Free SC-100 Exam Braindumps (page: 8)

Page 7 of 66

You have an on-premises network and a Microsoft 365 subscription.
You are designing a Zero Trust security strategy.
Which two security controls should you include as part of the Zero Trust solution? Each correct answer presents part of the solution.
NOTE: Each correct answer is worth one point.

  1. Always allow connections from the on-premises network.
  2. Disable passwordless sign-in for sensitive accounts.
  3. Block sign-in attempts from unknown locations.
  4. Block sign-in attempts from noncompliant devices.

Answer(s): C,D



You are designing a ransomware response plan that follows Microsoft Security Best Practices.
You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files.
What should you include in the recommendation?

  1. Windows Defender Device Guard
  2. Microsoft Defender for Endpoint
  3. Azure Files
  4. BitLocker Drive Encryption (BitLocker)
  5. protected folders

Answer(s): E



You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.
What should you recommend?

  1. a managed identity in Azure
  2. an Azure AD user account that has role assignments in Azure AD Privileged Identity Management (PIM)
  3. a group managed service account (gMSA)
  4. an Azure AD user account that has a password stored in Azure Key Vault

Answer(s): A



You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.
You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.
What should you recommend?

  1. The nodes must restart after the updates are applied.
  2. The updates must first be applied to the image used to provision the nodes.
  3. The AKS cluster version must be upgraded.

Answer(s): B






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

Exam Discussions & Posts