SC-100 Free Sample Questions

A financial services firm, QuantumLeap Financials, is designing a Zero Trust architecture for its hybrid environment. They have a critical on-premises Active Directory Domain Services (AD DS) infrastructure and a growing footprint in Azure. A key requirement is to protect privileged administrative accounts in AD DS from pass-the-hash and other credential theft attacks originating from compromised workstations. The security architect needs to recommend a solution that isolates administrative tasks from daily user activities like email and web browsing. Which solution best meets this requirement by implementing a tiered access model?

A global logistics company, TerraNova Logistics, is migrating its infrastructure to a multi-cloud environment, using Azure, AWS, and GCP. The CISO is concerned about inconsistent permission management and the risk of privilege escalation across the different cloud platforms. They need a unified solution to discover, remediate, and monitor permissions for all identities and resources across their entire multi-cloud estate. Which Microsoft solution is specifically designed to address this Cloud Infrastructure Entitlement Management (CIEM) challenge?

An e-commerce company is building a new application on Azure Kubernetes Service (AKS). As part of their DevSecOps pipeline, they need to ensure that only approved and vulnerability-scanned container images are deployed to their production AKS cluster. The security policy dictates that any attempt to deploy an image that has not passed a security scan or is from an untrusted registry must be blocked. Which combination of Azure services should be used to enforce this policy? (Select TWO)

A healthcare organization uses Azure to store patient records in Azure SQL Database and Azure Blob Storage. They need to design a security solution that meets the following requirements: - Discover and classify sensitive patient data across all Azure data stores. - Provide a unified view of data security posture and identify potential threats to the data. - Detect anomalous activities, such as unusual data access or potential SQL injection attacks, against the data stores. Which two Microsoft Defender plans should be central to this design? (Select TWO)

A manufacturing company, Aperture Dynamics, is implementing Microsoft Sentinel as its SIEM. They have a hybrid environment with on-premises servers, Azure VMs, and several Microsoft 365 services. The security operations team needs to automate the initial triage and response to common alerts, such as impossible travel alerts from Azure AD Identity Protection. The automation must post a message in a specific Microsoft Teams channel for the on-duty analyst, temporarily disable the user account, and create a high-priority ticket in ServiceNow. Which Microsoft Sentinel feature should be used to build this automated workflow?

Stellaron Corp is designing a network security architecture for their Azure environment. They want to inspect all outbound internet traffic from their virtual networks to prevent data exfiltration and enforce corporate web policies. Additionally, they need to inspect traffic between spoke virtual networks that are peered to a central hub VNet. The solution must be a managed, cloud-native service that offers advanced threat protection, including TLS inspection and intrusion detection and prevention systems (IDPS). Which Azure service should be deployed in the hub VNet to meet all these requirements?

True or False: When designing a resiliency strategy against ransomware, the primary focus should be on implementing advanced threat detection tools like EDR, with backup and recovery solutions being a secondary consideration.

A university needs to provide secure access to on-premises legacy web applications for its researchers, who often work remotely. The university wants to avoid using a traditional VPN and instead adopt a Zero Trust approach. The solution must integrate with their existing Azure Active Directory for authentication, enforce Conditional Access policies like requiring MFA, and not require opening inbound ports on their on-premises firewall. Which service should the university's security architect recommend?

A retail company is expanding its use of Microsoft 365 and is concerned about data leakage through both managed and unmanaged devices. A security architect must design a solution that provides visibility into cloud app usage, including discovering 'shadow IT' applications. The solution must also enforce granular session controls for sanctioned apps, such as blocking downloads of sensitive files to unmanaged devices. Which Microsoft 365 security service is the primary tool for achieving these Cloud Access Security Broker (CASB) functionalities?

You are designing a security architecture for a new Azure environment. To align with the Microsoft Cloud Adoption Framework (CAF), you must ensure that all newly deployed resources automatically adhere to corporate security standards, such as enforcing specific NSG rules, enabling encryption, and restricting public IP addresses. What is the most effective way to implement this governance and security requirement at scale for all new subscriptions and resource groups?