SC-100 Free Practice Test

- (Exam Topic 3)
Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

1. A. activity policies in Microsoft Defender for Cloud Apps
2. B. sign-in risk policies in Azure AD Identity Protection
3. C. device compliance policies in Microsoft Endpoint Manager
4. D. Azure AD Conditional Access policies
5. E. user risk policies in Azure AD Identity Protection

Correct Answer: A
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-loca https://docs.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules

- (Exam Topic 3)
A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

You need to design an identity strategy for the app. The solution must meet the following requirements:
• Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.
• Be managed separately from the identity store of the customer.
• Support fully customizable branding for each app.
Which service should you recommend to complete the design?

1. A. Azure Active Directory (Azure AD) B2C
2. B. Azure Active Directory (Azure AD) B2B
3. C. Azure AD Connect
4. D. Azure Active Directory Domain Services (Azure AD DS)

Correct Answer: A
https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-facebook?pivots=b2c-user-flow https://docs.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-user-flow

- (Exam Topic 3)
You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.
What should you recommend as part of the landing zone deployment?

1. A. service chaining
2. B. local network gateways
3. C. forced tunneling
4. D. a VNet-to-VNet connection

Correct Answer: A
https://docs.microsoft.com/en-us/learn/modules/configure-vnet-peering/5-determine-service-chaining-uses

- (Exam Topic 3)
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware. The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

1. A. Microsoft Defender for Endpoint reports the endpoints as compliant.
2. B. Microsoft Intune reports the endpoints as compliant.
3. C. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
4. D. The client access tokens are refreshed.

Correct Answer: CD
https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens

- (Exam Topic 3)
You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:
• Encrypt cardholder data by using encryption keys managed by the company.
• Encrypt insurance claim files by using encryption keys hosted on-premises.
Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.
2. B. Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM
3. C. Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.
4. D. Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.

Correct Answer: AC
https://azure.microsoft.com/en-us/blog/customer-provided-keys-with-azure-storage-service-encryption/