SC-100 Free Practice Test

- (Exam Topic 3)
Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

1. A. Azure Traffic Manager with priority traffic-routing methods
2. B. Azure Application Gateway v2 with user-defined routes (UDRs).
3. C. Azure Front Door with Azure Web Application Firewall (WAF)
4. D. Azure Firewall with policy rule sets

Correct Answer: C
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview

- (Exam Topic 3)
Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.

1. A. Azure Firewall
2. B. Azure Web Application Firewall (WAF)
3. C. Microsoft Defender for Cloud alerts
4. D. Azure Active Directory (Azure AD Privileged Identity Management (PIM)
5. E. Microsoft Sentinel

Correct Answer: AB
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

- (Exam Topic 3)
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.
In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

1. A. Linux containers deployed to Azure Container Registry
2. B. Linux containers deployed to Azure Kubernetes Service (AKS)
3. C. Windows containers deployed to Azure Container Registry
4. D. Windows containers deployed to Azure Kubernetes Service (AKS)
5. E. Linux containers deployed to Azure Container Instances

Correct Answer: AC
https://docs.microsoft.com/en-us/learn/modules/design-strategy-for-secure-paas-iaas-saas-services/9-specify-sec https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction#view-vulnerabi

- (Exam Topic 3)
Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?

1. A. insider risk management policies
2. B. data loss prevention (DLP) policies
3. C. sensitivity label policies
4. D. retention policies

Correct Answer: C
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide

- (Exam Topic 3)
You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Data Security = Access Keys stored in Azure Key Vault
Network access control = Azure Private Link with network service tags
https://docs.microsoft.com/en-us/azure/automation/automation-security-guidelines#data-security

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A