View All SC-100 Actual Free Exam Questions Dec 05, 2025 Updated [Q29-Q47]

Share

View All SC-100 Actual Free Exam Questions Dec 05, 2025 Updated

Pass Authentic Microsoft SC-100 with Free Practice Tests and Exam Dumps


Achieving the Microsoft SC-100 certification can help cybersecurity professionals stand out in a competitive job market and demonstrate their expertise in cybersecurity architecture. It can also lead to career advancement opportunities, such as senior security architect or cybersecurity manager roles.

 

NEW QUESTION # 29
What should you create in Azure AD to meet the Contoso developer requirements?

Answer:

Explanation:


NEW QUESTION # 30
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Defender for Endpoint reports the endpoints as compliant.
  • B. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
  • C. The client access tokens are refreshed.
  • D. Microsoft Intune reports the endpoints as compliant.

Answer: A,C

Explanation:
https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero- trust-security-approach/
https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens


NEW QUESTION # 31
Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Front Door with Azure Web Application Firewall (WAF).
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
https://www.varonis.com/blog/securing-access-azure-webapps


NEW QUESTION # 32
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 33
Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer are
a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 34
Your company has on-premises datacenters in Seattle, Chicago, and New York City.
You plan to migrate the on-premises workloads to the East US Azure region.
You need to design a governance solution for the management group hierarchy. The solution must be based on Microsoft Cloud Adoption Framework for Azure principles and must ensure that the hierarchy aligns with the Azure landing conceptual architecture.
What should you use to identify which archetype-aligned management groups to create beneath the landing zones management group?

  • A. the internal billing chargeback structure
  • B. software development lifecycle (SDLC) environments
  • C. the hybrid connectivity requirements
  • D. geographical locations

Answer: C

Explanation:
Hybrid connectivity in Azure enables you to link your on-premises infrastructure with Azure resources, facilitating a seamless integration between your existing environment and the cloud.
This requires establishing secure connections, often using VPN gateways or ExpressRoute, and managing traffic flow between the two environments. Key requirements include network connectivity, security considerations, and often specific configurations for identity and access management.
Reference:
https://learn.microsoft.com/en-us/azure/networking/hybrid-connectivity/


NEW QUESTION # 35
You have a Microsoft 365 tenant.
Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:
* Users must be able to request access to App1 by using a self-service request.
* When users request access to App1, they must be prompted to provide additional information about their request.
* Every three months, managers must verify that the users still require access to Appl.
What should you include in the design?

  • A. connected apps in Microsoft Defender for Cloud Apps
  • B. access policies in Microsoft Defender for Cloud Apps
  • C. Azure AD Application Proxy
  • D. Microsoft Entra Identity Governance

Answer: D

Explanation:
a


NEW QUESTION # 36
A customer has a Microsoft 365 E5 subscription and an Azure subscription.
The customer wants to centrally manage security incidents, analyze log, audit activity, and search for potential threats across all deployed services.
You need to recommend a solution for the customer. The solution must minimize costs.
What should you include in the recommendation?

  • A. Microsoft Defender for Cloud
  • B. Microsoft Defender for Cloud Apps
  • C. Microsoft 365 Defender
  • D. Microsoft Sentinel

Answer: D


NEW QUESTION # 37
Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud
* Access to storage accounts with firewall and virtual network configurations should be restricted,
* Storage accounts should restrict network access using virtual network rules.
* Storage account should use a private link connection.
* Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

  • A. Microsoft Sentinel
  • B. Azure Policy
  • C. Azure Network Watcher
  • D. Azure Storage Analytics

Answer: D


NEW QUESTION # 38
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.

You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: A


NEW QUESTION # 39
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.

