Free Practice Microsoft SC-100 Exam Questions 2025

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluatingthe Azure Security Benchmark V3 report.In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.You need to recommend configurations to increase the score of the Secure management portscontrols.Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.Does this meet the goal? 

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by usingMicrosoft Intune.You are designing a privileged access strategy based on the rapid modernization plan (RaMP). Thestrategy will include the following configurations:Each user in Group1 will be assigned a Windows 11 device that will be configured as a privilegedaccess device.The Security Administrator role will be mapped to the privileged access security level.The users in Group1 will be assigned the Security Administrator role.The users in Group2 will manage the privileged access devices.You need to configure the local Administrators group for each privileged access device. The solutionmust follow the principle of least privilege.What should you include in the solution? 

Your on-premises network contains an Active Directory Domain Services (AD DS) domain namedcorpxontoso.com and an AD DS-integrated application named App1.Your perimeter network contains a server named Server1 that runs Windows Server.You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.You plan to implement a security solution that will include the following configurations:Manage access to App1 by using Microsoft Entra Private Access.Deploy a Microsoft Entra application proxy connector to Server1.Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.  For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.You need to maximize security for the planned implementation. The solution must minimize theimpact on the connector.Which rule should you remove?

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluatingthe Azure Security Benchmark V3 report.In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.You need to recommend configurations to increase the score of the Secure management portscontrols.Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.Does this meet the goal? 

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?