Free Microsoft SC-100 Exam Questions

Question 1

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?

A : data flow

B : system flow

C : process flow

D : network flow

Answer: A

Question 2

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD.

You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.

You plan to remove all the domain accounts from the Administrators groups on the Windows computers.

You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.

What should you include in the recommendation?

A : Local Administrator Password Solution (LAPS)

B : Azure AD Identity Protection

C : Azure AD Privileged Identity Management (PIM)

D : Privileged Access Workstations (PAWs)

Answer: A

Question 3

Your company has a hybrid cloud infrastructure.The company plans to hire several temporary employees within a brief period. The temporaryemployees will need to access applications and data on the company' premises network.The company's security policy prevents the use of personal devices for accessing company data andapplications.You need to recommend a solution to provide the temporary employee with access to companyresources. The solution must be able to scale on demand.What should you include in the recommendation?

A : Migrate the on-premises applications to cloud-based applications.

B : Redesign the VPN infrastructure by adopting a split tunnel configuration

C : Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D : Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

Question 4

You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A : Enable Microsoft Defender for Cosmos DB.

B : Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace

C : Disable local authentication for Azure Cosmos DB.

D : Enable Microsoft Defender for Identity

E : Send the Azure Cosmos DB logs to a Log Analytics workspace.

Answer: B,C

Question 5

Your company has a hybrid cloud infrastructure.The company plans to hire several temporary employees within a brief period. The temporaryemployees will need to access applications and data on the company' premises network.The company's security policy prevents the use of personal devices for accessing company data andapplications.You need to recommend a solution to provide the temporary employee with access to companyresources. The solution must be able to scale on demand.What should you include in the recommendation?

A : Migrate the on-premises applications to cloud-based applications.

B : Redesign the VPN infrastructure by adopting a split tunnel configuration

C : Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D : Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D