Microsoft SC-100 Exam Practice Test Instant Access

Question 1

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

AAzure AD Conditional Access integration with user flows and custom policies

BAzure AD workbooks to monitor risk detections

Ccustom resource owner password credentials (ROPC) flows in Azure AD B2C

Daccess packages in Identity Governance

Esmart account lockout in Azure AD B2C

Answer : A, E

https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management

https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow

Question 2

You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

AEnable Microsoft Defender for Cosmos DB.

BSend the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.

CDisable local authentication for Azure Cosmos DB.

DEnable Microsoft Defender for Identity.

ESend the Azure Cosmos DB logs to a Log Analytics workspace.

Answer : B, C

https://docs.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs

Question 3

You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.

In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

ALinux containers deployed to Azure Container Registry

BLinux containers deployed to Azure Kubernetes Service (AKS)

CWindows containers deployed to Azure Container Registry

DWindows containers deployed to Azure Kubernetes Service (AKS)

ELinux containers deployed to Azure Container Instances

Answer : A, C

https://docs.microsoft.com/en-us/learn/modules/design-strategy-for-secure-paas-iaas-saas-services/9-specify-security-requirements-for-containers

https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction#view-vulnerabilities-for-running-images

Question 4

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.

You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.

Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

AConfigure auto provisioning.

BAssign regulatory compliance policies.

CReview the inventory.

DAdd a workflow automation.

EEnable Defender plans.

Answer : A, E

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation

Question 5

You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.

Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion!

You need to ensure that the virtual machines can be accessed only by using bastion! The solution must prevent the use of NSG rules to bypass bastion1.

What should you include in the solution?

AAzure Virtual Network Manager connectivity configurations

BAzure Virtual Network Manager security admin rules

CAzure Firewall application rules

DAzure Firewall network rules

Answer : B

Question 6

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.

You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.

What should you recommend?

Aan Azure AD user account that has a password stored in Azure Key Vault

Ba group managed service account (gMSA)

Can Azure AD user account that has role assignments in Azure AD Privileged Identity Management (PIM)

Da managed identity in Azure

Answer : A

Question 7

Your company has an office in Seattle.

The company has two Azure virtual machine scale sets hosted on different virtual networks.

The company plans to contract developers in India.

You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:

* Prevent exposing the public IP addresses of the virtual machines.

* Provide the ability to connect without using a VPN.

* Minimize costs.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

ADeploy Azure Bastion to one virtual network.

BDeploy Azure Bastion to each virtual network.

CEnable just-in-time VM access on the virtual machines.

DCreate a hub and spoke network by using virtual network peering.

ECreate NAT rules and network rules in Azure Firewall.

Answer : A, D

https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure-bastion

Microsoft Cybersecurity Architect SC-100 Exam Practice Test