SC-100 Exam Question 41
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription.
The solution must ensure that noncompliant resources are automatically detected.
What should you use?
You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription.
The solution must ensure that noncompliant resources are automatically detected.
What should you use?
SC-100 Exam Question 42
Hotspot Question
You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates.
VDI devices are members of the domain.
You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Microsoft Entra Domain Services domain.
You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:
- Ensure that the hosts are onboarded to Defender for Endpoint during
the first startup sequence.
- Ensure that the Microsoft Defender portal contains a single entry for each deployed VDI host.
- Minimize administrative effort.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates.
VDI devices are members of the domain.
You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Microsoft Entra Domain Services domain.
You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:
- Ensure that the hosts are onboarded to Defender for Endpoint during
the first startup sequence.
- Ensure that the Microsoft Defender portal contains a single entry for each deployed VDI host.
- Minimize administrative effort.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

SC-100 Exam Question 43
Hotspot Question
Your company has two offices named Office1 and Office2. The offices contain 1,000 on-premises Windows 11 devices that are Microsoft Entra joined.
You have a Microsoft 365 subscription and use Microsoft Intune.
You plan to deploy Microsoft Entra Internet Access from the offices to Microsoft 365.
You enable the Microsoft 365 profile and configure the following:
- A traffic policy for all Microsoft 365 traffic
- A linked Conditional Access policy that has the following
configurations:
Applies to all users
Performs compliant network checks
Allows Microsoft 365 traffic from compliant devices
- An assignment to all devices
- An assignment to the remote network associated with Office1
You deploy the Global Secure Access client to all the devices in Office2 and establish connections.
Which users can access Microsoft 365 services from compliant devices, and which users are blocked from accessing Microsoft 365 services when using noncompliant devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Your company has two offices named Office1 and Office2. The offices contain 1,000 on-premises Windows 11 devices that are Microsoft Entra joined.
You have a Microsoft 365 subscription and use Microsoft Intune.
You plan to deploy Microsoft Entra Internet Access from the offices to Microsoft 365.
You enable the Microsoft 365 profile and configure the following:
- A traffic policy for all Microsoft 365 traffic
- A linked Conditional Access policy that has the following
configurations:
Applies to all users
Performs compliant network checks
Allows Microsoft 365 traffic from compliant devices
- An assignment to all devices
- An assignment to the remote network associated with Office1
You deploy the Global Secure Access client to all the devices in Office2 and establish connections.
Which users can access Microsoft 365 services from compliant devices, and which users are blocked from accessing Microsoft 365 services when using noncompliant devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

SC-100 Exam Question 44
You have an on-premises server named Server1. Server1 is an FTP server that can be accessed by only the users at your company.
You have an Azure subscription.
You need to recommend a Zero Trust Network Access (ZTNA) solution to enforce Conditional Access policies when users access Server1 from the internet.
What should you include in the recommendation?
You have an Azure subscription.
You need to recommend a Zero Trust Network Access (ZTNA) solution to enforce Conditional Access policies when users access Server1 from the internet.
What should you include in the recommendation?
SC-100 Exam Question 45
Hotspot Question
You have two on-premises servers named Server1 and Server2 that run Windows Server.
Server1 contains an app named App1 and is isolated from the internet.
You have a Microsoft Entra tenant.
You plan to deploy Global Secure Access to provide remote access to App1.
You need to configure the tenant and Server2 to support the planned deployment. The solution must ensure that when users attempt to access App1, they must authenticate by using their Microsoft Entra credentials.
What should you create in the tenant, and what should you install on Server2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have two on-premises servers named Server1 and Server2 that run Windows Server.
Server1 contains an app named App1 and is isolated from the internet.
You have a Microsoft Entra tenant.
You plan to deploy Global Secure Access to provide remote access to App1.
You need to configure the tenant and Server2 to support the planned deployment. The solution must ensure that when users attempt to access App1, they must authenticate by using their Microsoft Entra credentials.
What should you create in the tenant, and what should you install on Server2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.




