SC-100

Questions and Answers

What is the most effective way to prevent SQL Server administrators from accessing sensitive data stored in specific columns of a database?

Dynamic data masking

Transparent Data Encryption (TDE)

Always Encrypted (correct)

Transport Layer Security (TLS)

Which solution should be recommended to prevent attackers from obtaining administrative permissions in Azure?

Azure Active Directory

Azure Backup

Azure Update Management

Privileged Access Management (PAM) (correct)

What happens if a website is removed but its custom domain remains in the DNS registrar?

The DNS entry will point to a non-existent resource. (correct)

The custom domain will redirect to another website.

Traffic will be automatically rerouted to a backup server.

The domain will expire immediately.

Which method is designed to provide encryption during the transfer of data between applications and databases?

Transport Layer Security (TLS)

What strategy should be included when designing security controls for web applications to defend against unauthorized access?

Application security controls

When considering Azure Virtual Network configuration, which of the following options is least likely to enhance security?

Public IP address assignment

Which option is considered a proactive approach to managing access and permissions in an Azure environment to mitigate ransomware attacks?

Privileged Access Management (PAM)

Which of the following strategies helps to secure critical operations in Azure Backup during a ransomware attack?

Require PINs for critical operations

What role does Azure Monitor play in the context of ransomware incident response?

It tracks and notifies changes in backup configurations.

In the context of Azure Managed Identities, which statement is correct regarding their functionality?

Managed Identities allow for authentication to Azure services without storing credentials.

Why might soft delete for backups be considered less optimal in a ransomware attack?

It does not prevent malicious deletion or alteration.

Which of the following measures does NOT directly address the risk of backup availability during a ransomware attack?

Encrypt backups using customer-managed keys (CMKs)

In case of a ransomware incident, immediate notification of backup configuration changes can help in which aspect?

Identifying and mitigating unauthorized changes quickly

What is a significant limitation of performing offline backups to Azure Data Box as a ransomware defense strategy?

It does not allow real-time backup integration.

Which approach enhances the security of backups by involving authorized personnel in critical operations?

Requiring PINs for critical operations

What can be a consequence of not monitoring backup configurations in Azure?

Delayed alert for unauthorized changes

Which feature should be described to enhance data discovery in Microsoft Purview?

Data Catalog

What is a recommended strategy to mitigate the impact of ransomware attacks?

Refine backup and restore procedures

Which component of the Zero Trust RaMP focuses on ransomware recovery readiness?

Data, compliance, and governance

Which of the following is NOT a focus area for reducing ransomware attack impacts?

Implementing data loss protection (DLP) policies

In the context of Azure, what key strategy supports determined ransomware recovery processes?

Data, compliance, and governance practices

What important element should be included in a resiliency strategy against potential ransomware threats?

Providing user education on risks

Which feature is critical in Microsoft Purview for automating data classification?

Automated scanning and classification system

Which recommendation should NOT be prioritized for reducing organizational impact during a ransomware attack?

Delaying incident response procedures

Which of the following policies is correctly identified as a way to enhance security by blocking legacy authentication?

Enable Conditional Access policies to block legacy authentication

Microsoft Intune is a deployment collection of technologies for setting up and preconfiguring Windows devices.

False

What is the role of multi-factor authentication (MFA) in enhancing security?

MFA requires users to provide multiple forms of verification, increasing account security.

To remotely manage devices and validate compliance health, you should include ______ in your security solution.

Microsoft Intune

Match the following security measures with their corresponding benefits:

Multi-factor authentication (MFA) = Increases account security Conditional Access policies = Blocks legacy authentication Microsoft Intune = Manages device compliance and features Microsoft Defender for Endpoint = Protects against threats

Which of the following statements is true regarding the Microsoft Secure Score?

It provides points for blocking legacy authentication.

Enabling Security defaults ensures that organizations receive full points for following recommended actions without exception.

False

Name one capability of Microsoft Defender for Endpoint.

It helps prevent, detect, investigate, and respond to advanced threats.

Which of the following is a key strategy for modern perimeter design?

Establishing a modern perimeter

Azure landing zones provide a way to manage resources across multiple applications without isolation.

False

What is the purpose of Azure Lighthouse in a multi-tenant configuration?

To enable access and management of different tenants without using different accounts.

Subscriptions for application resources are called __________.

application landing zones

Match the following Azure concepts with their definitions:

Azure Lighthouse = Allows multi-tenant management from a single account Application landing zones = Subscriptions for application resources Platform landing zones = Subscriptions for platform resources Modern perimeter = Intercepts authentication requests

What should be recommended for architecture that aligns with the Microsoft Cloud Adoption Framework?

Azure landing zones

Management groups are the best option for isolating resources in Azure.

False

What type of workspace allows access to Microsoft Sentinel without using separate accounts?

Azure Lighthouse

To intercept authentication requests versus network traffic, one must establish a __________.

modern perimeter

What is a key characteristic of Azure landing zones?

They provide subscription isolation for resources.

Which two tasks should you include in the design to address posture and vulnerability management controls PV-2 and PV-7?

Turn off remote debugging

Microsoft Defender for Cloud Apps is effective for detecting unusual behavior in cloud applications.

True

What is the primary goal of conducting regular red team operations?

To simulate attacks and test security defenses.

Microsoft Defender for Cloud Apps can search for more than ________ SaaS applications.

31,000

Match the management tasks with their relevant posture improvement:

Conduct regular penetration testing = Verifying application security Enable resource logs = Monitoring ongoing activity Turn off remote debugging = Preventing unauthorized access Backup and Restore = Data recovery strategy

Which functionality of Microsoft Defender for Cloud Apps is important for application management?

Detecting unauthorized access

Turn off remote debugging is a task that helps enforce secure configurations.

True

Name one reason why enabling resource logs is essential in security management.

It helps to monitor and audit activities within applications.

The ability to ________ existing application deployments is critical for ensuring compliance.

inventory

Which of the following features allows Microsoft Defender for Cloud Apps to assess risk levels?

Analyze high-risk usage

Which two solutions are recommended to ensure the security operations team can access the security logs and the operation logs while the IT operations team can only access the operations logs?

Resource-based role-based access control (RBAC)

The Enhanced Security Admin Environment (ESAE) is specifically tailored for cloud-based environments following a Zero Trust model.

False

What does OSA provide in the context of operational security?

Guidelines and best practices for operational security.

RaMP is the most aligned framework for adopting a privileged identity strategy based on the __________ model.

Zero Trust

Match the following components with their respective functions:

ESAE = Isolated admin environments for on-premises infrastructure OSA = Operational security guidelines and best practices RaMP = Privileged identity strategy in a Zero Trust model Azure Sentinel = Security event monitoring and analysis

Which Azure service is recommended to automate workflow for evaluating and remediating alerts in Microsoft Defender for Cloud?

Azure Logic Apps

Automation in security programs can help improve response times and ensure consistency in processes.

True

What is the main purpose of the eDiscovery (Premium) feature?

To preserve, collect, analyze, review, and export content for investigations.

The cloud-based service for automating workflows in Azure is known as __________.

Logic Apps

Match the following Azure services with their primary functions:

Azure Monitor = Monitoring services and generating alerts Azure Functions = Event-driven serverless compute Logic Apps = Automating workflows and integrations Event Hubs = Stream data from applications

Which of the following statements is true regarding Azure Logic Apps?

They can automate workflows across multiple services.

Using Azure Functions apps is preferred for quick workflow automation in Microsoft Defender for Cloud.

False

What is one key benefit of automating security workflows?

Reduces overhead.

To trigger automated actions upon security alerts, Microsoft Defender for Cloud utilizes __________.

Logic Apps

What role does eDiscovery (Premium) serve in an organization?

Handling content for investigations

Which framework is most aligned for rapidly adopting a privileged identity strategy in a Zero Trust model for Azure?

Rapid Authentication Management Program (RaMP)

What is the primary function of the Log Analytics agent in relation to Microsoft Sentinel?

To collect data in custom log formats for analysis

Which aspect does Microsoft Operational Security Assurance (OSA) NOT directly address?

Strategic creation of privileged identity designs

Which of the following solutions would be least effective in ensuring that the IT operations team can access specific operational logs?

Using Azure Active Directory (Azure AD) Conditional Access policies

In relation to deploying Microsoft Sentinel, which is NOT a critical consideration for the security operations team?

Data compliance within regulatory frameworks

Which capability of Microsoft Defender for Cloud is included for free in the Foundational CSPM plan?

Centralized policy management

What is the required subnet address range when creating the AzureBastionSubnet for Azure Bastion deployment?

/26 or larger

Which aspect is a key feature of Azure Landing Zones?

They facilitate consistent and secure initial standards for resource deployment.

What does the PV-1 MCSB control focus on in cloud security management?

Creating secure configurations baselines for resource types

Which option is NOT a capability you can enable with Microsoft Defender for Cloud?

Compliance benchmarking for on-premises resources

In the context of posture and vulnerability management, which of the following tasks corresponds to PV-2?

Establishing a baseline for secure resource configurations

What is the primary purpose of the Microsoft Cloud Security Benchmark (MCSB)?

To provide guidance for secure configurations in various cloud services

Which aspect does the 'cloud security explorer' capability of Microsoft Defender cover?

Identifying misconfigurations and vulnerabilities within cloud resources

What is the primary benefit of integrating Microsoft Purview with Microsoft Defender for Cloud?

Enhanced visibility into data sensitivity

Which component of Microsoft Sentinel is specifically designed to create customized visual reports for security operations?

Workbooks

What role does Microsoft Purview primarily play in an organization's cloud security strategy?

Providing insights into data classification and sensitivity

Which aspect of Microsoft Sentinel's functionality allows for immediate visualization after data source connections are made?

Instant visualization and analysis

How does Microsoft Sentinel enhance the effectiveness of security operations teams?

Through providing customizable dashboards and analytical tools

What is a common challenge for security teams when managing data resources in cloud environments?

Difficulty in identifying sensitive data

In what way can security teams prioritize their focus on data resources?

Through the integration of insight tools like Microsoft Purview

What kind of analytics capabilities do workbooks in Microsoft Sentinel provide?

Interactive reports combining metrics and logs

Which of the following features makes workbooks particularly valuable for a security operations team?

Ease of creating custom visualizations using multiple data inputs

What should security teams primarily focus on due to the threat posed by malicious actors targeting data resources?

Identifying and securing sensitive data resources

What is the recommended approach for organizations to secure privileged identities?

Implement Azure AD Privileged Identity Management (PIM)

Which of the following best describes the checklist approach outlined for Zero Trust deployment?

It organizes deployment objectives into a set of project management steps.

What does ransomware recovery readiness entail in the Zero Trust model?

Establishing a proactive plan with measures for data restoration.

Which method is suggested for validating trust for all access requests?

Explicitly validating trust for each access request.

What is one of the key components in modernizing security operations within a Zero Trust framework?

Streamlining response procedures for quicker mitigation.

What is a significant difference between RaMP guidance and traditional deployment methods?

RaMP organizes guidance into broader initiatives rather than specific tasks.

When considering advanced security architectures, which of the following is a valid reason for using the Enhanced Security Admin Environment (ESAE)?

It is suitable for custom configurations with complex needs.

What is one of the core objectives for protecting administrative user accounts within the Zero Trust model?

To deploy secured privileged access controls.

What role does stakeholder accountability play in the RaMP approach?

It helps in clearly defining tasks and responsibilities for project implementation.

Which solution specifically addresses privacy risk management for personal data in a Microsoft 365 environment?

Privacy Risk Management in Microsoft Priva

What is the primary function of Privacy Risk Management policies in Microsoft Priva?

To serve as internal guides for identifying privacy risks

Which of the following capabilities does Privacy Risk Management in Microsoft Priva NOT provide?

Analyze employee work habits and productivity

What is a significant limitation of using Microsoft Viva Insights in relation to data privacy management?

It focuses on employee productivity and not data privacy.

Why is Advanced eDiscovery not suitable for ongoing privacy risk management?

It is built for data discovery in response to legal inquiries.

Which user activity could significantly benefit from recommendations provided by Privacy Risk Management in Microsoft Priva?

Transferring personal data across different regions

In terms of personal data management, what feature of Privacy Risk Management is essential for limiting data exposure?

Detecting overexposed personal data

What type of recommendations does Privacy Risk Management in Microsoft Priva provide to users?

Guidance to mitigate privacy risks in personal data handling

To whom are Privacy Risk Management policies primarily directed?

All employees responsible for personal data

The append effect in Azure Policy only marks a policy as noncompliant for new resources.

False

Just In Time provisioning is the recommended solution for addressing the PV-1: Define and establish secure configurations MCSB control.

False

Azure Policy evaluates resources that have not been excluded or exempt.

True

For managing security tasks on Windows 11 and iOS devices, applying security baselines does not include configuring firewalls.

False

The PV-1 MCSB control emphasizes the importance of defining and establishing secure configurations.

True

Azure Landing Zones support the implementation of security standards for existing Azure resources only.

False

Each correct answer in designing a policy setting for Azure Policy must solely focus on denying policies.

False

Noncompliance in Azure Policy occurs only when new settings are implemented without prior review.

False

Playbooks in Microsoft Sentinel can only be run manually and not automatically.

False

Kusto Query Language is primarily designed for incident response orchestration.

False

Playbooks minimize the need for manual intervention by linking various security tools together.

True

Workbooks in Microsoft Sentinel are utilized for automating incident responses and alert triaging.

False

Alerts can be sent to Microsoft Teams channels as part of playbook functionality.

True

Members of the Enterprise Admins group are permitted to add or remove domains only with the approval of Domain Admins.

False

Data connectors serve the purpose of automating incident response actions.

False

The responses to detected threats can be automated through playbooks.

True

Microsoft Priva subject rights requests is specifically designed to streamline the management of personal data inquiries within compliance management.

True

The Azure Automation State Configuration tool is specifically designed for enhancing user experience in cloud management.

False

Playbooks do not support any collaborative features for handling incidents.

False

Kusto Query Language organizes data similarly to SQL with databases, tables, and columns.

True

The Microsoft cloud security benchmark (MCSB) includes controls for defining secure configurations in Azure resources.

True

The rights of the Domain Admins group allow them to implement forest-wide changes in Azure Active Directory.

False

Playbooks enhance security operations by requiring constant manual monitoring.

False

Microsoft Purview eDiscovery is the recommended solution for managing compliance-related personal data requests.

False

The Enterprise Admins group is solely responsible for raising functional levels in all domains of an AD DS forest.

True

Azure Automation State Configuration is primarily used to manage Network Security Groups in Azure.

False

Subject rights requests provide insights and workflows to assist in fulfilling data subject inquiries efficiently.

True

The recommended solution for assessing security in Azure must fully comply with Microsoft cloud security benchmark (MCSB) and SDLC practices.

True

Microsoft Defender for Endpoint provides endpoint detection and response capabilities specifically for macOS devices.

False

Security Orchestration, Automation, and Response (SOAR) capabilities in Microsoft Sentinel rely solely on manual processes.

False

Microsoft Sentinel Playbooks are integral in automating responses to security incidents within Microsoft Sentinel.

True

Microsoft Defender for Cloud provides the same level of endpoint detection and response functionalities as Microsoft Defender for Endpoint.

False

Azure Policy is primarily designed for real-time security orchestration and incident response.

False

A Microsoft Sentinel workbook is specifically designed to integrate Microsoft Sentinel with third-party security solutions.

False

Azure Event Hubs provides a straightforward integration between Microsoft Sentinel and the Splunk platform.

False

The recommended way to send security events from Microsoft Sentinel to Splunk is to use a Microsoft Sentinel data connector.

True

Azure Data Factory is tailored for real-time security event data forwarding.

False

Before endpoint users can access corporate applications again, client access tokens must be refreshed after malware removal.

True

Suspending access attempts from infected endpoints is an unnecessary step when following the Zero Trust model.

False

Workbooks in Microsoft Sentinel are designed for data integration between different SIEM platforms.

False

In the context of the Zero Trust model, specific verification of each access attempt is essential for security.

True

Malware removal from endpoints guarantees that they can immediately access corporate applications.

False

The Microsoft Sentinel Add-On for Splunk utilizes the Azure HTTP Data Collector API for security log ingestion.

True

Study Notes

Azure Backup and Security for Ransomware

• Requiring PINs for critical operations like deleting or modifying backups adds a layer of security that mitigates ransomware threats by preventing unauthorized access.
• Azure Monitor notifications for changes in backup configurations allow proactive monitoring and alert administrators to potential malicious activities.
• Enabling soft delete does not directly prevent ransomware attacks but provides an option for recovering deleted backups.
• Encrypting backups using customer-managed keys (CMKs) strengthens data protection at rest and in transit, but does not address ransomware's potential to disable backups directly.
• Offline backups to Azure Data Box offer data redundancy but require additional steps for restoration and do not integrate as seamlessly with Azure Backup for rapid recovery in a ransomware attack.

Microsoft Purview and Data Discovery

• Data Catalog is a service within Microsoft Purview Data Map that automatically scans and classifies data across on-premises and cloud environments.

Mitigating Impacts of Ransomware Attacks in Azure

• Refining backup and restore procedures are crucial for minimizing the impact of ransomware attacks.
• User education on cyber-attack prevention is essential as well.

Zero Trust RaMP and Ransomware Readiness

• The data, compliance, and governance initiative within Zero Trust RaMP prioritizes ransomware recovery readiness.

Web App Security and Domain Takeovers

• When a website is removed but its custom domain remains unregistered, the DNS entry can point to a non-existent resource, leaving the subdomain susceptible to takeover.

Data Security in Azure Workloads

• Always Encrypted is a security solution designed to encrypt sensitive data in specific database columns, preventing access even to privileged accounts without the correct encryption key.
• Dynamic data masking hides sensitive data without encrypting it, so it is not a solution to prevent malicious actors from acquiring sensitive data.
• Azure SQL Transparent Data Encryption (TDE) encrypts the entire database and backups.

Ransomware Protection and Privileged Access Management (PAM)

• Azure Backup protects data, but PAM prevents attackers from acquiring administrative permissions, limiting the potential damage.
• Azure Update Management automates operating system updates for Windows and Linux virtual machines, contributing to a more secure environment but does not directly prevent ransomware.
• Security baselines strengthen settings within specific resources but do not prevent attackers from obtaining administrative access.

Security & Compliance for Microsoft 365 & Azure

• Secure Score awards points for recommended actions
  • Enabling MFA for all users (9 points)
  • Enabling MFA for all users in admin roles (10 points)
  • Blocking legacy authentication (7 points)
• Intune is used to manage devices
  • Supports Windows, Android, iOS/iPadOS, macOS
  • Controls device features, validates compliance, and remote actions (lock, restart, locate, factory reset)

Secure Web App Design

• Microsoft Cybersecurity Reference Architecture (MCRA) & Microsoft Cloud Security Benchmark (MCSB) provide design principles
  • PV-2: Audit and enforce secure configurations
    • Turn off remote debugging
  • PV-7: Conduct regular red team operations
    • Conduct regular penetration testing

Application Management Security

• Defender for Cloud Apps offers application security features
  • Detects unusual behavior related to cloud apps
  • Inventories existing applications
  • Identifies unauthorized applications
  • Assesses compliance of applications

Azure Deployment Architectures

• Azure Landing Zones provide guidance for deployment architectures
  • Platform Landing Zones are for platform resources
  • Application Landing Zones are for application resources

Securely Managing Multi-Tenant Microsoft Sentinel

• Azure Lighthouse allows secure access to Microsoft Sentinel workspaces in multiple tenants
  • Requires a single account

Automating Security Alerts and Remediation

• Microsoft Defender for Cloud uses Azure Logic Apps to automate security workflows
  • Triggers logic apps based on security alerts, recommendations, and compliance changes

Privileged Identity Management - Zero Trust

• Microsoft Azure Privileged Identity Management (RaMP)- is a framework for zero trust privileged identity management
  • This framework is designed for creating a more secure and compliant environment by managing privileged accounts and access.

Secure Hybrid Cloud Environments

• Microsoft Sentinel collects security and operations logs in hybrid environments
  • Resource-based role-based access control (RBAC) limits user access to specific logs
  • Azure Active Directory (Azure AD) Conditional Access Policies further restrict access based on conditions

Security & Compliance Requirements

• Microsoft Operational Security Assurance (OSA) provides operational security standards for compliance
• Enhanced Security Admin Environment (ESAE) is a security approach for on-premises infrastructure

Azure Landing Zones

• Azure Landing Zones provide a consistent secure standard for deploying new resources.
• PV-1: Define and establish secure configurations MCSB control defines security configuration baselines for different cloud resource types.

Microsoft Defender for Cloud

• Defender for Cloud offers free Foundational CSPM capabilities including Multicloud coverage and Centralized policy management.
• Other CSPM capabilities, such as Attack path analysis, Security governance, Cloud security explorer, are part of a paid CSPM Defender plan.

Azure Bastion

• When deploying Azure Bastion, a custom subnet named AzureBastionSubnet with a subnet address range of /26 or larger must be created.

Privacy Risk Management in Microsoft Priva

• Helps identify privacy risks in a Microsoft 365 environment with easy remediation.
• Detects overexposed personal data.
• Limits transfers of personal data.
• Identifies unused personal data.

Microsoft Sentinel

• Includes Workbooks which are customized views for analyzing security and operational events.
• Workbooks offer text, metrics, and data from various sources in a unified view.
• Combines data from Azure Monitor and other log sources.

Microsoft Sentinel Security Operations

• Custom collectors using the Log Analytics agent allow Security operations teams to access security logs and operational logs.
• Resource-based Role-based Access Control (RBAC) ensures that IT operations teams only have access to operational logs, including the event logs of servers in the perimeter network.

Microsoft 365 and Azure AD

• The customer has a Microsoft 365 subscription.
• The customer uses the free edition of Azure Active Directory (Azure AD)

Description

This quiz explores the strategies and tools in Azure Backup and Security that help mitigate ransomware threats. Key topics include the use of PINs for operations, Azure Monitor notifications, and the importance of encryption and offline backups. Test your knowledge on how these features contribute to data protection.