SC-100 Exam Question 36

Hotspot Question
You have a Microsoft Entra tenant named contoso.com that syncs with an Active Directory Domain Services (AD DS) domain named corp.contoso.com The domain contains 100 devices that have the following configurations:
- Hybrid joined
- Enrolled in Microsoft Intune
- Disabled built-in local administrator account
- Contain a local user account named User1 that is a member of the local administrators group You need to recommend a solution that meets the following requirements:
- Ensures that the Directory Services Restore Mode (DSRM) credentials of each domain controller are backed up to the AD DS database
- Ensures that the password of User1 changes automatically every 60 days
- Ensures that the credentials of User1 are stored in an encrypted store
- Prevents the User1 password from being changed manually
- Whenever possible, stores all credentials in contoso.com
- Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

SC-100 Exam Question 37

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?
  • SC-100 Exam Question 38

    You have a customer that has a Microsoft 365 subscription and uses the Free edition of Microsoft Entra ID.
    The customer plans to obtain an Azure subscription and provision several Azure resources.
    You need to evaluate the customer's security environment.
    What will necessitate an upgrade from the Microsoft Entra Free edition to the Premium edition?
  • SC-100 Exam Question 39

    Hotspot Question
    You have a Microsoft 365 E5 subscription that uses Microsoft Purview, SharePoint Online, and OneDrive for Business.
    You need to recommend a ransomware protection solution that meets the following requirements:
    - Mitigates attacks that make copies of files, encrypt the copies, and
    then delete the original files
    - Mitigates attacks that encrypt files in place
    - Minimizes administrative effort
    What should you include in the recommendation? To answer, select the appropriate options in the answer area.
    NOTE: Each correct selection is worth one point.

    SC-100 Exam Question 40

    You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.
    Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion1.
    You need to ensure that the virtual machines can be accessed only by using bastion1. The solution must prevent the use of NSG rules to bypass bastion1.
    What should you include in the solution?