Question 1

Your company has a main office and 10 branch offices. Each branch office contains an on-premises

file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The

devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet

The solution must ensure that all the web traffic from the devices in the branch offices is controlled

by using Global Secure Access.

What should you do first in each branch office?

Options :

A : Configure an Intune policy to deploy the Global Secure Access client to each device

B : Configure an IPsec tunnel on the router.

C : Install the Microsoft Entra private network connector on the file server.

D : Configure an Intune policy to onboard Microsoft Defender for Endpoint to each device.

Answer: B

Question 2

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?

Options :

A : app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

B : adaptive application controls in Defender for Cloud

C : Azure Security Benchmark compliance controls m Defender for Cloud

D : app protection policies in Microsoft Endpoint Manager

Answer: B

Question 3

Your company has the virtual machine infrastructure shown in the following table.

The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to

Azure.

You need to provide recommendations to increase the resiliency of the backup strategy to mitigate

attacks such as ransomware.

What should you include in the recommendation?

Options :

A : Use geo-redundant storage (GRS)

B : Use customer-managed keys (CMKs) for encryption

C : Require PINs to disable backups.

D : Implement Azure Site Recovery replication.

Answer: C

Question 4

You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options :

A : Enable Microsoft Defender for Cosmos DB.

B : Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace

C : Disable local authentication for Azure Cosmos DB.

D : Enable Microsoft Defender for Identity

E : Send the Azure Cosmos DB logs to a Log Analytics workspace.

Answer: B,C

Question 5

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options :

A : an Azure AD enterprise application

B : a retying party trust in Active Directory Federation Services (AD FS)

C : Azure AD Application Proxy

D : Azure AD B2C

Answer: C

Higher Test Marks with Free Online SC-100 Exam Practice

Buying Options: