SC-100 Free Practice Test

- (Exam Topic 3)
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 2700V2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically
What should you use?

1. A. the regulatory compliance dashboard in Defender for Cloud
2. B. Azure Policy
3. C. Azure Blueprints
4. D. Azure role-based access control (Azure RBAC)

Correct Answer: B
https://azure.microsoft.com/en-us/blog/simplifying-your-environment-setup-while-meeting-compliance-needs-w

- (Exam Topic 3)
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.
In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

1. A. Linux containers deployed to Azure Container Registry
2. B. Linux containers deployed to Azure Kubernetes Service (AKS)
3. C. Windows containers deployed to Azure Container Registry
4. D. Windows containers deployed to Azure Kubernetes Service (AKS)
5. E. Linux containers deployed to Azure Container Instances

Correct Answer: AB
https://docs.microsoft.com/en-us/learn/modules/design-strategy-for-secure-paas-iaas-saas-services/9-specify-sec https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction#view-vulnerabi

- (Exam Topic 3)
Your company has on-premises Microsoft SQL Server databases. The company plans to move the databases to Azure.
You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.
What should you include in the recommendation?

1. A. Azure SQL Managed Instance
2. B. Azure Synapse Analytics dedicated SQL pools
3. C. Azure SQL Database
4. D. SQL Server on Azure Virtual Machines

Correct Answer: A

- (Exam Topic 3)
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
• User accounts that were potentially compromised
• Users performing bulk file downloads from Microsoft SharePoint Online
What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.

Solution:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/defender-cloud-apps/policies-threat-protection#detect-mass-download-data-exf https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-users

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.

1. A. Azure Firewall
2. B. Azure Web Application Firewall (WAF)
3. C. Microsoft Defender for Cloud alerts
4. D. Azure Active Directory (Azure AD Privileged Identity Management (PIM)
5. E. Microsoft Sentinel

Correct Answer: AB
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls