Microsoft Azure

Microsoft Cybersecurity Architect

SC-100
Popular Trending

Become a Microsoft Cybersecurity Architect by passing the SC-100 exam.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 111–120 of 147

Q111

A company has multiple Azure subscriptions and wants centralized security management. Which feature should they use?

  • A Azure AD Hierarchy
  • B Azure Policy Management
  • C Azure Management Groups
  • D Azure Security Center
Explanation Azure Management Groups allow management of subscriptions, while the others do not specifically centralize security management.
Q112

Which service automates the deployment of applications in Azure?

  • A Azure DevOps
  • B Azure Virtual Machines
  • C Azure Blob Storage
  • D Azure Active Directory
Explanation Azure DevOps provides CI/CD for applications, while the others serve different functions.
Q113

A company needs to secure its Azure resources using role-based access control (RBAC). What is the first step?

  • A Assign roles to users
  • B Create user accounts
  • C Define resource groups
  • D Choose subscription types
Explanation Defining resource groups is necessary before roles can be effectively assigned.
Q114

What happens when you enable Azure DDoS Protection Standard on a virtual network?

  • A It blocks all traffic to resources
  • B It provides only network monitoring
  • C It automatically scales network resources
  • D It offers DDoS attack mitigation
Explanation Enabling DDoS Protection Standard provides dedicated DDoS attack mitigation, which the others do not.
Q115

Which Azure service offers an API for application security testing?

  • A Azure Security Center
  • B Azure API Management
  • C Azure DevOps
  • D Azure Functions
Explanation Azure Security Center provides security recommendations including application assessments, while the others focus on APIs or DevOps workflows.
Q116

A company needs real-time threat detection for its Azure resources. Which service should they use?

  • A Azure Firewall
  • B Azure Sentinel
  • C Azure DDoS Protection
  • D Azure VPN Gateway
Explanation Azure Sentinel provides intelligent security analytics and threat intelligence, unlike the other options which serve different purposes.
Q117

What happens when you enable Azure Defender for a resource group?

  • A Only selected resource types are protected.
  • B All resources in the group are automatically protected.
  • C Defender monitors network traffic only.
  • D Protection applies after 24 hours.
Explanation Enabling Azure Defender for a resource group applies protection to all resources within it immediately, as opposed to limiting selection or delaying activation.
Q118

Which Azure service is used for threat detection in applications?

  • A Azure Security Center
  • B Azure Active Directory
  • C Azure Monitor
  • D Azure Application Insights
Explanation Azure Application Insights provides performance monitoring and can detect threats, whereas the others focus on different security or monitoring aspects.
Q119

A company needs to implement a hold on messages for compliance reasons in Azure. Which feature allows this functionality?

  • A Retention Policies
  • B In-Place Hold
  • C Azure Backup
  • D Data Loss Prevention
Explanation In-Place Hold effectively retains messages for compliance, unlike retention policies, which do not hold but may delete at a set time.
Q120

You are configuring an Azure Firewall policy. What happens when you set a rule to 'Deny' for a particular protocol?

  • A Traffic is allowed for that protocol
  • B All traffic is logged
  • C Traffic is blocked based on the rule
  • D Only some traffic is blocked
Explanation A 'Deny' rule explicitly blocks traffic, while the other options suggest allowing or logging traffic incorrectly.