SC-100 Free Practice Test

- (Exam Topic 3)
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance. What should you do first?

1. A. From Defender for Cloud, review the secure score recommendations.
2. B. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.
3. C. From Defender for Cloud, review the Azure security baseline for audit report.
4. D. From Defender for Cloud, add a regulatory compliance standard.

Correct Answer: D
https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regula

- (Exam Topic 3)
You are designing the encryption standards for data at rest for an Azure resource
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
Your company has devices that run either Windows 10, Windows 11, or Windows Server. You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?

1. A. Microsoft Intune
2. B. Policy Analyzer
3. C. Local Group Policy Object (LGPO)
4. D. Windows Autopilot

Correct Answer: B
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework

- (Exam Topic 1)
You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

1. A. Azure Key Vault
2. B. GitHub Advanced Security
3. C. Application Insights in Azure Monitor
4. D. Azure DevTest Labs

Correct Answer: B
https://docs.microsoft.com/en-us/learn/modules/introduction-github-advanced-security/2-what-is-github-advanc

- (Exam Topic 3)
Your company has Microsoft 365 E5 licenses and Azure subscriptions.
The company plans to automatically label sensitive data stored in the following locations:
• Microsoft SharePoint Online
• Microsoft Exchange Online
• Microsoft Teams
You need to recommend a strategy to identify and protect sensitive data.
Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Solution:
Box 1: Groups and sites Box 2: Groups and sites Box 3: Files and emails –
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide Go to label scopes

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A