sc-100 (1).pdf
Document Details
Uploaded by Deleted User
Tags
Summary
This document is a list of questions for a quiz titled 'Questions List'.
Full Transcript
2 Questions List Questions List Question #1 8 Question #2 10 Question #3 12 Question #4 14 Question #5 16 Question #6 18 Question #7 19 Question #...
2 Questions List Questions List Question #1 8 Question #2 10 Question #3 12 Question #4 14 Question #5 16 Question #6 18 Question #7 19 Question #8 21 Question #9 23 Question #10 25 Question #11 28 Question #12 29 Question #13 32 Question #14 34 Question #15 36 Question #16 38 Question #17 41 Question #18 42 Question #19 45 Question #20 48 Question #21 51 Question #22 52 Question #23 54 Question #24 57 Question #25 60 Question #26 61 Question #27 63 Question #28 65 Page 2 of 460 3 Questions List Question #29 67 Question #30 69 Question #31 71 Question #32 73 Question #33 76 Question #34 79 Question #35 81 Question #36 83 Question #37 85 Question #38 87 Question #39 89 Question #40 91 Question #41 93 Question #42 95 Question #43 97 Question #44 98 Question #45 100 Question #46 102 Question #47 104 Question #48 107 Question #49 109 Question #50 111 Question #51 113 Question #52 115 Question #53 117 Question #54 119 Question #55 120 Question #56 122 Question #57 124 Question #58 126 Page 3 of 460 4 Questions List Question #59 130 Question #60 132 Question #61 134 Question #62 135 Question #63 137 Question #64 138 Question #65 140 Question #66 141 Question #67 142 Question #68 143 Question #69 145 Question #70 147 Question #71 149 Question #72 150 Question #73 151 Question #74 152 Question #75 153 Question #76 155 Question #77 157 Question #78 159 Question #79 161 Question #80 162 Question #81 165 Question #82 167 Question #83 168 Question #84 170 Question #85 172 Question #86 175 Question #87 179 Question #88 180 Page 4 of 460 5 Questions List Question #89 182 Question #90 183 Question #91 184 Question #92 185 Question #93 186 Question #94 189 Question #95 191 Question #96 193 Question #97 195 Question #98 198 Question #99 200 Question #100 203 Question #101 205 Question #102 207 Question #103 209 Question #104 212 Question #105 214 Question #106 217 Question #107 219 Question #108 222 Question #109 224 Question #110 225 Question #111 227 Question #112 229 Question #113 232 Question #114 234 Question #115 236 Question #116 238 Question #117 240 Question #118 242 Page 5 of 460 6 Questions List Question #119 244 Question #120 247 Question #121 249 Question #122 251 Question #123 252 Question #124 254 Question #125 256 Question #126 258 Question #127 260 Question #128 267 Question #129 274 Question #130 281 Question #131 287 Question #132 294 Question #133 300 Question #134 308 Question #135 314 Question #136 320 Question #137 327 Question #138 334 Question #139 341 Question #140 348 Question #141 354 Question #142 361 Question #143 368 Question #144 374 Question #145 380 Question #146 386 Question #147 393 Question #148 395 Page 6 of 460 7 Questions List Question #149 397 Question #150 398 Question #151 400 Question #152 402 Question #153 403 Question #154 405 Question #155 406 Question #156 408 Question #157 410 Question #158 411 Question #159 413 Question #160 414 Question #161 416 Question #162 417 Question #163 418 Question #164 420 Question #165 421 Question #166 423 Question #167 425 Question #168 427 Question #169 429 Question #170 430 Question #171 432 Question #172 434 Question #173 436 Question #174 439 Question #175 441 Question #176 443 Question #177 446 Question #178 447 Page 7 of 460 8 Microsoft - SC-100 Practice Questions - SecExams.com Question #179 449 Question #180 450 Question #181 452 Question #182 454 Question #183 455 Question #184 457 Question #185 459 Microsoft - SC-100 Practice Questions - SecExams.com SecExams - Focus Only on What's Needed to Pass! - [secexams.com] Question #1 Your company has a Microsoft 365 ES subscription. The Chief Compliance Officer plans to enhance privacy management in the working environment. You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements: ✑ Identify unused personal data and empower users to make smart data handling decisions. ✑ Provide users with notifications and guidance when a user sends personal data in Microsoft Teams. ✑ Provide users with recommendations to mitigate privacy risks. What should you include in the recommendation? A) communication compliance in insider risk management B) Microsoft Viva Insights C) Privacy Risk Management in Microsoft Priva (Correct Answer) Page 8 of 460 9 Microsoft - SC-100 Practice Questions - SecExams.com D) Advanced eDiscovery Explanation Correct Answer: C Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: Detect overexposed personal data so that users can secure it. Spot and limit transfers of personal data across departments or regional borders. Help users identify and reduce the amount of unused personal data that you store. Incorrect: Not B: Microsoft Viva Insights provides personalized recommendations to help you do your best work. Get insights to build better work habits, such as following through on commitments made to collaborators and protecting focus time in the day for uninterrupted, individual work. Not D: The Microsoft Purview eDiscovery (Premium) solution builds on the existing Microsoft eDiscovery and analytics capabilities. eDiscovery (Premium) provides an end- to-end workflow to preserve, collect, analyze, review, and export content that's responsive to your organization's internal and external investigations. Reference: https://docs.microsoft.com/en-us/privacy/priva/risk-management Community Discussion I can't still believe that I have never seen such thing while going thru the official SC-100 study material provided by Microsoft. I do have Az-500 and Az-104 so i know there are so many missing content in the mslearn, but.. this is the newest cert.. common microsoft.. and they want us to pass without using the Dump. Page 9 of 460 10 Microsoft - SC-100 Practice Questions - SecExams.com Selected Answer: C Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: Detect overexposed personal data so that users can secure it. Spot and limit transfers of personal data across departments or regional borders. Help users identify and reduce the amount of unused personal data that you store. https:// learn.microsoft.com/en-us/privacy/priva/risk-management Was in the Exam today Was in the Exam today Selected Answer: C C is the answer. https://learn.microsoft.com/en-us/privacy/priva/risk-management Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: - Detect overexposed personal data so that users can secure it. - Spot and limit transfers of personal data across departments or regional borders. - Help users identify and reduce the amount of unused personal data that you store. Question #2 You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation? A) Azure Monitor webhooks B) Azure Event Hubs C) Azure Functions apps D) Azure Logics Apps (Correct Answer) Page 10 of 460 11 Microsoft - SC-100 Practice Questions - SecExams.com Explanation Correct Answer: D The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance. Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios. Incorrect: Not C: Using Azure Functions apps would require more effort. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation Community Discussion Selected Answer: D D is the answer. https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow- automation Every security program includes multiple workflows for incident response. These processes might include notifying relevant stakeholders, launching a change management process, and applying specific remediation steps. Security experts recommend that you automate as many steps of those procedures as you can. Automation reduces overhead. It can also improve your security by ensuring the process steps are done quickly, consistently, and according to your predefined requirements. This feature can trigger consumption logic apps on security alerts, recommendations, and changes to regulatory compliance. For example, you might want Defender for Cloud to email a specific user when an alert occurs. You'll also learn how to create logic apps using Azure Logic Apps. Selected Answer: D Correct d - logic apps Correct. Logic app is required for Workflow automation creation Selected Answer: D Page 11 of 460 12 Microsoft - SC-100 Practice Questions - SecExams.com Yes. Logic Apps. Question #3 Your company is moving a big data solution to Azure. The company plans to use the following storage workloads: ✑ Azure Storage blob containers ✑ Azure Data Lake Storage Gen2 Azure Storage file shares - ✑ Azure Disk Storage Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A) Azure Storage file shares B) Azure Disk Storage C) Azure Storage blob containers (Correct Answer) D) Azure Data Lake Storage Gen2 (Correct Answer) Explanation Correct Answer: CD C: Azure Storage supports using Azure Active Directory (Azure AD) to authorize requests to blob data. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service. You can scope access to Azure blob resources at the following levels, beginning with the narrowest scope: * An individual container. At this scope, a role assignment applies to all of the blobs in the container, as well as container properties and metadata. * The storage account. * The resource group. * The subscription. * A management group. D: You can securely access data in an Azure Data Lake Storage Gen2 (ADLS Gen2) account Page 12 of 460 13 Microsoft - SC-100 Practice Questions - SecExams.com using OAuth 2.0 with an Azure Active Directory (Azure AD) application service principal for authentication. Using a service principal for authentication provides two options for accessing data in your storage account: A mount point to a specific file or path Direct access to data - Incorrect: Not A: To enable AD DS authentication over SMB for Azure file shares, you need to register your storage account with AD DS and then set the required domain properties on the storage account. To register your storage account with AD DS, create an account representing it in your AD DS. