SC-100 Exam Question 66
Hotspot Question
Your client interacts with its customers using custom-built mobile apps. Current authentication and authorization information is stored in individually maintained Azure-based databases. The client has asked you to design a solution that allows authentication and authorization to be centralized. You recommend that your client deploy Azure AD and implement OAuth 2.0 for authorization.
You need to help your client identify the process that is performed by each OAuth 2.0 party.
Which process should you identify for each of the roles? To answer, select the appropriate options from the drop-down menus.

Your client interacts with its customers using custom-built mobile apps. Current authentication and authorization information is stored in individually maintained Azure-based databases. The client has asked you to design a solution that allows authentication and authorization to be centralized. You recommend that your client deploy Azure AD and implement OAuth 2.0 for authorization.
You need to help your client identify the process that is performed by each OAuth 2.0 party.
Which process should you identify for each of the roles? To answer, select the appropriate options from the drop-down menus.

SC-100 Exam Question 67
Drag and Drop Question
You have an Azure subscription that contains a resources group named RG1. RG1 contains multiple Azure Files shares.
You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:
- Prevent the deletion of backups and the vault used to store the
backups.
- Prevent privilege escalation attacks against the backup solution.
- Prevent the modification of the backup retention period.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains a resources group named RG1. RG1 contains multiple Azure Files shares.
You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:
- Prevent the deletion of backups and the vault used to store the
backups.
- Prevent privilege escalation attacks against the backup solution.
- Prevent the modification of the backup retention period.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

SC-100 Exam Question 68
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.
What should you recommend?
You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.
What should you recommend?
SC-100 Exam Question 69
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
SC-100 Exam Question 70
You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.
You use Microsoft Defender XDR to manage the tenants of your company's customers.
You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:
- The Group1 users must only be assigned the Security Operator role for the customer tenants.
- The users in Group2 must be able to assign the Security Operators
role to the Group1 users for the customer tenants.
- The use of quest accounts must be minimized.
- Administrative effort must be minimized.
What should you include in the solution?
You use Microsoft Defender XDR to manage the tenants of your company's customers.
You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:
- The Group1 users must only be assigned the Security Operator role for the customer tenants.
- The users in Group2 must be able to assign the Security Operators
role to the Group1 users for the customer tenants.
- The use of quest accounts must be minimized.
- Administrative effort must be minimized.
What should you include in the solution?


