ExamGecko
Home / Microsoft / SC-100 / List of questions
Ask Question

Microsoft SC-100 Practice Test - Questions Answers, Page 10

Add to Whishlist

List of questions

Question 91

Report Export Collapse

Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

Microsoft SC-100 image Question 72 107683 10052024010833000000

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend implementing Azure Front Door with Azure Web Application Firewall (WAF). Does this meet the goal?

Yes

Yes

No

No

Suggested answer: B
Explanation:

ttps://www.varonis.com/blog/securing-access-azure-webapps

asked 05/10/2024
Do Hien
52 questions

Question 92

Report Export Collapse

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

adaptive application controls in Defender for Cloud

adaptive application controls in Defender for Cloud

Azure Security Benchmark compliance controls m Defender for Cloud

Azure Security Benchmark compliance controls m Defender for Cloud

app protection policies in Microsoft Endpoint Manager

app protection policies in Microsoft Endpoint Manager

Suggested answer: B
Explanation:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/recommendations-reference#compute- recommendations

asked 05/10/2024
Calin-Alin Stoenescu
46 questions

Question 93

Report Export Collapse

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All the on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

• Ensure that the security operations team can access the security logs and the operation logs.

• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Azure Active Directory (Azure AD) Conditional Access policies

Azure Active Directory (Azure AD) Conditional Access policies

a custom collector that uses the Log Analytics agent

a custom collector that uses the Log Analytics agent

resource-based role-based access control (RBAC)

resource-based role-based access control (RBAC)

the Azure Monitor agent

the Azure Monitor agent

Suggested answer: C, D
Explanation:

https://docs.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent

asked 05/10/2024
Mark Hughes
36 questions

Question 94

Report Export Collapse


Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

Microsoft SC-100 image Question 75 107686 10052024010833000000

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend implementing Azure Key Vault to store credentials.

Yes

Yes

No

No

Suggested answer: B
Explanation:

When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.

asked 05/10/2024
karl hickey
46 questions

Question 95

Report Export Collapse

HOTSPOT

You open Microsoft Defender for Cloud as shown in the following exhibit.

Microsoft SC-100 image Question 76 107687 10052024010833000000

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Microsoft SC-100 image Question 95 107687 10052024010833000
Correct answer: Microsoft SC-100 image answer Question 95 107687 10052024010833000
Explanation:

Selection 1: NSG

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-control-restrict-unauthorized-network-access/ba-p/1593833 Selection 2: Microsoft Defender for servers

Enable endpoint protection - Defender for Cloud checks your organization's endpoints for active threat detection and response solutions such as Microsoft Defender for Endpoint or any of the major solutions shown in this list.

When an Endpoint Detection and Response (EDR) solution isn't found, you can use these recommendations to deploy Microsoft Defender for Endpoint (included as part of Microsoft Defender for servers). Incorrect:

Not Microsoft Defender for Resource Manager:

Microsoft Defender for Resource Manager does not handle endpoint protection.

Microsoft Defender for Resource Manager automatically monitors the resource management operations in your organization, whether they're performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. Defender for Cloud runs advanced security analytics to detect threats and alerts you about suspicious activity.

Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

asked 05/10/2024
Jeffrey Ding
36 questions

Question 96

Report Export Collapse

HOTSPOT

You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:

• Windows 11 devices managed by Microsoft Intune

• Azure Storage accounts

• Azure virtual machines

What should you use to evaluate the components? To answer, select the appropriate options in the answer area.


Microsoft SC-100 image Question 96 107688 10052024010833000
Correct answer: Microsoft SC-100 image answer Question 96 107688 10052024010833000
Explanation:

Selection 1: Microsoft 365 Defender (Microsoft Defender for Endpoint is part of it).

Selection 2: Microsoft Defender for Cloud.

Selection 3: Microsoft Defender for Cloud.https://docs.microsoft.com/en-us/learn/modules/design-strategy-for-secure-paas-iaas-saas- services/8-specify-security-requirements-for-storage-workloads

asked 05/10/2024
Liam Derwin
38 questions

Question 97

Report Export Collapse

HOTSPOT

Your company has an Azure App Service plan that is used to deploy containerized web apps. You are designing a secure DevOps strategy for deploying the web apps to the App Service plan. You need to recommend a strategy to integrate code scanning tools into a secure software development lifecycle.

The code must be scanned during the following two phases:

Uploading the code to repositories Building containers

Where should you integrate code scanning for each phase? To answer, select the appropriate options in the answer area.


Microsoft SC-100 image Question 97 107689 10052024010833000
Correct answer: Microsoft SC-100 image answer Question 97 107689 10052024010833000
Explanation:

https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about- github-advanced-security https://microsoft.github.io/code-with-engineering-playbook/automated-testing/tech-specific- samples/azdo-container-dev-test-release/

asked 05/10/2024
Ralitsa Yankova
54 questions

Question 98

Report Export Collapse

HOTSPOT

You are creating the security recommendations for an Azure App Service web app named App1.

App1 has the following specifications:

• Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.

• Users will authenticate by using Azure Active Directory (Azure AD) user accounts.

You need to recommend an access security architecture for App1.

What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Microsoft SC-100 image Question 98 107690 10052024010833000
Correct answer: Microsoft SC-100 image answer Question 98 107690 10052024010833000
Explanation:

Azure AD application

(https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-application-management) An access package in identity governance

(https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create)

asked 05/10/2024
Felomino Bacquiano II
50 questions

Question 99

Report Export Collapse

DRAG DROP

You have a Microsoft 365 subscription

You need to recommend a security solution to monitor the following activities:

• User accounts that were potentially compromised

• Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each Correct selection is worth one Point.


Microsoft SC-100 image Question 99 107691 10052024010833000
Correct answer: Microsoft SC-100 image answer Question 99 107691 10052024010833000
Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity- protection-risks https://docs.microsoft.com/en-us/defender-cloud-apps/policies-threat-protection#detect-mass- download-data-exfiltration https:// docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-users

asked 05/10/2024
Karen Vivanco
32 questions

Question 100

Report Export Collapse

HOTSPOT

Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.

Microsoft SC-100 image Question 81 107692 10052024010833000000

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements-.

• Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.

• Use Defender for Cloud to review alerts from the virtual machines.

What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Microsoft SC-100 image Question 100 107692 10052024010833000
Correct answer: Microsoft SC-100 image answer Question 100 107692 10052024010833000
Explanation:

Box 1: Data connectors -

Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel. Launch a WAF workbook (see step 7 below)

The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource. To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource:

1. Select Diagnostic settings.

2. Select + Add diagnostic setting.

3. In the Diagnostic setting page (details skipped)

4. On the Azure home page, type Microsoft Sentinel in the search bar and select the Microsoft Sentinel resource.

5. Select an already active workspace or create a new workspace.

6. On the left side panel under Configuration select Data Connectors.

7. Search for Azure web application firewall and select Azure web application firewall (WAF). Select Open connector page on the bottom right.

8. Follow the instructions under Configuration for each WAF resource that you want to have log analytic data for if you haven't done so previously.

9. Once finished configuring individual WAF resources, select the Next steps tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.

Box 2: The Log Analytics agent -

Use the Log Analytics agent to integrate with Microsoft Defender for cloud.

asked 05/10/2024
Carlotta Agape
46 questions
Total 200 questions
Go to page: of 20
Search

Related questions