Free Microsoft SC-100 Practice Exam with Questions & Answers

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

Does this meet the goal?

You have to Azure subscriptions that contain 100 role-based access control (RBAC) role assignments.

You plan to consolidate the role assignments.

You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort.

What should you include in the recommendation?

You have an Azure AD tenant that syncs with an Active Directory Domain Services {AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD.

You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.

You plan to remove all the domain accounts from the Administrators group on the Windows computers.

You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.

What should you include in the recommendation?

You have an Azure subscription. The subscription contains 20 App Service web apps that provide services to external customers.

Each web app has a unique certificate and key.

You need to recommend a solution to manage the keys and certificates of the web apps. The solution must meet the follow requirements:

Provide a single tenancy to store the keys and certificates.

Maintain FIPS 140-2 Level 3 compliance.

Follow the principle of least privilege.

You have an Azure subscription that contains an Azure key vault named Vault1.

You plan to deploy multiple virtual machines that will host a custom app named App1. App1 will use secrets stored in Vault1. The virtual machines will be redeployed regularly based on the usage demands of App1.

You need to recommend a solution that will enable App1 to access the secrets stored in Vault1. The solution must meet the following requirements:

Minimize the number of security principals that can access Vault1.

Minimize the storage of sensitive data on the virtual machines.

Minimize administrative effort.

Which type of endpoint should App1 use to access the secrets, and which type of identity should App1 use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure SQL database named DB1 that contains customer information.

A team of database administrators has full access to DB1.

To address customer inquiries, operators in the customer service department use a custom web app named App1 to view the customer information.

You need to design a security strategy for D81. The solution must meet the following requirements:

• When the database administrators access DB1 by using SQL management tools, they must be prevented from viewing the content of the Credit Card attribute of each customer record.

• When the operators view customer records in App1, they must view only the last four digits of the Credit Card attribute.

What should you include in the design? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)