FEFreeExamDumps.in

SC-100 Practice Questions — Page 8

Question 71

Open question ↗

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.

The company signs a contract with the United States government.

You need to review the current subscription for NIST 800-53 compliance.

What should you do first?

  • A.From Defender for Cloud, review the secure score recommendations.
  • B.From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.
  • C.From Defender for Cloud, review the Azure security baseline for audit report.
  • D.From Defender for Cloud, add a regulatory compliance standard.

Question 72

Open question ↗

Your company has devices that run either Windows 10, Windows 11, or Windows Server.

You are in the process of improving the security posture of the devices.

You plan to use security baselines from the Microsoft Security Compliance Toolkit.

What should you recommend using to compare the baselines to the current device configurations?

  • A.Microsoft Intune
  • B.Local Group Policy Object (LGPO)
  • C.Windows Autopilot
  • D.Policy Analyzer

Question 73

Open question ↗

You have an Azure subscription that is used as an Azure landing zone for an application.

You need to evaluate the security posture of all the workloads in the landing zone.

What should you do first?

  • A.Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.
  • B.Obtain Azure AD Premium Plan 2 licenses.
  • C.Add Microsoft Sentinel data connectors.
  • D.Enable the Defender plan for all resource types in Microsoft Defender for Cloud.

Question 74

Open question ↗

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.

The company signs a contract with the United States government.

You need to review the current subscription for NIST 800-53 compliance.

What should you do first?

  • A.From Azure Policy, assign a built-in initiative that has a scope of the subscription.
  • B.From Azure Policy, assign a built-in policy definition that has a scope of the subscription.
  • C.From Defender for Cloud, review the Azure security baseline for audit report.
  • D.From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.

Question 75

Open question ↗

Your company has an Azure subscription that uses Microsoft Defender for Cloud.

The company signs a contract with the United States government.

You need to review the current subscription for NIST 800-53 compliance.

What should you do first?

  • A.From Defender for Cloud, review the Azure security baseline for audit report.
  • B.From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
  • C.From Defender for Cloud, enable Defender for Cloud plans.
  • D.From Azure Policy, assign a built-in initiative that has a scope of the subscription. ✓

Question 76

Open question ↗

You have a Microsoft Entra tenant that is linked to a Microsoft 365 subscription and an Azure subscription. The tenant contains service principals that are used to access applications in the Azure subscription.

You need to recommend a solution to detect risky sign-ins and other risky activities performed by the service principals in the tenant. The solution must minimize costs.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 76

Question 77

Open question ↗

Your network contains an Active Directory Domain Services (AD DS) domain named Domain1.

You have a Microsoft Entra tenant.

Domain1 syncs with the tenant by using Microsoft Entra Connect.

You need to evaluate Microsoft Entra smart lockout by testing the following account lockout considerations:

• The number of failed sign-in attempts that trigger a lockout

• The duration of the lockout

What should you use to test each consideration? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 77

Question 78

Open question ↗

You have a Microsoft 365 subscription that contains 1,000 Microsoft Exchange Online mailboxes.

Incoming email from the internet is scanned for security threats by using a third-party cloud service.

You are evaluating whether to replace the third-party service with Microsoft Defender for Office 365.

What should you modify to ensure that all the incoming email is scanned by Defender for Office 365 only?

  • A.the accepted domains in Exchange Online
  • B.the DNS records
  • C.the Exchange Online transport rule
  • D.the Exchange Online connectors

Question 79

Open question ↗

You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.

You use Microsoft Defender XDR to manage the tenants of your company’s customers.

You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:

• The Group1 users must only be assigned the Security Operator role for the customer tenants.

• The users in Group2 must be able to assign the Security Operators role to the Group1 users for the customer tenants.

• The use of quest accounts must be minimized.

• Administrative effort must be minimized.

What should you include in the solution?

  • A.multi-user authorization (MUA)
  • B.Azure Lighthouse
  • C.Privileged Identity Management (PIM)
  • D.Microsoft Entra B2B collaboration

Question 80

Open question ↗

You have an Azure subscription.

Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.

What should you recommend using to enforce the governance requirement?

  • A.Azure management groups
  • B.custom Azure roles
  • C.Azure Policy assignments
  • D.regulatory compliance standards in Microsoft Defender for Cloud