Microsoft Azure

Microsoft Cybersecurity Architect

SC-100
Popular Trending

Become a Microsoft Cybersecurity Architect by passing the SC-100 exam.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 101–110 of 147

Q101

A company needs to ensure users can only access Azure resources based on need-to-know. What should they implement?

  • A RBAC
  • B VNet Peering
  • C Azure Policies
  • D NSGs
Explanation Role-Based Access Control (RBAC) restricts access effectively for this need.
Q102

You are configuring Azure Sentinel for security incident management. What happens when a new integration is added?

  • A It automatically resolves all alerts
  • B Data ingestion might increase
  • C No change occurs
  • D All existing alerts are archived
Explanation New integrations typically lead to increased data flow into Sentinel.
Q103

Which Azure service provides distributed denial-of-service (DDoS) protection?

  • A Azure DDoS Protection
  • B Azure CDN
  • C Azure Firewall
  • D Azure VPN Gateway
Explanation Azure DDoS Protection is specifically designed to mitigate DDoS attacks, while the others serve different purposes.
Q104

A company needs to audit changes made in Azure subscriptions. Which feature should they implement?

  • A Azure Policy
  • B Azure Monitor
  • C Azure Activity Log
  • D Azure Security Center
Explanation Azure Activity Log provides a record of subscription activity, while the others focus on compliance or security assessments.
Q105

You are configuring role-based access control (RBAC) for a storage account and want to limit access to only reading data. Which role should you assign?

  • A Storage Account Contributor
  • B Storage Blob Data Reader
  • C Storage Blob Data Owner
  • D Storage Blob Data Contributor
Explanation The Storage Blob Data Reader role allows read access only, while the others grant broader permissions or write access.
Q106

Which Azure service provides real-time threat detection and response?

  • A Microsoft Sentinel
  • B Azure Monitor
  • C Microsoft Intune
  • D Azure Load Balancer
Explanation Microsoft Sentinel is designed for threat detection, while the others serve different purposes.
Q107

A company needs to securely share Azure data with external partners. Which feature should they use?

  • A Public IP address
  • B Managed Identity
  • C Azure Shared Access Signatures
  • D VNet Peering
Explanation Azure Shared Access Signatures allow secure data sharing, unlike the others which do not focus on sharing data securely.
Q108

You are configuring Azure AD Identity Protection. What happens when a risky sign-in is detected?

  • A User is immediately locked out
  • B User must provide additional verification
  • C User's password is changed
  • D No action is taken
Explanation When a risky sign-in is detected, additional verification is required, unlike the other options which do not align with Azure AD's functionality.
Q109

Which Azure service can help monitor and analyze security alerts?

  • A Azure Sentinel
  • B Azure Functions
  • C Azure Logic Apps
  • D Azure DevOps
Explanation Azure Sentinel provides security management and analytics, while the other services serve different purposes.
Q110

You are configuring Azure Firewall rules for a company. What should you ensure regarding rule precedence?

  • A Allow all rules first
  • B Higher numbered rules take priority
  • C Lower numbered rules take priority
  • D Rule order is not relevant
Explanation Azure Firewall processes rules from lowest to highest numbered that matches traffic, contrary to A, B, and D.