Question 1

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options :

A : Onboard the virtual machines to Microsoft Defender for Endpoint.

B : Onboard the virtual machines to Azure Arc.

C : Create a device compliance policy in Microsoft Endpoint Manager.

D : Enable the Qualys scanner in Defender for Cloud.

Answer: A,D

Question 2

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and

Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications

on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual

machines. If an unauthorized application attempts to run or be installed, the application must be

blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Options :

A : Azure Active Directory (Azure AD) Conditional Access App Control policies

B : OAuth app policies in Microsoft Defender for Cloud Apps

C : app protection policies in Microsoft Endpoint Manager

D : application control policies in Microsoft Defender for Endpoint

Answer: D

Question 3

Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

Options :

A : activity policies in Microsoft Defender for Cloud Apps

B : sign-in risk policies in Azure AD Identity Protection

C : device compliance policies in Microsoft Endpoint Manager

D : Azure AD Conditional Access policies

E : user risk policies in Azure AD Identity Protection

Answer: E

Question 4

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an

Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the

internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

Ensure that the security operations team can access the security logs and the operation logs.

Ensure that the IT operations team can access only the operations logs, including the event logs of

the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a

complete solution. NOTE: Each correct selection is worth one point.

Options :

A : Configure Azure Active Directory (Azure AD) Conditional Access policies.

B : Use the Azure Monitor agent with the multi-homing configuration.

C : Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

D : Create a custom collector that uses the Log Analytics agent.

Answer: B,C

Question 5

Your on-premises network contains an e-commerce web app that was developed in Angular and

Node.js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The

solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the

database. The solution must follow the Zero Trust model.

Solution: You recommend implementing Azure Front Door with Azure Web Application Firewall

(WAF).

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Free SC-100 Mock Exam – Practice Online Confidently

Buying Options: