• Home
  • Articles
  • [UPDATED 2022] Free Microsoft SC-100 Exam Questions Self-Assess Preparation [Q15-Q40]

[UPDATED 2022] Free Microsoft SC-100 Exam Questions Self-Assess Preparation [Q15-Q40]

Share

[UPDATED 2022] Free Microsoft SC-100 Exam Questions Self-Assess Preparation

SC-100 Free Sample Questions to Practice One Year Update

NEW QUESTION 15
You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 16
Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating.
The company identifies protected health information (PHI) within stored documents and communications.
What should you recommend using to prevent the PHI from being shared outside the company?

  • A. sensitivity label policies
  • B. retention policies
  • C. data loss prevention (DLP) policies
  • D. insider risk management policies

Answer: A

 

NEW QUESTION 17
You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 18
Your company has an office in Seattle.
The company has two Azure virtual machine scale sets hosted on different virtual networks.
The company plans to contract developers in India.
You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:
* Prevent exposing the public IP addresses of the virtual machines.
* Provide the ability to connect without using a VPN.
* Minimize costs.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Enable just-in-time VM access on the virtual machines.
  • B. Deploy Azure Bastion to one virtual network.
  • C. Create a hub and spoke network by using virtual network peering.
  • D. Create NAT rules and network rules in Azure Firewall.
  • E. Deploy Azure Bastion to each virtual network.

Answer: B,C

 

NEW QUESTION 19
You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 20
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines.
If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

  • A. Azure Security Benchmark compliance controls m Defender for Cloud
  • B. app discovery anomaly detection policies in Microsoft Defender for Cloud Apps
  • C. adaptive application controls in Defender for Cloud
  • D. app protection policies in Microsoft Endpoint Manager

Answer: C

 

NEW QUESTION 21
You are creating the security recommendations for an Azure App Service web app named App1.
App1 has the following specifications:
* Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
* Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 22
You need to recommend a solution to meet the requirements for connections to ClaimsDB.
What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 23
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementation.
You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. Microsoft Defender for Containers
  • B. Azure Active Directory (Azure AD) Conditional Access
  • C. Microsoft Defender for servers
  • D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • E. Azure Policy

Answer: A,B

 

NEW QUESTION 24
Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend creating private endpoints for the web app and the database layer.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

 

NEW QUESTION 25
What should you create in Azure AD to meet the Contoso developer requirements?

Answer:

Explanation:

 

NEW QUESTION 26
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

 

NEW QUESTION 27
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 28
Your company has devices that run either Windows 10, Windows 11, or Windows Server.
You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?

  • A. Microsoft Intune
  • B. Local Group Policy Object (LGPO)
  • C. Policy Analyzer
  • D. Windows Autopilot

Answer: D

 

NEW QUESTION 29
You need to recommend a solution to meet the compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 30
Your company is moving a big data solution to Azure.
The company plans to use the following storage workloads:
* Azure Storage blob containers
* Azure Data Lake Storage Gen2
* Azure Storage file shares
* Azure Disk Storage
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)?
Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. Azure Storage blob containers
  • B. Azure Disk Storage
  • C. Azure Storage file shares
  • D. Azure Data Lake Storage Gen2

Answer: A,D

 

NEW QUESTION 31
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

 

NEW QUESTION 32
Your company has an office in Seattle.
The company has two Azure virtual machine scale sets hosted on different virtual networks.
The company plans to contract developers in India.
You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:
* Prevent exposing the public IP addresses of the virtual machines.
* Provide the ability to connect without using a VPN.
* Minimize costs.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Enable just-in-time VM access on the virtual machines.
  • B. Create a hub and spoke network by using virtual network peering.
  • C. Create NAT rules and network rules in Azure Firewall.
  • D. Deploy Azure Bastion to each virtual network.
  • E. Deploy Azure Bastion to one virtual network.

Answer: B,C

 

NEW QUESTION 33
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

  • A. OAuth app policies in Microsoft Defender for Cloud Apps
  • B. application control policies in Microsoft Defender for Endpoint
  • C. Azure Active Directory (Azure AD) Conditional Access App Control policies
  • D. app protection policies in Microsoft Endpoint Manager

Answer: C

 

NEW QUESTION 34
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 35
You are creating the security recommendations for an Azure App Service web app named App1.
App1 has the following specifications:
* Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
* Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 36
Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DSV You need to recommend an identity security strategy that meets the following requirements:
* Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website
* Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned
The solution must minimize the need to deploy additional infrastructure components. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 37
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 38
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 39
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successtu\ ransonvwaTe attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. Require PINs for critical operations.
  • B. Enable soft delete for backups.
  • C. Encrypt backups by using customer-managed keys (CMKs).
  • D. Use Azure Monitor notifications when backup configurations change.
  • E. Perform offline backups to Azure Data Box.

Answer: A,E

 

NEW QUESTION 40
......


Schedule exam

Languages: English

Retirement date: none

This exam measures your ability to accomplish the following technical tasks: design a Zero Trust strategy and architecture; evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies; design security for infrastructure; and design a strategy for data and applications.

 

Real exam questions are provided for Microsoft Certified: Cybersecurity Architect Expert tests, which can make sure you 100% pass: https://www.test4cram.com/SC-100_real-exam-dumps.html

Download SC-100 exam with Microsoft SC-100 Real Exam Questions: https://drive.google.com/open?id=1d0QiEz69zK6Cjq3HnQLbU-VDCNzJ4OHU

Related Articles

more
Microsoft SC-100 Certification Practice Exam

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Test4cram provides latest and valid test questions and dumps which help people pass exam and get the certification they want. We serve every customer at our best and guarantee 100% pass with exam cram pdf.

Disclaimer:
Test4Cram doesn't offer Real Lenovo Exam Questions.
Test4Cram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Test4Cram does not own or claim any ownership on any of the brands.

Copyright © 2026 Test4Cram NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy