SC-100 Exam Question 96
You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed.
You plan to deploy the following configuration of Microsoft Entra Internet Access:
- Enable a baseline profile.
- Create a security profile named Profile1 that has a priority of 300
and contains a single web content filtering policy named
WCFPolicy1.Configure WCFPolicy1 as follows:
- Set Action to allow.
- Include a single rule that has a fully qualified domain name (FQDN)
destination of *.adatum.com. Link Profile1 to a Conditional Access
policy named CAPolicy1, apply CAPolicy1 to all users, and grant access
unless a user's device is noncompliant.
You need to evaluate the impact of the planned deployment on traffic to the following resources:
- https://www.adatum.com:8433
- https://www.fabrikam.com
Which two traffic scenarios will occur? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You plan to deploy the following configuration of Microsoft Entra Internet Access:
- Enable a baseline profile.
- Create a security profile named Profile1 that has a priority of 300
and contains a single web content filtering policy named
WCFPolicy1.Configure WCFPolicy1 as follows:
- Set Action to allow.
- Include a single rule that has a fully qualified domain name (FQDN)
destination of *.adatum.com. Link Profile1 to a Conditional Access
policy named CAPolicy1, apply CAPolicy1 to all users, and grant access
unless a user's device is noncompliant.
You need to evaluate the impact of the planned deployment on traffic to the following resources:
- https://www.adatum.com:8433
- https://www.fabrikam.com
Which two traffic scenarios will occur? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 97
You have an Azure subscription and a Microsoft 365 subscription.
Your company uses several software as a service (SaaS) applications.
To align with Microsoft cloud security benchmark (MCSB) and Microsoft Cybersecurity Reference Architectures (MCRA), you plan to design a solution to provide visibility into user activity across the applications and detect potentially risky behavior in real time.
Which service should you recommend?
Your company uses several software as a service (SaaS) applications.
To align with Microsoft cloud security benchmark (MCSB) and Microsoft Cybersecurity Reference Architectures (MCRA), you plan to design a solution to provide visibility into user activity across the applications and detect potentially risky behavior in real time.
Which service should you recommend?
SC-100 Exam Question 98
Hotspot Question
You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.
You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:
- Support access to the shares by using the SMB protocol.
- Limit access to the blobs to specific periods of time.
- Include authentication support when possible.
What should you recommend for each resource? To answer, select the options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.
You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:
- Support access to the shares by using the SMB protocol.
- Limit access to the blobs to specific periods of time.
- Include authentication support when possible.
What should you recommend for each resource? To answer, select the options in the answer area.
NOTE: Each correct selection is worth one point.

SC-100 Exam Question 99
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.
Does this meet the goal?
SC-100 Exam Question 100
You have an Azure subscription.
Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.
What should you recommend using to enforce the governance requirement?
Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.
What should you recommend using to enforce the governance requirement?


