A fully updated 2026 SC-100 Exam Dumps exam guide from training expert ExamTorrent
Provides complete coverage of every objective on exam and exam preparation SC-100
NEW QUESTION # 112
You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications.
You need to recommend a deployment solution that includes network security groups (NSGs) Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure.
What should you include in the recommendation?
- A. Azure Advisor
- B. Azure Security Benchmark v3
- C. the Azure landing zone accelerator
- D. the Azure Will-Architected Framework
Answer: C
NEW QUESTION # 113
You open Microsoft Defender for Cloud as shown in the following exhibit.
Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Selection 1: NSG Selection
Selection 2: Microsoft Defender for servers
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
NEW QUESTION # 114
You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE; Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 115
You need to recommend a solution to meet the compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 116
You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive dat a. What should you include in the recommendation?
- A. Azure Purview
- B. Microsoft Information Protection
- C. Microsoft Defender for Cloud Apps
- D. insider risk management
Answer: B
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide You can use sensitivity labels to: Provide protection settings that include encryption and content markings. For example, apply a "Confidential" label to a document or email, and that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content. Protect content in Office apps across different platforms and devices. Supported by Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web. Supported on Windows, macOS, iOS, and Android. Protect content in third-party apps and services by using Microsoft Defender for Cloud Apps. With Defender for Cloud Apps, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.
NEW QUESTION # 117
You have an Azure subscription.
You plan to deploy multiple containerized microservice-based apps to Azure Kubernetes Service (AKS).
You need to recommend a solution that meets the following requirements:
- Manages secrets
- Provides encryption
- Secures service-to-service communication by using mTLS encryption
- Minimizes administrative effort
What should you include in the recommendation?
- A. Dapr
- B. Envoy
- C. Istio
- D. Flux
Answer: C
Explanation:
You can use Istio for implementing mTLS. You need to install Istio in your Kubernetes cluster.
Istio is an open-source service mesh that layers transparently onto existing distributed applications. Istio's powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio enables load balancing, service-to-service authentication, and monitoring ?with few or no service code changes. Its powerful control plane brings vital features, including:
Secure service-to-service communication in a cluster with TLS encryption, strong identity-based authentication and authorization.
Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Reference:
https://learn.microsoft.com/en-us/azure/aks/istio-about
NEW QUESTION # 118
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.
You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements-.
* Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
* Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 119
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines.
If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
- A. application control policies in Microsoft Defender for Endpoint
- B. OAuth app policies in Microsoft Defender for Cloud Apps
- C. Azure Active Directory (Azure AD) Conditional Access App Control policies
- D. app protection policies in Microsoft Endpoint Manager
Answer: A
Explanation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/selec
NEW QUESTION # 120
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. The client access tokens are refreshed.
- B. Microsoft Defender for Endpoint reports the endpoints as compliant.
- C. Microsoft Intune reports the endpoints as compliant.
- D. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
Answer: A,D
Explanation:
https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust-
https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens
NEW QUESTION # 121
You are creating the security recommendations for an Azure App Service web app named App1.
App1 has the following specifications:
* Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
* Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 122
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 123
You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CO) workflows.
You need to recommend best practices to secure the stages of the CI/CD workflows based on the Microsoft Cloud Adoption Framework for Azure.
What should you include in the recommendation for each stage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 124
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
NEW QUESTION # 125
You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.
You use Microsoft Defender XDR to manage the tenants of your company's customers.
You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:
* The Group1 users must only be assigned the Security Operator role for the customer tenants.
* The users in Group2 must be able to assign the Security Operators role to the Group1 users for the customer tenants.
* The use of guest accounts must be minimized.
* Administrative effort must be minimized.
What should you include in the solution?
- A. Privileged Identity Management (PIM)
- B. Microsoft Entra B2B collaboration
- C. Azure Lighthouse
- D. multi-user authorization (MUA)
Answer: C
NEW QUESTION # 126
You have an Azure SQL database named DB1 that contains customer information.
A team of database administrators has full access to DB1.
To address customer inquiries, operators in the customer service department use a custom web app named App1 to view the customer information.
You need to design a security strategy for D81. The solution must meet the following requirements:
* When the database administrators access DB1 by using SQL management tools, they must be prevented from viewing the content of the Credit Card attribute of each customer record.
* When the operators view customer records in App1, they must view only the last four digits of the Credit Card attribute.
What should you include in the design? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 127
Your company wants to optimize using Azure to protect its resources from ransomware.
You need to recommend which capabilities of Azure Backup and Azure Storage provide the strongest protection against ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:

NEW QUESTION # 128
Hotspot Question
You plan to deploy an Azure API Management solution that will enable different groups of developers to access different sets of APIs at random times and rates.
You need to recommend the pricing tier that should be purchased and the scope at which the rate limit policies should be applied. The solution must meet the following requirements:
- Ensure that each group of developers can access only specific sets of APIs.
- Ensure that each set of APIs can be configured with specific rate
limits.
- Minimize development and administrative effort and costs.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Standard V2
Standard v2 - Standard v2 is a production-ready tier with support for network-isolated backends.
Box 2: Product
API Management allows you to define policies at the following scopes, from most broad to most narrow:
Global (all APIs)
Workspace (all APIs associated with a selected workspace)
*-> Product (all APIs associated with a selected product)
API (all operations in an API)
Operation (single operation in an API)
When configuring a policy, you must first select the scope at which the policy applies.
Reference:
https://learn.microsoft.com/en-us/azure/api-management/api-management-features
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-policies
NEW QUESTION # 129
You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).
You need to define the recovery steps for a ransomware attack that encrypted data in the subscription. The solution must follow Microsoft Security Best Practices.
What is the first step in the recovery plan?
- A. Contact law enforcement.
- B. From Microsoft Defender for Endpoint, perform a security scan.
- C. Disable Microsoft OneDrive sync and Exchange ActiveSync.
- D. Recover files to a cleaned computer or device.
Answer: C
Explanation:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recover-from- ransomware?view=o365-worldwide
NEW QUESTION # 130
You have a Microsoft 365 tenant.
Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:
* Users must be able to request access to App1 by using a self-service request.
* When users request access to App1, they must be prompted to provide additional information about their request.
* Every three months, managers must verify that the users still require access to Appl.
What should you include in the design?
- A. Azure AD Application Proxy
- B. Microsoft Entra Identity Governance
- C. connected apps in Microsoft Defender for Cloud Apps
- D. access policies in Microsoft Defender for Cloud Apps
Answer: B
Explanation:
a
NEW QUESTION # 131
You are designing a security operations strategy based on the Zero Trust framework.
You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).
Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer, move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
NEW QUESTION # 132
You open Microsoft Defender for Cloud as shown in the following exhibit.
Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Selection 1: NSG Selection
Selection 2: Microsoft Defender for servers
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
NEW QUESTION # 133
Your company has Microsoft 365 E5 licenses and Azure subscriptions.
The company plans to automatically label sensitive data stored in the following locations:
* Microsoft SharePoint Online
* Microsoft Exchange Online
* Microsoft Teams
You need to recommend a strategy to identify and protect sensitive data.
Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Groups and sites
Box 2: Groups and sites
Box 3: Files and emails -
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide Go to label scopes
NEW QUESTION # 134
......
Tested Material Used To SC-100: https://pass4sure.examtorrent.com/SC-100-prep4sure-dumps.html
