Microsoft SC-100 Practice Test - Questions Answers, Page 13
Question list
List of questions
Related questions
Your company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure. You need to perform threat modeling by using a top-down approach based on the Microsoft Cloud Adoption Framework for Azure. What should you use to start the threat modeling process?
the STRIDE model
the DREAD model
OWASP threat modeling
Other options
You have an Azure AD tenant that syncs with an Active Directory Domain Services {AD DS) domain.
Client computers run Windows and are hybrid-joined to Azure AD.
You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices. You plan to remove all the domain accounts from the Administrators group on the Windows computers.
You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.
What should you include in the recommendation?
Local Administrator Password Solution (LAPS)
Privileged Access Workstations (PAWs)
Azure AD Privileged Identity Management (PIM)
Azure AD identity Protection
You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).
You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices. What is the first step in the recovery plan?
Disable Microsoft OneDnve sync and Exchange ActiveSync.
Recover files to a cleaned computer or device.
Contact law enforcement.
From Microsoft Defender for Endpoint perform a security scan.
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS). You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices. You need to ensure that a compromised administrator account cannot be used to delete the backups
What should you do?
From a Recovery Services vault generate a security PIN for critical operations.
From Azure Backup, configure multi-user authorization by using Resource Guard.
From Microsoft Azure Backup Setup, register MABS with a Recovery Services vault
From Azure AD Privileged identity Management (PIM), create a role assignment for the Backup Contributor role.
You have a Microsoft 365 subscription.
You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA). You need to recommend a solution that automatically restricts access to Microsoft Exchange Online.
SharePoint Online, and Teams m near-real-lime (NRT) in response to the following Azure AD events:
• A user account is disabled or deleted
• The password of a user is changed or reset.
• All the refresh tokens for a user are revoked
• Multi-factor authentication (MFA) is enabled for a user
Which two features should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
continuous access evaluation
a sign-in risk policy
Azure AD Privileged Identity Management (PIM)
Conditional Access
Azure AD Application Proxy
HOTSPOT
You are planning the security levels for a security access strategy.
You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA). Which security level should you configure for each job role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company plans to evaluate the security of its Azure environment based on the principles of the Microsoft Cloud Adoption Framework for Azure. You need to recommend a cloud-based service to evaluate whether the Azure resources comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). What should you recommend?
Compliance Manager in Microsoft Purview
Microsoft Defender for Cloud
Microsoft Sentinel
Microsoft Defender for Cloud Apps
Your company uses Azure Pipelines and Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure. You are updating the deployment process to align with DevSecOps controls guidance in the Microsoft Cloud Adoption Framework for Azure. You need to recommend a solution to ensure that all code changes are submitted by using pull requests before being deployed by the CI/CD workflow. What should you include in the recommendation?
custom roles in Azure Pipelines
branch policies in Azure Repos
Azure policies
custom Azure roles
Your company wants to optimize using Microsoft Defender for Endpoint to protect its resources against ransomware based on Microsoft Security Best Practices. You need to prepare a post-breach response plan for compromised computers based on the Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices. What should you include in the response plan?
controlled folder access
application isolation
memory scanning
machine isolation
user isolation
HOTSPOT
For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA). You need to protect against the following external threats of an attack chain:
• An attacker attempts to exfiltrate data to external websites.
• An attacker attempts lateral movement across domain-joined computers.
What should you include in the recommendation for each threat? To answer, select the appropriate options in the answer area.
Question