Question 1

Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

Options :

A : activity policies in Microsoft Defender for Cloud Apps

B : sign-in risk policies in Azure AD Identity Protection

C : device compliance policies in Microsoft Endpoint Manager

D : Azure AD Conditional Access policies

E : user risk policies in Azure AD Identity Protection

Answer: A

Question 2

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options :

A : Onboard the virtual machines to Microsoft Defender for Endpoint.

B : Onboard the virtual machines to Azure Arc.

C : Create a device compliance policy in Microsoft Endpoint Manager.

D : Enable the Qualys scanner in Defender for Cloud.

Answer: A,D

Question 3

Your company has a main office and 10 branch offices. Each branch office contains an on-premises

file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The

devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet

The solution must ensure that all the web traffic from the devices in the branch offices is controlled

by using Global Secure Access.

What should you do first in each branch office?

Options :

A : Configure an Intune policy to deploy the Global Secure Access client to each device

B : Configure an IPsec tunnel on the router.

C : Install the Microsoft Entra private network connector on the file server.

D : Configure an Intune policy to onboard Microsoft Defender for Endpoint to each device.

Answer: B

Question 4

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating

the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports

controls.

Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Question 5

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?

Options :

A : app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

B : adaptive application controls in Defender for Cloud

C : Azure Security Benchmark compliance controls m Defender for Cloud

D : app protection policies in Microsoft Endpoint Manager

Answer: B

Higher Test Marks with Free Online SC-100 Exam Practice

Buying Options: