Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Microsoft SC-100 Practice Exam with Questions & Answers | Set: 2

Questions 11

You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.

You use Microsoft Defender XDR to manage the tenants of your company ' s customers.

You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:

    The Group1 users must only be assigned the Security Operator role for the customer tenants.

    The users in Group2 must be able to assign the Security Operators role to the Group1 users for the customer tenants.

    The use of guest accounts must be minimized.

    Administrative effort must be minimized.

What should you include in the solution?

Options:
A.

Privileged Identity Management (PIM)

B.

multi-user authorization (MUA)

C.

Microsoft Entra B2B collaboration

D.

Azure Lighthouse

Microsoft SC-100 Premium Access
Questions 12

Your company has a main office and 10 branch offices. Each branch office contains an on-premises file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet The solution must ensure that all the web traffic from the devices in the branch offices is controlled by using Global Secure Access.

What should you do first in each branch office?

Options:
A.

Configure an Intune policy to deploy the Global Secure Access client to each device.

B.

Configure an IPsec tunnel on the router.

C.

Install the Microsoft Entra private network connector on the file server.

D.

Configure an Intune policy to onboard Microsoft Defender for Endpoint to each device.

Questions 13

You have a Microsoft 365 subscription

You need to recommend a security solution to monitor the following activities:

• User accounts that were potentially compromised

• Users performing bulk file downloads from Microsoft SharePoint Online

What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each Correct selection is worth one Point.

SC-100 Question 13

Options:
Questions 14

You have an Azure subscription.

You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protected by using Microsoft Defender for Servers Plan 1.

You have a Microsoft 365 subscription.

You need to recommend a solution to identify which servers have outdated hardware drivers or firmware.

What should you include in the recommendation?

Options:
A.

Change all the servers to Microsoft Defender for Servers Plan 2.

B.

Add Microsoft Defender Vulnerability Management add-ons.

C.

Onboard all the servers to Azure Update Manager.

D.

Add the Microsoft Intune Suite add-on.

Questions 15

A customer has a Microsoft 365 E5 subscription and an Azure subscription.

The customer wants to centrally manage security incidents, analyze log, audit activity, and search for potential threats across all deployed services.

You need to recommend a solution for the customer. The solution must minimize costs.

What should you include in the recommendation?

Options:
A.

Microsoft 365 Defender

B.

Microsoft Defender for Cloud

C.

Microsoft Defender for Cloud Apps

D.

Microsoft Sentinel

Questions 16

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options:
A.

an Azure AD enterprise application

B.

a retying party trust in Active Directory Federation Services (AD FS)

C.

Azure AD Application Proxy

D.

Azure AD B2C

Questions 17

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.

You plan to deploy Azure virtual machines that will run Windows Server.

You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.

How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 17

Options:
Questions 18

Your company has a Microsoft 365 E5 subscription.

The company plans to deploy 45 mobile self-service kiosks that will run Windows 10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:

• Ensure that only authorized applications can run on the kiosks.

• Regularly harden the kiosks against new threats.

Which two actions should you include in the recommendations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:
A.

Onboard the kiosks to Azure Monitor.

B.

Implement Privileged Access Workstation (PAW) for the kiosks.

C.

Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.

D.

Implement threat and vulnerability management in Microsoft Defender for Endpoint.

E.

Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.

Questions 19

Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.

You receive the following recommendations in Defender for Cloud

• Access to storage accounts with firewall and virtual network configurations should be restricted,

• Storage accounts should restrict network access using virtual network rules.

• Storage account should use a private link connection.

• Storage account public access should be disallowed.

You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

Options:
A.

Azure Storage Analytics

B.

Azure Network Watcher

C.

Microsoft Sentinel

D.

Azure Policy

Questions 20

You plan to automate the development and deployment of a Nodejs-based app by using GitHub.

You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:

• Automate the generation of pull requests that remediate identified vulnerabilities.

• Automate vulnerability code scanning for public and private repositories.

• Minimize administrative effort.

• Minimize costs.

What should you recommend using? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 20

Options: