SC-100 Exam Question 86
You have a Microsoft 365 subscription.
You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
You need to recommend a solution that automatically restricts access to Microsoft Exchange Online, SharePoint Online, and Teams in near-real-time (NRT) in response to the following Azure AD events:
- A user account is disabled or deleted.
- The password of a user is changed or reset.
- All the refresh tokens for a user are revoked.
- Multi-factor authentication (MFA) is enabled for a user.
Which two features should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
You need to recommend a solution that automatically restricts access to Microsoft Exchange Online, SharePoint Online, and Teams in near-real-time (NRT) in response to the following Azure AD events:
- A user account is disabled or deleted.
- The password of a user is changed or reset.
- All the refresh tokens for a user are revoked.
- Multi-factor authentication (MFA) is enabled for a user.
Which two features should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 87
Your company is developing an invoicing application that will use Azure AD B2C. The application will be deployed as an App Service web app.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 88
Your company uses Azure Pipelines and Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure.
You are updating the deployment process to align with DevSecOps controls guidance in the Microsoft Cloud Adoption Framework for Azure.
You need to recommend a solution to ensure that all code changes are submitted by using pull requests before being deployed by the CI/CD workflow.
What should you include in the recommendation?
You are updating the deployment process to align with DevSecOps controls guidance in the Microsoft Cloud Adoption Framework for Azure.
You need to recommend a solution to ensure that all code changes are submitted by using pull requests before being deployed by the CI/CD workflow.
What should you include in the recommendation?
SC-100 Exam Question 89
You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.
You need to enhance security on the virtual machines. The solution must meet the following requirements:
- Ensure that only apps on an allowlist can be run.
- Require administrators to confirm each app added to the allowlist.
- Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.
- Require administrators to approve an app before the app can be moved
from the blocklist to the allowlist.
What should you include in the solution?
You need to enhance security on the virtual machines. The solution must meet the following requirements:
- Ensure that only apps on an allowlist can be run.
- Require administrators to confirm each app added to the allowlist.
- Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.
- Require administrators to approve an app before the app can be moved
from the blocklist to the allowlist.
What should you include in the solution?
SC-100 Exam Question 90
Hotspot Question
You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.
You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:
- Support access to the shares by using the SMB protocol.
- Limit access to the blobs to specific periods of time.
- Include authentication support when possible.
What should you recommend for each resource? To answer, select the options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.
You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:
- Support access to the shares by using the SMB protocol.
- Limit access to the blobs to specific periods of time.
- Include authentication support when possible.
What should you recommend for each resource? To answer, select the options in the answer area.
NOTE: Each correct selection is worth one point.