Answer:

Explanation:


NEW QUESTION # 40
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 41
Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled.
You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.
You need to recommend an Azure AD identity Governance solution that meets the following requirements:
* Project managers must verify that their project group contains only the current members of their project team
* The members of each project team must only have access to the resources of the project to which they are assigned
* Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.
* Administrative effort must be minimized.
What should you include in the recommendation? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 42
You are planning the security levels for a security access strategy.
You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA).
Which security level should you configure for each job role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 43
Hotspot Question
Your company uses Microsoft 365 and Azure services and resources. It recently implemented a program to enhance each component of the CIA triad.
You have been asked to focus on availability for two recently- deployed web applications named finance-web-app and hr-web-app.
To complete this project, you need to design a high-availability architecture for each app, based on the following requirements:
finance-web-app:
- The solution must support Layer 7 load balancing.
- The solution must support SSL offloading.
hr-web-app:
- The solution The solution
- must facilitate high availability.
- must perform DNS-based load balancing.
What solution should you recommend for each app? To answer, select the appropriate solution from the drop-down menus.

Answer:

Explanation:

Explanation:
You should recommend Azure Application Gateway for finance-web-app. Azure Application Gateway is a cloud-based Layer 7 load balancing and traffic management service from Microsoft.
It is designed to provide high availability and network performance for web applications deployed in Azure. Application Gateway can route traffic to different back-end pools based on rules that define how the traffic should be distributed. For example, if you have multiple web servers hosting different parts of your website, you can use Application Gateway to distribute traffic among them, according to which server can best handle the request. This ensures that your users have a good experience when using your site, as they will always be directed to the server that offers the best response time. Application Gateway supports Secure Sockets Layer (SSL) offloading, which can be used to reduce compute loads on your web app endpoints.
You should recommend Traffic Manager for hr-web-app. Azure Traffic Manager is a powerful, cloud-based traffic management service that uses Domain Name System (DNS) based load balancing to control the distribution of web traffic across your Azure deployments. By routing traffic through Azure Traffic Manager, you can improve the performance, optimize the availability, and improve the resiliency of your applications.
Azure Traffic Manager works by routing requests to the optimal endpoint, based on a configured load balancing method and monitoring experience. It uses different types of monitoring data to determine which endpoint is performing best at any given moment and routes traffic accordingly.
This ensures that your users always have the best possible experience when accessing your applications.
Azure Load Balancer is a cloud-based load balancer that enables you to distribute network traffic among multiple virtual machines (VMs). By distributing network traffic, Azure Load Balancer helps you achieve high availability and scalability for your applications. Load Balancer implements Layer 4 load balancing, not Layer 7 load balancing as required by finance-web-app. Also, Azure Load balancer does not provide DNS based load balancing as required by hr-web-app.


NEW QUESTION # 44
You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements:
* Prevent the need to enable ports 3389 and 22 from the internet.
* Only provide permission to connect the virtual machines when required.
* Ensure that administrators use the Azure portal to connect to the virtual machines.
Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
  • B. Configure Azure VPN Gateway.
  • C. Enable just-in-time (JIT) VM access.
  • D. Configure Azure Bastion.
  • E. Enable Just Enough Administration (JEA).

Answer: D,E


NEW QUESTION # 45
You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:
* Encrypt cardholder data by using encryption keys managed by the company.
* Encrypt insurance claim files by using encryption keys hosted on-premises.
Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.
  • B. Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.
  • C. Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM
  • D. Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.

Answer: A,D

Explanation:
https://azure.microsoft.com/en-us/blog/customer-provided-keys-with-azure-storage-service-encryption/


NEW QUESTION # 46
You are evaluating an Azure environment for compliance. You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.
Which effect should you use in Azure Policy?

  • A. Disabled
  • B. Modify
  • C. Deny
  • D. Append

Answer: A

Explanation:
It has to be disabled since deny will send the compliance report as non-complaint.
This effect is useful for testing situations or for when the policy definition has parameterized the effect. This flexibility makes it possible to disable a single assignment instead of disabling all of that policy's assignments.
An alternative to the Disabled effect is enforcementMode, which is set on the policy assignment.
When enforcementMode is Disabled, resources are still evaluated.
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects#disabled


NEW QUESTION # 47
......

New SC-100  Exam Questions Real Microsoft Dumps: https://pass4sure.trainingquiz.com/SC-100-training-materials.html