SC-100 Exam Question 111
Your company plans to evaluate the security of its Azure environment based on the principles of the Microsoft Cloud Adoption Framework for Azure.
You need to recommend a cloud-based service to evaluate whether the Azure resources comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
What should you recommend?
You need to recommend a cloud-based service to evaluate whether the Azure resources comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
What should you recommend?
SC-100 Exam Question 112
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
SC-100 Exam Question 113
You are an Azure solution architect; your organization has an on-premises Microsoft SQL server.
You recently deployed an Azure App Service with a web app; the web app is required to securely connect to the Microsoft SQL Server in your on-premises environment.
The intention is to establish an ExpressRoute to connect to Azure in the future, but as it stands today, there is no direct connection to Azure.
The development team is inquiring if there is a secure way to connect the Microsoft SQL Server to the Azure App Service for testing purposes without needing the ExpressRoute connection.
What would be the recommended solution
You recently deployed an Azure App Service with a web app; the web app is required to securely connect to the Microsoft SQL Server in your on-premises environment.
The intention is to establish an ExpressRoute to connect to Azure in the future, but as it stands today, there is no direct connection to Azure.
The development team is inquiring if there is a secure way to connect the Microsoft SQL Server to the Azure App Service for testing purposes without needing the ExpressRoute connection.
What would be the recommended solution
SC-100 Exam Question 114
Drag and Drop Question
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.
You have a Conditional Access policy named Policy1 that only allows workload identities from trusted locations to access SharePoint Online.
You plan to move all business-sensitive information to Site1.
You need to ensure that CAPolicy1 applies to Site1 only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.
You have a Conditional Access policy named Policy1 that only allows workload identities from trusted locations to access SharePoint Online.
You plan to move all business-sensitive information to Site1.
You need to ensure that CAPolicy1 applies to Site1 only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
SC-100 Exam Question 115
You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed.
You plan to deploy the following configuration of Microsoft Entra Internet Access:
- Enable a baseline profile.
- Create a security profile named Profile1 that has a priority of 300
and contains a single web content filtering policy named
WCFPolicy1.Configure WCFPolicy1 as follows:
- Set Action to allow.
- Include a single rule that has a fully qualified domain name (FQDN)
destination of *.adatum.com. Link Profile1 to a Conditional Access
policy named CAPolicy1, apply CAPolicy1 to all users, and grant access
unless a user's device is noncompliant.
You need to evaluate the impact of the planned deployment on traffic to the following resources:
- https://www.adatum.com:8433
- https://www.fabrikam.com
Which two traffic scenarios will occur? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You plan to deploy the following configuration of Microsoft Entra Internet Access:
- Enable a baseline profile.
- Create a security profile named Profile1 that has a priority of 300
and contains a single web content filtering policy named
WCFPolicy1.Configure WCFPolicy1 as follows:
- Set Action to allow.
- Include a single rule that has a fully qualified domain name (FQDN)
destination of *.adatum.com. Link Profile1 to a Conditional Access
policy named CAPolicy1, apply CAPolicy1 to all users, and grant access
unless a user's device is noncompliant.
You need to evaluate the impact of the planned deployment on traffic to the following resources:
- https://www.adatum.com:8433
- https://www.fabrikam.com
Which two traffic scenarios will occur? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.