Microsoft Azure

Microsoft Cybersecurity Architect

SC-100
Popular Trending

Become a Microsoft Cybersecurity Architect by passing the SC-100 exam.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 71–80 of 147

Q71

A company needs to comply with GDPR and must ensure data residency in Europe. Which service feature should they utilize?

  • A Regional services deployment
  • B Azure AD Premium
  • C Global subscription
  • D Cross-region resource sharing
Explanation Utilizing regional services deployment ensures data stays within specified geographic boundaries; the other options do not directly address data residency.
Q72

What happens when you configure a network security group (NSG) rule with 'DenyAll' at the subnet level?

  • A Access is blocked for all VMs
  • B Traffic is logged but allowed
  • C Only inbound traffic is denied
  • D Only outbound traffic is denied
Explanation A 'DenyAll' NSG rule blocks all incoming and outgoing traffic at that level; the others suggest incorrect effects or limited scope.
Q73

Which Azure service is primarily used for managing user identities?

  • A Azure Active Directory
  • B Azure Blob Storage
  • C Azure Functions
  • D Azure Virtual Network
Explanation Azure Active Directory manages identities, while others serve different purposes.
Q74

A company needs to ensure that all data traffic to Azure services is encrypted. Which feature should they enable?

  • A Azure ExpressRoute
  • B End-to-end encryption
  • C Network Security Groups
  • D Application Gateway
Explanation End-to-end encryption ensures all traffic is secure, while others focus on isolation or filtering.
Q75

What happens when an Azure Policy is assigned a resource group but is set to deny 'Microsoft.Sql/servers/write'?

  • A SQL servers can be created.
  • B SQL servers can be updated.
  • C SQL servers cannot be created.
  • D SQL servers can be deleted.
Explanation The policy explicitly denies the creation of SQL servers, preventing any new instances.
Q76

Which service provides centralized logging for Azure resources?

  • A Azure Log Analytics
  • B Azure Blob Storage
  • C Azure Functions
  • D Azure Data Lake
Explanation Azure Log Analytics allows for consolidation and analysis of logs from various Azure services, while the other options serve different purposes.
Q77

A company needs to restrict access to specific resources based on user location. What should they implement?

  • A Azure Security Center
  • B Condition Access Policies
  • C Network Security Groups
  • D Azure AD Roles
Explanation Conditional Access Policies can restrict access based on user attributes like location, while the other options do not specifically offer location-based restrictions.
Q78

What happens when you set a key vault secret's 'content type' to 'application/json'?

  • A Limits secret value to JSON only
  • B Allows secret to be accessed via REST
  • C No effect on usage
  • D Changes encryption method
Explanation Setting the content type to 'application/json' does not restrict its usage, while the other options incorrectly interpret its effects.
Q79

Which service provides advanced threat protection for Azure resources?

  • A Azure Sentinel
  • B Azure Firewall
  • C Azure Policy
  • D Azure Load Balancer
Explanation Azure Sentinel offers intelligent security analytics, while the others focus on networking or policy governance.
Q80

A company needs to identify which users access Azure resources during suspicious hours. Which Azure feature should they use?

  • A Azure Monitor
  • B Azure Security Center
  • C Azure AD Sign-In Logs
  • D Azure Key Vault
Explanation Azure AD Sign-In Logs provide detailed user access logs, while the others serve different purposes.