Question 1

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary

employees will need to access applications and data on the company' premises network.

The company's security policy prevents the use of personal devices for accessing company data and

applications.

You need to recommend a solution to provide the temporary employee with access to company

resources. The solution must be able to scale on demand.

What should you include in the recommendation?

Options :

A : Migrate the on-premises applications to cloud-based applications.

B : Redesign the VPN infrastructure by adopting a split tunnel configuration

C : Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D :

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

Question 2

Your company has devices that run either Windows 10, Windows 11, or Windows Server.

You are in the process of improving the security posture of the devices.

You plan to use security baselines from the Microsoft Security Compliance Toolkit.

What should you recommend using to compare the baselines to the current device configurations?

Options :

A : Microsoft Intune

B : Policy Analyzer

C : Local Group Policy Object (LGPO)

D : Windows Autopilot

Answer: B

Question 3

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options :

A : an Azure AD enterprise application

B : a retying party trust in Active Directory Federation Services (AD FS)

C : Azure AD Application Proxy

D : Azure AD B2C

Answer: C

Question 4

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating

the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports

controls.

Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Question 5

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an

Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the

internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

Ensure that the security operations team can access the security logs and the operation logs.

Ensure that the IT operations team can access only the operations logs, including the event logs of

the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a

complete solution. NOTE: Each correct selection is worth one point.

Options :

A : Configure Azure Active Directory (Azure AD) Conditional Access policies.

B : Use the Azure Monitor agent with the multi-homing configuration.

C : Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

D : Create a custom collector that uses the Log Analytics agent.

Answer: B,C

Higher Test Marks with Free Online SC-100 Exam Practice

Buying Options: