Microsoft SC-100 Exam Practice Test Instant Access

Question 1

You have an Azure subscription

You plan to deploy multiple containerized microservice-based apps to Azure Kubemetes Service (AKS)

You need to recommend a solution that meets the following requirements:

* Manages secrets

* Provides encryption

* Secures service-to-service communication by using mTLS encryption

* Minimizes administrative effort

What should you include in the recommendation?

AFlux

BEnvoy

CDapr

DIstio

Answer : D

Question 2

For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management What should you include in the recommendation?

Adevice registrations in Azure AD

Bapplication registrations m Azure AD

CAzure service principals with certificate credentials

DAzure service principals with usernames and passwords

Emanaged identities in Azure

Answer : E

Question 3

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.

You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.

What should you recommend?

Aan Azure AD user account that has a password stored in Azure Key Vault

Ba group managed service account (gMSA)

Can Azure AD user account that has role assignments in Azure AD Privileged Identity Management {PIM)

Da managed identity in Azure

Answer : D

Question 4

You are designing a security operations strategy based on the Zero Trust framework.

You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.

What should you do?

AEnable built-in compliance policies in Azure Policy.

BEnable self-healing in Microsoft 365 Defender.

CAutomate data classification.

DCreate hunting queries in Microsoft 365 Defender.

Answer : C

Question 5

You have an operational model based on the Microsoft Cloud Adoption framework for Azure.

You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, database, files, and storage accounts.

What should you include in the recommendation?

Asecurity baselines in the Microsoft Cloud Security Benchmark

Bmodern access control

Cbusiness resilience

Dnetwork isolation

Answer : A

Question 6

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

* Ensure that the security operations team can access the security logs and the operation logs.

* Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

AAzure Active Directory (Azure AD) Conditional Access policies

Ba custom collector that uses the Log Analytics agent

Cresource-based role-based access control (RBAC)

Dthe Azure Monitor agent

Answer : C, D

https://docs.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent

Question 7

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Aapp discovery anomaly detection policies in Microsoft Defender for Cloud Apps

Badaptive application controls in Defender for Cloud

CAzure Security Benchmark compliance controls m Defender for Cloud

Dapp protection policies in Microsoft Endpoint Manager

Answer : B

https://docs.microsoft.com/en-us/azure/defender-for-cloud/recommendations-reference#compute-recommendations

Microsoft SC-100 Microsoft Cybersecurity Architect Exam Practice Test