HOTSPOT
You have a Microsoft 365 E5 subscription. The subscription contains 1,000 devices that run Windows 11 Pro and are enrolled in Microsoft Intune. You need to recommend a Microsoft Defender for Cloud Apps solution that meets the following requirements:
When a user downloads a file from Microsoft SharePoint Online, a label must be applied to the file in real time based on the file's contents.
Only users that use Intune-compliant devices must be able to sign in to Dropbox.
Which type of policy should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription. You plan to deploy Azure Kubernetes Service (AKS) clusters that will be used to host web services. You need to recommend an ingress controller solution that will protect the hosted web services.
What should you include in the recommendation?
A. Azure Load BalancerHOTSPOT
You have a Microsoft 365 E5 subscription that uses Microsoft Teams.
Your company has an investment department and a research department. Each department has a compliance team.
You are designing a Microsoft Purview Information Barriers (IBs) solution to restrict communication between the departments.
The solution must meet the following requirements:
1. The employees in each department must only be able to communicate with the employees in their respective department.
2. The employees on the compliance team of each department must be able to communicate with the employees on the compliance team of the other department.
What is the minimum number of segments and IB policies required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have legacy operational technology (OT) devices and IoT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. active scanningYou have an Azure subscription that contains a Microsoft Sentinel workspace.
Your on-premises network contains firewalls that support forwarding event logs in the Common Event Format (CEF).
There is no built-in Microsoft Sentinel connector for the firewalls.
You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.
What should you include in the recommendation?
A. an Azure logic appDRAG DROP
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.
You have a Conditional Access policy named Policy1 that only allows workload identities from trusted locations to access SharePoint Online.
You plan to move all business-sensitive information to Site1.
You need to ensure that CAPolicy1 applies to Site1 only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.
What should you configure for each landing zone?
A. Azure DDoS Protection StandardYour company is developing an invoicing application that will use Azure AD B2C. The application will be deployed as an App Service web app.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Azure AD Conditional Access integration with user flows and custom policiesHOTSPOT
You have an Azure subscription that contains multiple apps.
The apps are deployed by using continuous integration and continuous delivery (CI/CD) pipelines in Azure DevOps.
You need to integrate static application security testing (SAST) and security smoke testing into the pipelines based on Microsoft Cloud Adoption Framework for Azure principles.
At which stage of the CI/CID process should each type of test be integrated? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).
You need to define the recovery steps for a ransomware attack that encrypted data in the subscription. The solution must follow Microsoft Security Best Practices.
What is the first step in the recovery plan?
A. From Microsoft Defender for Endpoint, perform a security scan.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.