Question 1

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary

employees will need to access applications and data on the company' premises network.

The company's security policy prevents the use of personal devices for accessing company data and

applications.

You need to recommend a solution to provide the temporary employee with access to company

resources. The solution must be able to scale on demand.

What should you include in the recommendation?

Options :

A : Migrate the on-premises applications to cloud-based applications.

B : Redesign the VPN infrastructure by adopting a split tunnel configuration

C : Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D :

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

Question 2

You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options :

A : Enable Microsoft Defender for Cosmos DB.

B : Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace

C : Disable local authentication for Azure Cosmos DB.

D : Enable Microsoft Defender for Identity

E : Send the Azure Cosmos DB logs to a Log Analytics workspace.

Answer: B,C

Question 3

You have an Azure subscription

You plan to deploy multiple containerized microservice-based apps to Azure Kubemetes Service

(AKS)

You need to recommend a solution that meets the following requirements:

Manages secrets

Provides encryption

Secures service-to-service communication by using mTLS encryption

Minimizes administrative effort

What should you include in the recommendation?

Options :

A : Flux

B : Envoy

C : Dapr

D : Istio

Answer: D

Question 4

You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users

are assigned Microsoft 365 Â£5 licenses and the Microsoft Defender Vulnerability Management addon.

The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for

Endpoint. The Windows 11 devices are configured during deployment to comply with Center for

Internet Security (CIS) benchmarks for Windows 11.

You need to recommend a compliance solution for the Windows 11 devices. The solution must

identify devices that were modified and no longer comply with the CIS benchmarks.

What should you include in the recommendation?

Options :

A : Authenticated scan for Windows in Microsoft Defender Vulnerability Management

B : Microsoft Secure Score for Devices in Defender for Endpoint

C : attack surface reduction (ASR) rules in Defender for Endpoint

D : security baselines assessments in Microsoft Defender Vulnerability Management

Answer: D

Question 5

For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud

Security Benchmark. You need to recommend a best practice for implementing service accounts for

Azure API management. What should you include in the recommendation?

Options :

A : device registrations in Azure AD

B : application registrations m Azure AD

C : Azure service principals with certificate credentials

D : Azure service principals with usernames and passwords

E : managed identities in Azure

Answer: E

Confidently Practice Online with Free SC-100 Exam Cram

Buying Options: