Smartly Prepare Exam with Free Online SC-100 Practice Test

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an

Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the

internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

Ensure that the security operations team can access the security logs and the operation logs.

Ensure that the IT operations team can access only the operations logs, including the event logs of

the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a

complete solution. NOTE: Each correct selection is worth one point. 

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named

corpxontoso.com and an AD DS-integrated application named App1.

Your perimeter network contains a server named Server1 that runs Windows Server.

You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.

You plan to implement a security solution that will include the following configurations:

Manage access to App1 by using Microsoft Entra Private Access.

Deploy a Microsoft Entra application proxy connector to Server1.

Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.  

For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:

o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.

o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.

o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.

o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.

You need to maximize security for the planned implementation. The solution must minimize the

impact on the connector.

Which rule should you remove?

Your company has devices that run either Windows 10, Windows 11, or Windows Server.

You are in the process of improving the security posture of the devices.

You plan to use security baselines from the Microsoft Security Compliance Toolkit.

What should you recommend using to compare the baselines to the current device configurations? 

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1

and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using

Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The

strategy will include the following configurations:

Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged

access device.

The Security Administrator role will be mapped to the privileged access security level.

The users in Group1 will be assigned the Security Administrator role.

The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution

must follow the principle of least privilege.

What should you include in the solution? 

Your company has a main office and 10 branch offices. Each branch office contains an on-premises

file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The

devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet

The solution must ensure that all the web traffic from the devices in the branch offices is controlled

by using Global Secure Access.

What should you do first in each branch office?