SC-100 Practice Questions — Page 26

You have a Microsoft 365 tenant.

You have an Azure subscription that contains Azure App Service web apps. The apps have the following characteristics:

• The apps use third-party and open-source components.

• The apps were developed by using C#, Python, and Java.

• The app deployment process is managed by using Azure DevOps.

• The source code for the apps is stored in GitHub Enterprise Cloud repositories and protected by using GitHub Advanced Security.

You need to reduce the risk of supply chain attacks during the application lifecycle.

What should you implement?

You have an Azure subscription and a Microsoft 365 subscription.

Your company uses several software as a service (SaaS) applications.

To align with Microsoft cloud security benchmark (MCSB) and Microsoft Cybersecurity Reference Architectures (MCRA), you plan to design a solution to provide visibility into user activity across the applications and detect potentially risky behavior in real time.

Which service should you recommend?

You have an on-premises datacenter. The datacenter contains a server named Server1 that runs Windows Server 2022 and a firewall that prevents Server1 from connecting to the internet.

You have an Azure subscription named Sub1.

You need to recommend a resiliency strategy for Server1 that incorporates a backup plan to transfer the data from Server1 to Sub1.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have three on-premises servers that run Windows Server and contain shared folders. The folders contain 10,000 files.

You have a Microsoft 365 tenant that uses Microsoft Purview and includes custom sensitive information types (SITs).

You have an Azure subscription that contains five Azure Blob Storage accounts and multiple web apps. The Blob Storage accounts contain data for the web apps.

You need to recommend a Microsoft Purview solution to scan the storage blobs and the shared folders. The solution must use the custom SITs to identify files that contain specific data.

What should you use for each type of storage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a web app named App1. App1 uses a Microsoft Entra user account named SRV1 as a service account to authenticate to an Azure SQL database named DB1.

You discover that a developer accessed DB1 directly by using SRV1.

You need to recommend a secure authentication method that will prevent credential misuse outside of App1. The solution must minimize administrative effort.

What should you recommend?

You have an Azure subscription.

You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protected by using Microsoft Defender for Servers Plan 1.

You have a Microsoft 365 subscription.

You need to recommend a solution to identify which servers have outdated hardware drivers or firmware.

What should you include in the recommendation?

You have a Microsoft 365 subscription.

Microsoft Purview is configured to protect data in only Microsoft Exchange Online and SharePoint Online. Custom sensitive information types (SITs) have been created to identify confidential data.

You discover that users access third-party generative AI websites from their Windows devices. You need to recommend a solution to block AI prompts that contain confidential data and scan the AI prompts submitted to the third-party websites.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company has offices in New York City and London. The London office contains an on-premises app named App1.

You have a Microsoft Entra tenant named contoso.com that is hosted in North America.

You plan to manage access to App1 for the users in the London office by using Microsoft Entra Private Access. You will deploy Private Access by performing the following actions in the London office:

• Deploy Microsoft Entra application proxy connectors.

• Provision an ExpressRoute circuit to the closest peering location.

You need to optimize the network for the planned deployment. The solution must meet the following requirements:

• Maximize redundancy for connectivity to App1.

• Minimize network latency when accessing App1.

• Maximize security.

• Minimize costs.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains 500 users. Each user is assigned a Microsoft 365 E5 license and uses a Windows device.

Microsoft Purview data loss prevention (DLP) policies are applied to Microsoft Exchange Online email and SharePoint Online sites.

You plan to monitor the usage of third-party generative AI apps by using Microsoft Purview Data Security Posture Management for AI (DSPM for AI).

What should you do first?

You have an Azure subscription. The subscription contains multiple Azure App Service web apps that are distributed across multiple Azure regions and are accessed via the internet.

You need to ensure that all incoming requests to the apps are inspected for threats based on the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP). The solution must meet the following requirements:

• Support the use of Microsoft-managed X.509 certificates.

• Route users to the geographically closest app.

• Minimize administrative effort.

What should you use?