SC-100 Practice Questions — Page 4

You have an Azure subscription.

You plan to deploy enterprise-scale landing zones based on the Microsoft Cloud Adoption Framework for Azure. The deployment will include a single-platform landing zone for all shared services and three application landing zones that will each host a different Azure application.

You need to recommend which resource to deploy to each landing zone. The solution must meet the Cloud Adoption Framework best-practice recommendations for enterprise-scale landing zones.

What should you recommend?

You have 1,000 on-premises servers that run Windows Server 2022 and 500 on-premises servers that run Linux.

You have an Azure subscription that contains the following resources:

• A Log Analytics workspace

• A Microsoft Defender Cloud Security Posture Management (CSPM) plan

You need to deploy Update Management for the servers.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates. VDI devices are members of the domain.

You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Microsoft Entra Domain Services domain.

You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:

• Ensure that the hosts are onboarded to Defender for Endpoint during the first startup sequence.

• Ensure that the Microsoft Defender portal contains a single entry for each deployed VDI host.

• Minimize administrative effort.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have 10 Azure subscriptions that contain 100 role-based access control (RBAC) role assignments.

You plan to consolidate the role assignments.

You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort.

What should you include in the recommendation?

You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised local administrator account cannot be used to stop scheduled backups.

What should you do?

You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.

You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:

• Support access to the shares by using the SMB protocol.

• Limit access to the blobs to specific periods of time.

• Include authentication support when possible.

What should you recommend for each resource? To answer, select the options in the answer area.

NOTE: Each correct selection is worth one point.

You need to design a solution to accelerate a Zero Trust security implementation. The solution must be based on the Zero Trust Rapid Modernization Plan (RaMP).

Which three initiatives should you include in the solution, and in which order should you implement the initiatives? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains an Azure SQL database named DB1 that stores customer data.

You have a Microsoft 365 subscription that uses Microsoft SharePoint Online, OneDrive, and Teams.

Users frequently create Microsoft Office documents that contain data from DB1.

You need to recommend a Microsoft Purview solution that meets the following requirements:

• Identifies Office documents that contain customer addresses and phone numbers sourced from DB1

• Generates an alert if a user downloads an above average number of files that contain data from DB1

• Minimizes the number of false positives

What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure DevOps organization that is used to manage the development and deployment of internal apps to multiple Azure subscriptions.

You need to implement a DevSecOps strategy based on Microsoft Cloud Adoption Framework for Azure principles. The solution must meet the following requirements:

• All pull requests must be enforced.

• All deployments to production must be approved.

What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company uses Microsoft Defender for Cloud and Microsoft Sentinel.

The company is designing an application that will have the architecture shown in the following exhibit.

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements:

• Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.

• Use Defender for Cloud to review alerts from the virtual machines.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.