100% Correct Microsoft SC-100 Exam Dumps Online

NEW QUESTION 1

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.
You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.
What should you include in the recommendation?

• A. Apply read-only locks on the storage accounts.
• B. Set the AllowSharcdKeyAccess property to false.
• C. Set the AllowBlobPublicAcccss property to false.
• D. Configure automated key rotation.

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

NEW QUESTION 2

Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network.
The company's security policy prevents the use of personal devices for accessing company data and applications.
You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.
What should you include in the recommendation?

• A. Migrate the on-premises applications to cloud-based applications.
• B. Redesign the VPN infrastructure by adopting a split tunnel configuration.
• C. Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
• D. Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

Explanation:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-microsoft-defender-for-c

NEW QUESTION 3

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using
continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.
What should you recommend?

• A. an Azure AD user account that has a password stored in Azure Key Vault
• B. a group managed service account (gMSA)
• C. an Azure AD user account that has role assignments in Azure AD Privileged Identity Management{PIM)
• D. a managed identity in Azure

Answer: D

NEW QUESTION 5

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend

NEW QUESTION 6

Your company plans to provision blob storage by using an Azure Storage account The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?

• A. service tags in network security groups (NSGs)
• B. managed rule sets in Azure Web Application Firewall (WAF) policies
• C. inbound rules in network security groups (NSGs)
• D. firewall rules for the storage account
• E. inbound rules in Azure Firewall

Answer: D

NEW QUESTION 7

You need to recommend a solution to meet the security requirements for the virtual machines. What should you include in the recommendation?

• A. an Azure Bastion host
• B. a network security group (NSG)
• C. just-in-time (JIT) VM access
• D. Azure Virtual Desktop

Answer: A

Explanation:
The security requirement this question wants us to meet is "The secure host must be provisioned from a custom operating system image." https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-golden-image

NEW QUESTION 8

You are designing a ransomware response plan that follows Microsoft Security Best Practices
You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.
What should you include in the recommendations?

• A. Privileged Access Workstations (PAWs)
• B. emergency access accounts
• C. device compliance policies
• D. Customer Lockbox for Microsoft Azure

Answer: B

NEW QUESTION 9

Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server.
The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription.
Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server.
You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency tor developers.
Which three actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.
• B. Implement Azure Firewall to restrict host pool outbound access.
• C. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations.
• D. Migrate from the Remote Desktop server to Azure Virtual Desktop.
• E. Deploy a Remote Desktop server to an Azure region located in France.

Answer: BCD

Explanation:
https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop

NEW QUESTION 10

You have legacy operational technology (OT) devices and loT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

• A. passive traffic monitoring
• B. active scanning
• C. threat monitoring
• D. software patching

Answer: CD

NEW QUESTION 11

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).
You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment
What should you include during the application design phase?

• A. static application security testing (SAST) by using SonarQube
• B. dynamic application security testing (DAST) by using Veracode
• C. threat modeling by using the Microsoft Threat Modeling Tool
• D. software decomposition by using Microsoft Visual Studio Enterprise

Answer: C

Explanation:
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling

NEW QUESTION 12

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation?

• A. Azure Active Directory (Azure AD) enterprise applications
• B. an Azure App Service Environment (ASE)
• C. Azure service endpoints
• D. an Azure Active Directory (Azure AD) application proxy

Answer: B

Explanation:
App Service environments (ASEs) are appropriate for application workloads that require:
Very high scale,Isolation and secure network access,High memory utilization.This capability can host your: Windows web apps,Linux web apps
Docker containers,Mobile apps Functions
https://docs.microsoft.com/en-us/azure/app-service/environment/overview

NEW QUESTION 13

Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled.
You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.
You need to recommend an Azure AD identity Governance solution that meets the following requirements:
• Project managers must verify that their project group contains only the current members of their project team
• The members of each project team must only have access to the resources of the project to which they are assigned
• Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.
• Administrative effort must be minimized.
What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
• User accounts that were potentially compromised
• Users performing bulk file downloads from Microsoft SharePoint Online
What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:
• Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
• Users will authenticate by using Azure Active Directory (Azure AD) user accounts. You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive data. What should you include in the recommendation?

• A. Microsoft Defender for Cloud Apps
• B. insider risk management
• C. Microsoft Information Protection
• D. Azure Purview

Answer: C

Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
You can use sensitivity labels to: Provide protection settings that include encryption and content markings. For example, apply a "Confidential" label to a document or email, and that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content. Protect content in Office apps across different platforms and devices. Supported by Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web. Supported on Windows, macOS, iOS, and Android. Protect content in third-party apps and services by using Microsoft Defender for Cloud Apps. With Defender for Cloud Apps, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.

NEW QUESTION 17

You have a Microsoft 365 E5 subscription that uses Microsoft Exchange Online.
You need to recommend a solution to prevent malicious actors from impersonating the email addresses of internal senders.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 18

You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).
You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices.
What is the first step in the recovery plan?

• A. Disable Microsoft OneDnve sync and Exchange ActiveSync.
• B. Recover files to a cleaned computer or device.
• C. Contact law enforcement.
• D. From Microsoft Defender for Endpoint perform a security scan.

Answer: A

NEW QUESTION 19

Your company plans to evaluate the security of its Azure environment based on the principles of the Microsoft Cloud Adoption Framework for Azure.
You need to recommend a cloud-based service to evaluate whether the Azure resources comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
What should you recommend?

• A. Compliance Manager in Microsoft Purview
• B. Microsoft Defender for Cloud
• C. Microsoft Sentinel
• D. Microsoft Defender for Cloud Apps

Answer: D

NEW QUESTION 20
......