A Review Of Vivid SC-100 Real Exam

NEW QUESTION 1

Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.

You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?

• A. 1
• B. 2
• C. 3
• D. 4
• E. 5

Answer: A

NEW QUESTION 2

You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3

You are designing an auditing solution for Azure landing zones that will contain the following components:
• SQL audit logs for Azure SQL databases
• Windows Security logs from Azure virtual machines
• Azure App Service audit logs from App Service web apps
You need to recommend a centralized logging solution for the landing zones. The solution must meet the following requirements:
• Log all privileged access.
• Retain logs for at least 365 days.
• Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Azure AD Conditional Access integration with user flows and custom policies
• B. Azure AD workbooks to monitor risk detections
• C. custom resource owner password credentials (ROPC) flows in Azure AD B2C
• D. access packages in Identity Governance
• E. smart account lockout in Azure AD B2C

Answer: BE

NEW QUESTION 5

You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.
You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.
What should you include in the recommendation?

• A. Apply read-only locks on the storage accounts.
• B. Set the AllowSharcdKeyAccess property to false.
• C. Set the AllowBlobPublicAcccss property to false.
• D. Configure automated key rotation.

Answer: A

NEW QUESTION 7

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation?

• A. Onboard the virtual machines to Microsoft Defender for Endpoint.
• B. Onboard the virtual machines to Azure Arc.
• C. Create a device compliance policy in Microsoft Endpoint Manager.
• D. Enable the Qualys scanner in Defender for Cloud.

Answer: A

NEW QUESTION 8

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD)
The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

• A. role-based authorization
• B. Azure AD Privileged Identity Management (PIM)
• C. resource-based authorization
• D. Azure AD Multi-Factor Authentication

Answer: A

NEW QUESTION 9

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?

• A. Enhanced Security Admin Environment (ESAE)
• B. Microsoft Security Development Lifecycle (SDL)
• C. Rapid Modernization Plan (RaMP)
• D. Microsoft Operational Security Assurance (OSA)

Answer: A

NEW QUESTION 10

Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend creating private endpoints for the web app and the database layer. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 11

You are evaluating an Azure environment for compliance.
You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.
Which effect should you use in Azure Policy?

• A. Deny
• B. Disabled
• C. Modify
• D. Append

Answer: A

NEW QUESTION 12

Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network.
The company's security policy prevents the use of personal devices for accessing company data and applications.
You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.
What should you include in the recommendation?

• A. Migrate the on-premises applications to cloud-based applications.
• B. Redesign the VPN infrastructure by adopting a split tunnel configuration.
• C. Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
• D. Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

NEW QUESTION 13

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).
You need to recommend a security standard for onboarding applications to Azure. The standard will include
recommendations for application design, development, and deployment What should you include during the application design phase?

• A. static application security testing (SAST) by using SonarQube
• B. dynamic application security testing (DAST) by using Veracode
• C. threat modeling by using the Microsoft Threat Modeling Tool
• D. software decomposition by using Microsoft Visual Studio Enterprise

Answer: D

NEW QUESTION 14

Your company has an office in Seattle.
The company has two Azure virtual machine scale sets hosted on different virtual networks. The company plans to contract developers in India.
You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:
• Prevent exposing the public IP addresses of the virtual machines.
• Provide the ability to connect without using a VPN.
• Minimize costs.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Deploy Azure Bastion to one virtual network.
• B. Deploy Azure Bastion to each virtual network.
• C. Enable just-in-time VM access on the virtual machines.
• D. Create a hub and spoke network by using virtual network peering.
• E. Create NAT rules and network rules in Azure Firewall.

Answer: DE

NEW QUESTION 15

Your company has an on-premises network and an Azure subscription.
The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.
You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.
You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.
What should you include in the recommendation?

• A. a private endpoint
• B. hybrid connections
• C. virtual network NAT gateway integration
• D. virtual network integration

Answer: C

NEW QUESTION 16

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

• A. Azure Active Directory (Azure AD) Conditional Access App Control policies
• B. OAuth app policies in Microsoft Defender for Cloud Apps
• C. app protection policies in Microsoft Endpoint Manager
• D. application control policies in Microsoft Defender for Endpoint

Answer: A

NEW QUESTION 17
......