Confidently Practice Online with Free SC-100 Exam Cram

You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.

You use Microsoft Defender XDR to manage the tenants of your company's customers.

You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The

solution must meet the following requirements:

The Group1 users must only be assigned the Security Operator role for the customer tenants.

The users in Group2 must be able to assign the Security Operators role to the Group1 users for the

customer tenants.

The use of guest accounts must be minimized.

Administrative effort must be minimized.

What should you include in the solution?

Your company has a hybrid cloud infrastructure that contains an on-premises Active Directory

Domain Services (AD DS) forest, a Microsoft B65 subscription, and an Azure subscription.

The company's on-premises network contains internal web apps that use Kerberos authentication.

Currently, the web apps are accessible only from the network.

You have remote users who have personal devices that run Windows 11.

You need to recommend a solution to provide the remote users with the ability to access the web

apps. The solution must meet the following requirements:

Prevent the remote users from accessing any other resources on the network.

Support Azure Active Directory (Azure AD) Conditional Access.

Simplify the end-user experience.

What should you include in the recommendation?

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1

and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using

Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The

strategy will include the following configurations:

Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged

access device.

The Security Administrator role will be mapped to the privileged access security level.

The users in Group1 will be assigned the Security Administrator role.

The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution

must follow the principle of least privilege.

What should you include in the solution? 

Note: This question is part of a series of questions that present the same scenario. Each question in

the series contains a unique solution that might meet the stated goals. Some question sets might

have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You are designing the encryption standards for data at rest for an Azure resource.

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256

keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses

Microsoft-managed keys.

Does this meet the goal? 

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate?