ExamGecko
Search Search Login
Home Home / Microsoft / SC-100

Microsoft SC-100 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have legacy operational technology (OT) devices and loT devices. You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs). Does this meet the goal?
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk. You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
HOTSPOT You need to recommend a solution to meet the requirements for connections to ClaimsDB. What should you recommend using for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You are evaluating the security of ClaimsApp. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.
You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos. You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos. What should you include in the recommendation?
HOTSPOT You have an Azure subscription that contains a Microsoft Sentinel workspace named MSW1. MSW1 includes 50 scheduled analytics rules. You need to design a security orchestration automated response (SOAR) solution by using Microsoft Sentinel playbooks. The solution must meet the following requirements: * Ensure that expiration dates can be configured when a playbook runs. * Minimize the administrative effort required to configure individual analytics rules. What should you use to invoke the playbooks, and which type of Microsoft Sentinel trigger should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG) You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements: * Ensure that each time the support staff connects to a jump server; they must request access to the server. * Ensure that only authorized support staff can initiate SSH connections to the jump servers. * Maximize protection against brute-force attacks from internal networks and the internet. * Ensure that users can only connect to the jump servers from the internet. * Minimize administrative effort What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You have a hybrid Azure AD tenant that has pass-through authentication enabled. You are designing an identity security strategy. You need to minimize the impact of brute force password attacks and leaked credentials of hybrid identities. What should you include in the design? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
HOTSPOT Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online. You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams. You need to recommend an Azure AD identity Governance solution that meets the following requirements: * Project managers must verify that their project group contains only the current members of their project team * The members of each project team must only have access to the resources of the project to which they are assigned * Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days. * Administrative effort must be minimized. What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 61

Report
Export
Collapse

Your company has an office in Seattle.

The company has two Azure virtual machine scale sets hosted on different virtual networks.

The company plans to contract developers in India.

You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:

• Prevent exposing the public IP addresses of the virtual machines.

• Provide the ability to connect without using a VPN.

• Minimize costs.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Deploy Azure Bastion to one virtual network.

A.

Deploy Azure Bastion to one virtual network.

Answers
B.

Deploy Azure Bastion to each virtual network.

B.

Deploy Azure Bastion to each virtual network.

Answers
C.

Enable just-in-time VM access on the virtual machines.

C.

Enable just-in-time VM access on the virtual machines.

Answers
D.

Create a hub and spoke network by using virtual network peering.

D.

Create a hub and spoke network by using virtual network peering.

Answers
E.

Create NAT rules and network rules in Azure Firewall.

E.

Create NAT rules and network rules in Azure Firewall.

Answers
Suggested answer: A, D

Explanation:

https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure- bastion

Question 62

Report
Export
Collapse

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?

A.

dataflow

A.

dataflow

Answers
B.

system flow

B.

system flow

Answers
C.

process flow

C.

process flow

Answers
D.

network flow

D.

network flow

Answers
Suggested answer: A

Explanation:

https://docs.microsoft.com/en-us/learn/modules/tm-create-a-threat-model-using-foundational- data-flow-diagram-elements/1b-elements https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-getting- started? source=recommendations

Question 63

Report
Export
Collapse

Your company is moving a big data solution to Azure.

The company plans to use the following storage workloads:

• Azure Storage blob containers

• Azure Data Lake Storage Gen2

• Azure Storage file shares

• Azure Disk Storage

Which two storage workloads support authentication by using Azure Active Directory (Azure AD)?

Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A.

Azure Disk Storage

A.

Azure Disk Storage

Answers
B.

Azure Storage blob containers

B.

Azure Storage blob containers

Answers
C.

Azure Storage file shares

C.

Azure Storage file shares

Answers
D.

Azure Data Lake Storage Gen2

D.

Azure Data Lake Storage Gen2

Answers
Suggested answer: B, D

Question 64

Report
Export
Collapse

You are evaluating an Azure environment for compliance.

You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources. Which effect should you use in Azure Policy?

A.

Deny

A.

Deny

Answers
B.

Disabled

B.

Disabled

Answers
C.

Modify

C.

Modify

Answers
D.

Append

D.

Append

Answers
Suggested answer: B

Explanation:

Before looking to manage new or updated resources with your new policy definition, it's best to see how it evaluates a limited subset of existing resources, such as a test resource group. Use the enforcement mode Disabled (DoNotEnforce) on your policy assignment to prevent the effect from triggering or activity log entries from being created. https://docs.microsoft.com/en-us/azure/governance/policy/concepts/evaluate-impact

Question 65

Report
Export
Collapse

Your company has a Microsoft 365 E5 subscription.

The Chief Compliance Officer plans to enhance privacy management in the working environment.

You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:

• Identify unused personal data and empower users to make smart data handling decisions.

• Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.

• Provide users with recommendations to mitigate privacy risks.

What should you include in the recommendation?

A.

Microsoft Viva Insights

A.

Microsoft Viva Insights

Answers
B.

Advanced eDiscovery

B.

Advanced eDiscovery

Answers
C.

Privacy Risk Management in Microsoft Priva

C.

Privacy Risk Management in Microsoft Priva

Answers
D.

communication compliance in insider risk management

D.

communication compliance in insider risk management

Answers
Suggested answer: C

Explanation:

Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: Detect overexposed personal data so that users can secure it.Spot and limit transfers of personal data across departments or regional borders.Help users identify and reduce the amount of unused personal data that you store.https://www.microsoft.com/en-us/security/business/privacy/microsoft-priva-risk-management

Question 66

Report
Export
Collapse

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate?

A.

Data Protection

A.

Data Protection

Answers
B.

Incident Response

B.

Incident Response

Answers
C.

Posture and Vulnerability Management

C.

Posture and Vulnerability Management

Answers
D.

Asset Management

D.

Asset Management

Answers
E.

Endpoint Security

E.

Endpoint Security

Answers
Suggested answer: E

Question 67

Report
Export
Collapse

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer. You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score. Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

Configure auto provisioning.

A.

Configure auto provisioning.

Answers
B.

Assign regulatory compliance policies.

B.

Assign regulatory compliance policies.

Answers
C.

Review the inventory.

C.

Review the inventory.

Answers
D.

Add a workflow automation.

D.

Add a workflow automation.

Answers
E.

Enable Defender plans.

E.

Enable Defender plans.

Answers
Suggested answer: A, E

Explanation:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance- packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation

Question 68

Report
Export
Collapse

You have Microsoft Defender for Cloud assigned to Azure management groups.

You have a Microsoft Sentinel deployment.

During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A.

workload protections in Defender for Cloud

A.

workload protections in Defender for Cloud

Answers
B.

threat intelligence reports in Defender for Cloud

B.

threat intelligence reports in Defender for Cloud

Answers
C.

Microsoft Sentinel notebooks

C.

Microsoft Sentinel notebooks

Answers
D.

Microsoft Sentinel threat intelligence workbooks

D.

Microsoft Sentinel threat intelligence workbooks

Answers
Suggested answer: B, D

Explanation:

A: Workbooks provide insights about your threat intelligence

Workbooks provide powerful interactive dashboards that give you insights into all aspects of Microsoft Sentinel, and threat intelligence is no exception. You can use the built-in Threat Intelligence workbook to visualize key information about your threat intelligence, and you can easily customize the workbook according to your business needs. You can even create new dashboards combining many different data sources so you can visualize your data in unique ways. Since Microsoft Sentinel workbooks are based on Azure Monitor workbooks, there is already extensive documentation available, and many more templates. C: What is a threat intelligence report?

Defender for Cloud's threat protection works by monitoring security information from your Azure resources, the network, and connected partner solutions. It analyzes this information, often correlating information from multiple sources, to identify threats.

Defender for Cloud has three types of threat reports, which can vary according to the attack. The reports available are:

Activity Group Report: provides deep dives into attackers, their objectives, and tactics.

Campaign Report: focuses on details of specific attack campaigns.

Threat Summary Report: covers all of the items in the previous two reports.

This type of information is useful during the incident response process, where there's an ongoing investigation to understand the source of the attack, the attacker's motivations, and what to do to mitigate this issue in the future. Incorrect:

Not B: When to use Jupyter notebooks

While many common tasks can be carried out in the portal, Jupyter extends the scope of what you can do with this data. For example, use notebooks to:

Perform analytics that aren't provided out-of-the box in Microsoft Sentinel, such as some Python machine learning features Create data visualizations that aren't provided out-of-the box in Microsoft Sentinel, such as custom timelines and process trees Integrate data sources outside of Microsoft Sentinel, such as an on-premises data set.

Not D: Defender for Cloud offers security alerts that are powered by Microsoft Threat Intelligence. It also includes a range of advanced, intelligent, protections for your workloads. The workload protections are provided through Microsoft Defender plans specific to the types of resources in your subscriptions. For example, you can enable Microsoft Defender for Storage to get alerted about suspicious activities related to your Azure Storage accounts.

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports https://docs.microsoft.com/en-us/azure/sentinel/notebooks

Question 69

Report
Export
Collapse

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

A.

Azure Active Directory (Azure AD) Conditional Access App Control policies

A.

Azure Active Directory (Azure AD) Conditional Access App Control policies

Answers
B.

OAuth app policies in Microsoft Defender for Cloud Apps

B.

OAuth app policies in Microsoft Defender for Cloud Apps

Answers
C.

app protection policies in Microsoft Endpoint Manager

C.

app protection policies in Microsoft Endpoint Manager

Answers
D.

application control policies in Microsoft Defender for Endpoint

D.

application control policies in Microsoft Defender for Endpoint

Answers
Suggested answer: D

Explanation:

<https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender- application-control/select-types-of-rules-to-create#windows-defender-application-control-policy>- rules

Question 70

Report
Export
Collapse

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?

A.

From Defender for Cloud, review the Azure security baseline for audit report.

A.

From Defender for Cloud, review the Azure security baseline for audit report.

Answers
B.

From Defender for Cloud, add a regulatory compliance standard.

B.

From Defender for Cloud, add a regulatory compliance standard.

Answers
C.

From Defender for Cloud, enable Defender for Cloud plans.

C.

From Defender for Cloud, enable Defender for Cloud plans.

Answers
D.

From Defender for Cloud, review the secure score recommendations.

D.

From Defender for Cloud, review the secure score recommendations.

Answers
Suggested answer: C

Explanation:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance- packages#what-regulatory-compliance-standards-are-available-in-defender-for-cloud

Total 177 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms