution that meets the following requirements:

• Allows user access to SaaS apps that Microsoft has identified as low risk

• Blocks user access to SaaS apps that Microsoft has identified as high risk

Solution: You configure app protection policies in Intune, and you create a Conditional Access policy.

Does this meet the goal?

  • A.Yes
  • B.No

Question 247

Open question ↗

You have an Azure subscription that contains three Azure App Service web apps.

You need to secure the apps by using Azure Web Application Firewall (WAF) on Azure Front Door. The solution must meet the following requirements:

• Block attempts to access the apps from malicious bots.

• Rate limit incoming connections to the apps.

The solution must minimize administrative effort.

What should you configure for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 247

Question 248

Open question ↗

You have an Azure subscription.

You need to use a federated model in Azure API Management to control access to your organization’s APIs. The solution must meet the following requirements:

• Support the use of role-based access control (RBAC) to manage the APIs.

• Support the use of keys to control the consumption of the APIs.

To which scope should you associate each control method? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 248

Question 249

Open question ↗

You have a Microsoft Entra tenant named contoso.com.

You have a partner company that has a multi-tenant application named App1. App1 is registered to a Microsoft Entra tenant named fabrikam.com.

You need to ensure that the users in contoso.com can authenticate to App1.

What should you recommend creating in contoso.com?

  • A.a service principal
  • B.a system-assigned managed identity
  • C.an application object
  • D.a user-assigned managed identity

Question 250

Open question ↗

You have a Microsoft 365 E5 subscription.

You need to mitigate ransomware attacks against messages posted to Microsoft Teams channels and files stored in Teams channels.

What should you include in the solution for each type of content? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 250