SC-100 Exam Questions
236 real SC-100 exam questions with expert-verified answers and explanations. Page 5 of 5.
- Question #273Design security operations, identity, and compliance capabilities
You have a multicloud environment that contains an Azure subscription, an Amazon Web Services (AWS) subscription, and a Google Cloud Platform (GCP) subscription. You plan to assess...
Multicloud securityCompliance managementMicrosoft Defender for CloudCSPM - Question #274Design security operations, identity, and compliance capabilities
You have two Azure subscriptions named Sub1 and Sub2 that contain the vaults shown in the following table. You need to design a multi-user authorization (MUA) solution for security...
Azure BackupMulti-user Authorization (MUA)Resource GuardSecurity Operations - Question #289Design solutions that align with security best practices and priorities
You have a Microsoft 365 E5 subscription and an Azure subscription. You need to recommend a solution to enforce the Zero Trust principle of explicit verification for the subscripti...
Zero TrustExplicit VerificationConditional AccessIdentity and Access Management - Question #290Design security operations, identity, and compliance capabilities
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Serve1 that runs Windows Server 2022. You have an Azure sub...
Azure BastionRemote Desktop Protocol (RDP)Multifactor Authentication (MFA)Hybrid Identity - Question #291Design security operations, identity, and compliance capabilities
You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Microsoft Entra credential...
Microsoft Entra IDSaaS Application IntegrationSingle Sign-On (SSO)Enterprise Applications - Question #294Design security operations, identity, and compliance capabilities
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...
SaaS app securityMicrosoft Defender XDRCloud App SecurityAccess control - Question #295Design security solutions for applications and data
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...
Microsoft Defender for Cloud AppsCASBSaaS App GovernanceAccess Control - Question #296Design security solutions for applications and data
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...
Microsoft Defender for Cloud Apps (MDCA)SaaS SecurityAccess ControlRisk Management - Question #297Design security operations, identity, and compliance capabilities
Your network contains an Active Directory Domain Services (AD DS) domain. You need to ensure that the built-in administrator account for the domain can be used only for interactive...
Active Directory SecurityUser Rights AssignmentLogon RestrictionsAdministrative Account Security - Question #301Design security operations, identity, and compliance capabilities
You have a multicloud environment that contains an Azure subscription, an Amazon Web Services (AWS) subscription, and a Google Cloud Platform (GCP) subscription. You plan to implem...
Cloud Security Posture Management (CSPM)Microsoft Defender for CloudAttack Path AnalysisExternal Attack Surface Management (EASM) - Question #302Design security solutions for applications and data
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...
Conditional AccessSaaS App SecurityIntune App ProtectionMicrosoft Defender for Cloud Apps - Question #306Design security operations, identity, and compliance capabilities
You have a Microsoft Entra tenant named contoso.com. You have a partner company that has a multi-tenant application named App1. App1 is registered to a Microsoft Entra tenant named...
Azure ADMulti-tenant appsService principalApplication identity - Question #307Design security operations, identity, and compliance capabilities
Your company has on-premises datacenters in Seattle, Chicago, and New York City. You plan to migrate the on-premises workloads to the East US Azure region. You need to design a gov...
Azure Management GroupsAzure Landing ZonesCloud Adoption Framework (CAF)Hybrid ConnectivityAzure Governance - Question #312Design security operations, identity, and compliance capabilities
You have an Azure subscription that is linked to a Microsoft Entra tenant. You plan deploy an enterprise application named App1. App1 requires LDAP to look up attributes related to...
Microsoft Entra Domain ServicesLDAPApplication IntegrationIdentity Management - Question #313Design security operations, identity, and compliance capabilities
You have a Microsoft Entra tenant named contoso.onmicrosoft.com and an Azure subscription named Sub1. You need to implement Microsoft Entra Verified ID by using Quick Verified ID s...
Microsoft Entra Verified IDDecentralized IdentityCustom DomainsPrerequisites - Question #314Design security operations, identity, and compliance capabilities
Drag and Drop Question You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. You have a Conditional Access policy named Policy1 that o...
Conditional AccessSharePoint SecuritySensitivity LabelsAzure AD Authentication Contexts - Question #315Design security solutions for infrastructure
You have an Azure subscription. The subscription contains 200 virtual machines that run Windows Server 2022 and are protected by using Microsoft Defender for Servers Plan 1. You ha...
Azure ArcDefender for CloudMulti-cloud SecurityWorkload Protection - Question #316Design security solutions for infrastructure
You have an Azure subscription. The subscription contains 100 virtual machines that run Linux on Windows Server. The subscription uses Microsoft Defender for Servers Plan 1. You ne...
Vulnerability ManagementMicrosoft Defender for ServersSecurity Posture ManagementInfrastructure Security - Question #317Design security solutions for infrastructure
You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows 11 Pro and are enrolled in Microsoft Intune. You need to evaluate the use of Micros...
