SC-100 Practice Questions — Page 6

Question 51

You are evaluating an Azure environment for compliance.

You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.

Which effect should you use in Azure Policy?

A.Deny
B.Modify
C.Append
D.Disabled

Question 52

Open question ↗

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows.

Which compliance control should you evaluate?

A.Asset Management
B.Posture and Vulnerability Management
C.Data Protection
D.Endpoint Security
E.Incident Response

Question 53

Open question ↗

You have a Microsoft 365 E5 subscription and an Azure subscription.

You need to evaluate the existing environment to increase the overall security posture for the following components:

✑ Windows 11 devices managed by Microsoft Intune

✑ Azure Storage accounts

✑ Azure virtual machines

What should you use to evaluate the components? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 54

Open question ↗

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have an Amazon Web Services (AWS) implementation.

You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc.

Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.Microsoft Defender for Containers
B.Microsoft Defender for servers
C.Azure Active Directory (Azure AD) Conditional Access
D.Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
E.Azure Policy

Question 55

Open question ↗

Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation.

You need to recommend a security posture management solution for the following components:

✑ Azure IoT Edge devices

AWS EC2 instances

Which services should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 56

Open question ↗

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company's on-premises network.

The company's secutity policy prevents the use of personal devices for accessing company data and applications.

You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.

What should you include in the recommendation?

A.Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.
B.Redesign the VPN infrastructure by adopting a split tunnel configuration.
C.Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
D.Migrate the on-premises applications to cloud-based applications.

Question 57

Open question ↗

Your company is preparing for cloud adoption.

You are designing security for Azure landing zones.

Which two preventative controls can you implement to increase the secure score? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.Azure Web Application Firewall (WAF)
B.Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
C.Microsoft Sentinel
D.Azure Firewall
E.Microsoft Defender for Cloud alerts

Question 58

Open question ↗

You are designing security for an Azure landing zone.

Your company identifies the following compliance and privacy requirements:

✑ Encrypt cardholder data by using encryption keys managed by the company.

✑ Encrypt insurance claim files by using encryption keys hosted on-premises.

Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed keys.
B.Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.
C.Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM.
D.Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.

Question 59

Open question ↗

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You need to enforce ISO 27001:2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically.

What should you use?

A.Azure Policy
B.Azure Blueprints
C.the regulatory compliance dashboard in Defender for Cloud
D.Azure role-based access control (Azure RBAC)

Question 60

Open question ↗

You have a Microsoft 365 subscription.

You need to recommend a security solution to monitor the following activities:

✑ User accounts that were potentially compromised

✑ Users performing bulk file downloads from Microsoft SharePoint Online

What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place: