SC-100 Exam Question 96
Hotspot Question
Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains a server that runs Windows Server and hosts shared folders. The domain syncs with Azure AD by using Azure AD Connect. Azure AD Connect has group writeback enabled.
You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You have multiple project teams. Each team has an AD DS group that syncs with Azure AD.
Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.
You need to recommend an Azure AD Identity Governance solution that meets the following requirements:
- Project managers must verify that their project group contains only
the current members of their project team.
- The members of each project team must only have access to the
resources of the project to which they are assigned.
- Users must be removed from a project group automatically if the
project manager has NOT verified the group's membership for 30 days.
- Administrative effort must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains a server that runs Windows Server and hosts shared folders. The domain syncs with Azure AD by using Azure AD Connect. Azure AD Connect has group writeback enabled.
You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You have multiple project teams. Each team has an AD DS group that syncs with Azure AD.
Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.
You need to recommend an Azure AD Identity Governance solution that meets the following requirements:
- Project managers must verify that their project group contains only
the current members of their project team.
- The members of each project team must only have access to the
resources of the project to which they are assigned.
- Users must be removed from a project group automatically if the
project manager has NOT verified the group's membership for 30 days.
- Administrative effort must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 97
Hotspot Question
You have a Microsoft Entra tenant named contoso.com. You have 30 Azure subscriptions that are linked to contoso.com. The tenant contains the management groups shown in the following table.
You need to design a governance solution to manage access to all the Azure Storage accounts across the subscriptions. The solution must meet the following requirements:
- Use custom role-based access control (RBAC) to provide granular
access to control plane and data plane operations.
- Minimize administrative effort.
At which scope should you assign the roles, and what is the minimum number of assignments per role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant named contoso.com. You have 30 Azure subscriptions that are linked to contoso.com. The tenant contains the management groups shown in the following table.
You need to design a governance solution to manage access to all the Azure Storage accounts across the subscriptions. The solution must meet the following requirements:
- Use custom role-based access control (RBAC) to provide granular
access to control plane and data plane operations.
- Minimize administrative effort.
At which scope should you assign the roles, and what is the minimum number of assignments per role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 98
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Purview, SharePoint Online, and OneDrive for Business.
You need to recommend a ransomware protection solution that meets the following requirements:
- Mitigates attacks that make copies of files, encrypt the copies, and
then delete the original files
- Mitigates attacks that encrypt files in place
- Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Purview, SharePoint Online, and OneDrive for Business.
You need to recommend a ransomware protection solution that meets the following requirements:
- Mitigates attacks that make copies of files, encrypt the copies, and
then delete the original files
- Mitigates attacks that encrypt files in place
- Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 99
Your company has a main office and a branch office.
The main office contains 20 on-premises servers that run Windows Server and host apps that are published by using Microsoft Entra application proxy. The main office contains 500 on-premises computers that run Windows 11. The branch office contains 100 on-premises computers that run Windows 11.
NOT enrolled in Intune.
All the main office computers are enrolled in Microsoft Intune. The branch office computers are You have a Microsoft 365 ES subscription.
You have a Microsoft Entra tenant. You have a third-party software as a service (SaaS) app that is registered in the Microsoft Entra tenant.
You plan to implement Global Secure Access.
You are evaluating the use of compliant network check and Conditional Access.
Which two scenarios are supported by compliant network check? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point
The main office contains 20 on-premises servers that run Windows Server and host apps that are published by using Microsoft Entra application proxy. The main office contains 500 on-premises computers that run Windows 11. The branch office contains 100 on-premises computers that run Windows 11.
NOT enrolled in Intune.
All the main office computers are enrolled in Microsoft Intune. The branch office computers are You have a Microsoft 365 ES subscription.
You have a Microsoft Entra tenant. You have a third-party software as a service (SaaS) app that is registered in the Microsoft Entra tenant.
You plan to implement Global Secure Access.
You are evaluating the use of compliant network check and Conditional Access.
Which two scenarios are supported by compliant network check? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point
SC-100 Exam Question 100
You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.
Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion1.
You need to ensure that the virtual machines can be accessed only by using bastion1. The solution must prevent the use of NSG rules to bypass bastion1.
What should you include in the solution?
Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion1.
You need to ensure that the virtual machines can be accessed only by using bastion1. The solution must prevent the use of NSG rules to bypass bastion1.
What should you include in the solution?