Microsoft Defender Vulnerability ManagementAttack surface reductionEndpoint securityConfiguration recommendations - Question #318Design security operations, identity, and compliance capabilities
You have an Azure subscription that contains the Azure Virtual Machine Scale Sets shown in the following table. You are evaluating Azure Update Manager and automatic virtual machin...
Azure Update ManagerVM Scale SetsAutomatic PatchingFlexible Orchestration - Question #322Design security solutions for applications and data
You have a Microsoft 365 tenant. You have an Azure subscription that contains Azure App Service web apps. The apps have the following characteristics: - The apps use third-party an...
Supply Chain SecurityApplication SecuritySecret ManagementGitHub Advanced Security - Question #323Design security operations, identity, and compliance capabilities
You have an Azure subscription and a Microsoft 365 subscription. Your company uses several software as a service (SaaS) applications. To align with Microsoft cloud security benchma...
Microsoft Defender for Cloud AppsCASBSaaS securityReal-time risk detection - Question #325Design security operations, identity, and compliance capabilities
Drag and Drop Question You have an Azure environment that contains multiple workloads deployed across multiple subscriptions. You need to recommend a solution to assess and improve...
Cloud Adoption Framework (CAF)Azure Well-Architected Framework (WAF)Azure GovernanceSecurity Posture Management - Question #326Design security operations, identity, and compliance capabilities
You have a Microsoft 365 subscription that contains a group named Group1. The subscription is linked to a Microsoft Entra ID P1 tenant. You have an external software as a service (...
Conditional AccessMicrosoft Entra IDSaaS Application SecurityDevice Identity - Question #328Design security solutions for applications and data
Drag and Drop Question You have an Azure Storage account named storage1. You plan to secure storage1 by using a Bring Your Own Key (BYOK) strategy. You create an Azure key vault na...
Azure StorageCustomer-managed keys (CMK)Azure Key VaultManaged Identity - Question #329Design security solutions for applications and data
You have an Azure subscription that contains 15 custom apps. The source files for the apps are stored in Git repositories. The apps are deployed by using Azure DevOps. You need to...
DevSecOpsSASTSecret ScanningApplication Security - Question #330Design security operations, identity, and compliance capabilities
You have an on-premises server named Server1. Server1 is an FTP server that can be accessed by only the users at your company. You have an Azure subscription. You need to recommend...
Zero Trust Network AccessMicrosoft Entra Private AccessConditional AccessOn-premises resource access - Question #331Design security solutions for infrastructure
You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named contoso.com. Sub1 contains 20 virtual networks named Sub1_VNet1 through Sub1_VNet20. You...
Azure Virtual Network Manager (AVNM)Network Security Groups (NSG)Cross-tenant managementNetwork security policy - Question #334Design security solutions for applications and data
You have an Azure subscription that contains a web app named App1. App1 uses a Microsoft Entra user account named SRV1 as a service account to authenticate to an Azure SQL database...
Managed IdentityAzure Web AppAzure SQL DatabaseAuthentication - Question #336Design solutions that align with security best practices and priorities
You are designing a ransomware mitigation strategy. You perform a ransomware risk assessment and identify business-critical assets. You need to recommend a solution to mitigate ran...
Ransomware MitigationData ProtectionIdentity and Access ManagementBackup and Recovery - Question #339Design security operations, identity, and compliance capabilities
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named Domain1. Domain1 contains 10 domain controllers. You have an Azure subscription named Sub...
Microsoft SentinelData IngestionCost OptimizationActive DirectoryMicrosoft 365 E5 Licensing - Question #340Design security solutions for infrastructure
You have an Azure subscription. You have a subscription to a third-party cloud provider. The subscription contains 100 virtual machines. You manage cloud security for both subscrip...
Cross-cloud securityAzure ArcMicrosoft Defender for CloudSecurity posture management - Question #341Design security operations, identity, and compliance capabilities
You have an Azure subscription that uses Microsoft Defender for Cloud. You have Amazon Web Services (AWS), Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI) subscr...
Microsoft Defender for CloudMulti-cloud securityCustom security standardsCloud Security Posture Management - Question #343Design solutions that align with security best practices and priorities
You have a Microsoft 365 subscription. You have a Conditional Access policy that has the following settings: Name: Policy 1 Assignments - Users: -- Include: All users - Target reso...
Conditional AccessZero TrustRapid Modernization Plan (RaMP)Network conditions - Question #344Design security solutions for applications and data
You have an Azure subscription. You have an on-premises datacenter that contains Microsoft SQL Server instances. Each instance contains multiple databases. You have a Microsoft 365...
Vulnerability ManagementSQL SecurityHybrid Cloud SecurityMicrosoft Defender for Cloud - Question #345Design security solutions for infrastructure
You have an Azure subscription. You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protect...
Vulnerability ManagementMicrosoft Defender for ServersAzure ArcHardware Firmware Security