SC-100 Free Practice Test

- (Exam Topic 3)
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements-.
• Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
• Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Graphical user interface Description automatically generated

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

1. A. activity policies in Microsoft Defender for Cloud Apps
2. B. sign-in risk policies in Azure AD Identity Protection
3. C. device compliance policies in Microsoft Endpoint Manager
4. D. Azure AD Conditional Access policies
5. E. user risk policies in Azure AD Identity Protection

Correct Answer: A
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-loca https://docs.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules

- (Exam Topic 3)
A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

You need to design an identity strategy for the app. The solution must meet the following requirements:
• Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.
• Be managed separately from the identity store of the customer.
• Support fully customizable branding for each app.
Which service should you recommend to complete the design?

1. A. Azure Active Directory (Azure AD) B2C
2. B. Azure Active Directory (Azure AD) B2B
3. C. Azure AD Connect
4. D. Azure Active Directory Domain Services (Azure AD DS)

Correct Answer: A
https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-facebook?pivots=b2c-user-flow https://docs.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-user-flow

- (Exam Topic 3)
You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.
What should you recommend as part of the landing zone deployment?

1. A. service chaining
2. B. local network gateways
3. C. forced tunneling
4. D. a VNet-to-VNet connection

Correct Answer: A
https://docs.microsoft.com/en-us/learn/modules/configure-vnet-peering/5-determine-service-chaining-uses

- (Exam Topic 3)
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware. The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

1. A. Microsoft Defender for Endpoint reports the endpoints as compliant.
2. B. Microsoft Intune reports the endpoints as compliant.
3. C. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
4. D. The client access tokens are refreshed.

Correct Answer: CD
https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens