Microsoft SC-100 Exam Practice Test Instant Access

Question 1

You have a Microsoft 365 subscription that contains 1,000 users. Each user is assigned a Microsoft 365 E5 license.

The subscription uses sensitivity labels to classify corporate documents. All the users have Windows 11 devices that are onboarded to Microsoft Defender for Endpoint and are configured to sync files to Microsoft OneDrive.

You need to prevent the users from uploading the documents from OneDrive to external websites.

What should you include in the solution?

AMicrosoft Purview Information Protection

BMicrosoft Purview data loss prevention (DLP)

Cweb content filtering in Defender for Endpoint

Dan endpoint security policy

Answer : B

Question 2

You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.

You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.

What should you recommend?

AThe AKS cluster version must be upgraded.

BThe updates must first be applied to the image used to provision the nodes.

CThe nodes must restart after the updates are applied.

Answer : B

Question 3

Your company has a main office and 10 branch offices. Each branch office contains an on-premises file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet The solution must ensure that all the web traffic from the devices in the branch offices is controlled by using Global Secure Access.

What should you do first in each branch office?

AConfigure an Intune policy to deploy the Global Secure Access client to each device.

BConfigure an IPsec tunnel on the router.

CInstall the Microsoft Entra private network connector on the file server.

DConfigure an Intune policy to onboard Microsoft Defender for Endpoint to each device.

Answer : B

Question 4

You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.

Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion!

You need to ensure that the virtual machines can be accessed only by using bastion! The solution must prevent the use of NSG rules to bypass bastion1.

What should you include in the solution?

AAzure Virtual Network Manager connectivity configurations

BAzure Virtual Network Manager security admin rules

CAzure Firewall application rules

DAzure Firewall network rules

Answer : B

Question 5

You have an on-premises app named App1. Remote users access App1 by using VPN connections. You have a third-party software as a service (SaaS) app named App2. You need to deploy Global Secure Access to manage access to App1 and App2. What should you use for each app?

AMicrosoft Entra Private Access for App1 and Microsoft Entra Internet Access for App2

BMicrosoft Entra Private Access for App1 and App2

CMicrosoft Entra Internet Access for App1 and App2

DMicrosoft Entra Private Access for App2 and Microsoft Entra Internet Access for App1

Answer : A

Question 6

You have a multicloud environment that contains Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) subscriptions.

You need to discover and review role assignments across the subscriptions.

What should you use?

AMicrosoft Entra Permissions Management

BMicrosoft Defender for Identity

CAzure Lighthouse

DMicrosoft Entra ID Governance

Answer : C

Question 7

You have an Azure subscription

You plan to deploy multiple containerized microservice-based apps to Azure Kubemetes Service (AKS)

You need to recommend a solution that meets the following requirements:

* Manages secrets

* Provides encryption

* Secures service-to-service communication by using mTLS encryption

* Minimizes administrative effort

What should you include in the recommendation?

AFlux

BEnvoy

CDapr

DIstio

Answer : D

Microsoft SC-100 Microsoft Cybersecurity Architect Exam Practice Test