ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 25 discussion

Actual exam question from Microsoft's SC-100
Question #: 25
Topic #: 1
[All SC-100 Questions]

You have an on-premises network and a Microsoft 365 subscription.

You are designing a Zero Trust security strategy.

Which two security controls should you include as part of the Zero Trust solution? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

  • A. Always allow connections from the on-premises network.
  • B. Disable passwordless sign-in for sensitive accounts.
  • C. Block sign-in attempts from unknown locations.
  • D. Block sign-in attempts from noncompliant devices.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by shinda at April 5, 2023, 6:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bmulvIT
Highly Voted 1 year, 5 months ago
Selected Answer: CD
MRCA slide 15 recommmends using passwordless so B is wrong.. "The top priority is to require strong multi-factor authentication (MFA), (and preferably Passwordless authentication). Attackers have easy availability to compromised username/passwords and commonly used passwords, so organizations must prioritize moving beyond password-only authentication as their first step. "
upvoted 5 times
...
JG56
Highly Voted 11 months, 1 week ago
C,D is right answer, in exam Nov 23
upvoted 5 times
...
cris_exam
Most Recent 8 months, 2 weeks ago
Selected Answer: CD
Slide 14 from MCRA: "Require separate accounts for Admins and enforce MFA/passwordless" This rules out B so I go with C & D.
upvoted 2 times
...
BlackZeros
1 year, 3 months ago
Selected Answer: BC
B seems to be the most obvious answer, since MFA on all Admin accounts is the very basic best practice. C is most likely the case since company doesnt want to have the access given to anyone outside of onprem network. D is irrelevant in this case because the devices are part of the onprem network, which is not a big threat since option C will enforce the connectivity to be from internal network only.
upvoted 1 times
jasscomp
1 year, 1 month ago
Zero Trust is about always assuming breach. MFA should ideally be enabled for everyone not just sensitive accounts.
upvoted 2 times
...
hw121693
1 year, 3 months ago
According to microsoft passwordless is the best way to protect account, better than MFA
upvoted 3 times
...
...
zellck
1 year, 5 months ago
Selected Answer: CD
CD is the answer. https://learn.microsoft.com/en-us/security/zero-trust/deploy/identity#v-user-device-location-and-behavior-is-analyzed-in-real-time-to-determine-risk-and-deliver-ongoing-protection
upvoted 4 times
...
Tictactoe
1 year, 5 months ago
BC IS CORRECT
upvoted 1 times
...
CatoFong
1 year, 5 months ago
Selected Answer: CD
CD makes the most sense to me
upvoted 3 times
...
Hanley1999
1 year, 6 months ago
Disable passwordless sign-in - as in go back to passwords? Doesn't sound like ZT to me
upvoted 2 times
...
deposros
1 year, 6 months ago
still confused, what should be the answer?
upvoted 1 times
...
edurakhan
1 year, 6 months ago
Selected Answer: CD
I don’t think A and B make any sense here
upvoted 4 times
...
shinda
1 year, 6 months ago
Selected Answer: BC
C speaks for itself but B is biometric or FIDO2 only. If they include biometric plus a password aka MFA then it would be okay
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago