SC-100 Exam Question 91
Your on-premises network contains an Active Directory Domain Services (AD DS) domain and a hybrid deployment between a Microsoft Exchange Server 2019 organization and an Exchange Online tenant. The AD DS domain contains a group named Group1. Group1 is a member of the Organization Management role group for the Exchange deployment.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender.
You have an Azure subscription that uses Microsoft Sentinel.
You need to recommend a solution to ensure that Group1 is marked as a sensitive group and that any changes made to Group1 raises an alert in Microsoft Sentinel. The solution must minimize administrative effort.
What should you include in the recommendation?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender.
You have an Azure subscription that uses Microsoft Sentinel.
You need to recommend a solution to ensure that Group1 is marked as a sensitive group and that any changes made to Group1 raises an alert in Microsoft Sentinel. The solution must minimize administrative effort.
What should you include in the recommendation?
SC-100 Exam Question 92
Drag and Drop Question
You are designing a security operations strategy based on the Zero Trust framework.
You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).
Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.

You are designing a security operations strategy based on the Zero Trust framework.
You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).
Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.

SC-100 Exam Question 93
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing the encryption standards for data at rest for an Azure resource.
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-
256 keys. The solution must support rotating the encryption keys monthly.
Solution: For blob containers in Azure Storage, you recommend encryption that uses customer- managed keys (CMKs).
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing the encryption standards for data at rest for an Azure resource.
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-
256 keys. The solution must support rotating the encryption keys monthly.
Solution: For blob containers in Azure Storage, you recommend encryption that uses customer- managed keys (CMKs).
Does this meet the goal?
SC-100 Exam Question 94
Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud:
- Access to storage accounts with firewall and virtual network
configurations should be restricted
- Storage accounts should restrict network access using virtual network rules.
- Storage account should use a private link connection.
- Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations.
What should you recommend?
You receive the following recommendations in Defender for Cloud:
- Access to storage accounts with firewall and virtual network
configurations should be restricted
- Storage accounts should restrict network access using virtual network rules.
- Storage account should use a private link connection.
- Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations.
What should you recommend?
SC-100 Exam Question 95
You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1.
You plan to migrate DB1 to Azure.
You need to recommend an encrypted Azure database solution that meets the following requirements:
- Minimizes the risks of malware that uses elevated privileges to
access sensitive data
- Prevents database administrators from accessing sensitive data
- Enables pattern matching for server-side database operations
- Supports Microsoft Azure Attestation
- Uses hardware-based encryption
What should you include in the recommendation?
You plan to migrate DB1 to Azure.
You need to recommend an encrypted Azure database solution that meets the following requirements:
- Minimizes the risks of malware that uses elevated privileges to
access sensitive data
- Prevents database administrators from accessing sensitive data
- Enables pattern matching for server-side database operations
- Supports Microsoft Azure Attestation
- Uses hardware-based encryption
What should you include in the recommendation?

