Master the Microsoft SC-100 Exam with These Key Practice Questions and Answers

Understanding Key Azure Security and Management Solutions: Questions & Answers

In today’s cloud-driven world, businesses are constantly evolving their security and management strategies to protect sensitive data and workloads. As part of this evolution, Microsoft Azure offers a broad array of tools and services designed to provide optimal protection, efficiency, and scalability. In this post, we’ll walk through some common questions and answers related to Azure’s security and management solutions, designed to help you implement best practices in your environment.

1. Which type of backup should you recommend for Azure Recovery Services (MARS) agent to protect against ransomware attacks?

• A) A backup of directories and files on the Linux servers
• B) A full server backup on the Windows servers
• C) A system state backup on the Windows servers
• D) An application-consistent backup on the Linux servers

Answer: B) A full server backup on the Windows servers

2. Which three workload types are supported by Microsoft Azure Backup Server (MABS)?

• A) Microsoft SharePoint farm sites
• B) VMware virtual machines running Linux
• C) Oracle databases on Windows servers
• D) Volumes on Windows servers

Answer: A) Microsoft SharePoint farm sites, B) VMware virtual machines running Linux, D) Volumes on Windows servers

3. What should you include in your patch management solution for Azure VMs that run Windows Server to ensure it meets specific requirements?

• A) Azure Automation Update Management
• B) Azure Update Manager
• C) Microsoft Defender for Cloud
• D) System Center Updates Publisher

Answer: B) Azure Update Manager

4. Which service should you use to centralize the management of multiple Microsoft Sentinel instances across separate Microsoft Entra tenants?

• A) Azure Arc
• B) Azure Automation
• C) Azure Lighthouse
• D) Azure Sphere

Answer: C) Azure Lighthouse

5. Which service should be included in the solution to automate responses and remediate incidents raised by Microsoft Sentinel?

• A) Azure Automation
• B) Azure Bastion
• C) Azure Functions
• D) Azure Logic Apps

Answer: D) Azure Logic Apps

6. What are the primary objectives for a new SecOps team?

• A) Detect
• B) Hunt
• C) Prioritize
• D) Respond

Answer: A) Detect, B) Hunt, D) Respond

7. Which step should follow the detection and analysis of an incident in an incident response security workflow using the Microsoft cloud security benchmark (MCSB)?

• A) Conducting lessons learned
• B) Incident prioritization
• C) Setting up incident notification
• D) Updating incident response plan

Answer: B) Incident prioritization

8. Which dashboard in Microsoft Sentinel should you use to identify all active threat detections in the workspace?

• A) Analytics
• B) Incidents
• C) Hunting
• D) Threat intelligence

Answer: A) Analytics

9. What primary cloud control feature should you recommend to deliver a cloud adoption plan?

• A) Automated recovery
• B) Inventory reporting
• C) Performance reporting
• D) Templatized deployments

Answer: B) Inventory reporting

10. Which location should you identify for records of changes made by a provider to your Azure subscription?

• A) Azure activity log in the provider’s subscription
• B) Azure activity log in your subscription
• C) My customers page in the Azure portal
• D) My providers page in the Azure portal

Answer: B) Azure activity log in your subscription

11. What service should you use to compare permissions granted to the permissions used across multiple cloud platforms?

• A) Azure Arc
• B) Azure Lighthouse
• C) Entitlement Management
• D) Permissions Management

Answer: D) Permissions Management

12. Which feature of the enterprise access model will replace the tier O functionality of the legacy AD DS-based model?

• A) Control plane
• B) Data/workload plane
• C) Management plane
• D) User and App access

Answer: D) User and App access

13. Which outbound port must be allowed on the on-premises edge firewalls to support access to Azure virtual machines using Azure Bastion for Windows Server 2022?

• A) 443
• B) 3389
• C) 5985
• D) 5986

Answer: A) 443

14. Which outbound port must be allowed on the on-premises edge firewalls to support access to Azure virtual machines using Azure Bastion for Linux?

• A) 443
• B) 3389
• C) 5985
• D) 5986

Answer: A) 443

15. Which service should you use to isolate Active Directory Domain Services (AD DS) privileged accounts from non-privileged AD DS accounts?

• A) Entitlement Management
• B) Identity Protection
• C) Privileged Access Management (PAM)
• D) Privileged Identity Management (PIM)

Answer: D) Privileged Identity Management (PIM)

16. Which service should be installed on VMware virtual machines running Linux to provide workload protection using Microsoft Defender for Cloud?

• A) Azure Connected Machine agent
• B) Azure Linux VM agent
• C) Azure Monitor Dependency agent
• D) Log Analytics agent

Answer: D) Log Analytics agent

17. What should be deployed first to enable workload protection for on-premises VMware virtual machines running Linux with Microsoft Defender for Cloud?

• A) Azure Arc
• B) Azure Lighthouse
• C) Azure Stack
• D) Azure VMware Solution

Answer: A) Azure Arc

18. Which Microsoft Defender for Cloud option should you use to evaluate the security posture of your Azure VM deployments using the Microsoft Cloud Security Benchmark (MCSB)?

• A) Defender CSPM
• B) Defender EASM
• C) Defender for Servers Plan 1
• D) Foundational CSPM

Answer: C) Defender for Servers Plan 1

19. Which three features are available after enabling Defender for Servers on the workspace level instead of the subscription level for Azure virtual machines running Windows Server?

• A) Just-in-time (JIT) VM access
• B) Network map
• C) Threat detection
• D) Secure Score
• E) Security policy

Answer: A) Just-in-time (JIT) VM access, C) Threat detection, E) Security policy

20. Which Azure Stack product supports integrating workloads with Azure using Azure Arc?

• A) Azure IoT Edge
• B) Azure Stack Edge
• C) Azure Stack Hub
• D) Azure Stack HCI

Answer: C) Azure Stack Hub

21. Which service should you use to provide Azure Resource Manager (ARM)-based functionality for managing both Azure and on-premises resources?

• A) Azure Arc
• B) Azure Lighthouse
• C) Azure Sphere
• D) Microsoft Purview

Answer: A) Azure Arc

22. Which operating systems are supported by Microsoft Intune security baselines for device management?

• A) Windows client and macOS only
• B) Windows client, macOS, and Android only
• C) Windows client, macOS, iOS, and Android only
• D) Windows client only

Answer: C) Windows client, macOS, iOS, and Android only

23. Which web interface provides the Defender External Attack Surface Management (Defender EASM) attack surface summary?

• A) Azure portal
• B) Microsoft Defender XDR portal
• C) Microsoft Entra Admin Center
• D) Microsoft Service Trust Portal

Answer: A) Azure portal

24. Which Azure Stack product supports integrating on-premises workloads with Azure using Azure Arc?

• A) Azure IoT Edge
• B) Azure Stack Edge
• C) Azure Stack Hub
• D) Azure Stack HCI

Answer: C) Azure Stack Hub

25. Which service provides Azure Resource Manager (ARM)-based management for both Azure and on-premises resources?

• A) Azure Arc
• B) Azure Lighthouse
• C) Azure Sphere
• D) Microsoft Purview

Answer: A) Azure Arc