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active- directory https://docs.microsoft.com/en-us/azure/databricks/data/data-sources/azure/ adls-gen2/azure-datalake-gen2-sp-access Community Discussion The two storage workloads that support authentication by using Azure Active Directory (Azure AD) are: A. Azure Storage file shares D. Azure Data Lake Storage Gen2 Explanation: Azure Storage file shares and Azure Data Lake Storage Gen2 both support authentication using Azure AD. Azure Disk Storage and Azure Storage blob containers do not currently support Azure AD authentication. Selected Answer: CD Azure Files supports identity-based authentication for Windows file shares over SMB using three methods. On-premises AD DS authentication: Azure AD DS authentication: Azure AD Kerberos for hybrid identities: Which means the answer C & D is correct. Azure AD DS =/= Azure AD. It's impossible to sync a computer account directly to an Azure AD identity (without the placement of an AD DS or Azure AD DS to recognize the machine). Therefore, Azure Storage file shares cannot be authenticated strictly through Azure AD. Azure AD DS =/= Azure AD. It's impossible to sync a computer account directly to an Azure AD identity (without the placement of an AD DS or Azure AD DS to recognize the machine). Therefore, Azure Storage file shares cannot be authenticated strictly through Azure AD. Page 13 of 460 14 Microsoft - SC-100 Practice Questions - SecExams.com Found out why - https://learn.microsoft.com/en-us/azure/storage/files/storage-files- active-directory-overview Agree with Answer C & D Question #4 HOTSPOT - Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII). The company plans to use Microsoft Information Protection for the PII data store in Azure. You need to recommend a solution to discover PII data at risk in the Azure resources. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Explanation Correct Answer: Page 14 of 460 15 Microsoft - SC-100 Practice Questions - SecExams.com Box 1: Azure Purview - Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Microsoft Purview allows you to: Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Enable data curators to manage and secure your data estate. Empower data consumers to find valuable, trustworthy data. Box 2: Microsoft Defender for Cloud Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization's security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data. References: https://docs.microsoft.com/en-us/azure/purview/overview https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security- products Community Discussion Purview and Defender for cloud Page 15 of 460 16 Microsoft - SC-100 Practice Questions - SecExams.com The answer is correct, but it's the first time I know about Azure Purview, I thought it should be Microsoft Purview, Azure Preview is changed to Microsoft Purview ( the ans is Correct) as per my knowledge, it should be Purview and for alerting it should be Azure Monitor, Because Purview is integrated with Azure Monitor for Alerting. Correct: Azure Purview Defender for Cloud Note the new name change as of April 2022: Microsoft Purview—a comprehensive set of solutions from Microsoft to help you govern, protect, and manage your entire data estate. By bringing together the former Azure Purview and the former Microsoft 365 Compliance portfolio under one brand and over time, a more unified platform, Microsoft Purview can help you understand and govern the data across your estate, safeguard that data wherever it lives, and improve your risk and compliance posture in a much simpler way than traditional solutions on the market today. Question #5 You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft deployment. You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel? A) notebooks B) playbooks C) workbooks (Correct Answer) D) threat intelligence Explanation Correct Answer: C After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what's happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to Page 16 of 460 17 Microsoft - SC-100 Practice Questions - SecExams.com provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook. Reference: https://docs.microsoft.com/en-us/azure/sentinel/get-visibility Community Discussion Selected Answer: C C is the answer. https://learn.microsoft.com/en-us/azure/sentinel/monitor-your-data Once you have connected your data sources to Microsoft Sentinel, you can visualize and monitor the data using the Microsoft Sentinel adoption of Azure Monitor Workbooks, which provides versatility in creating custom dashboards. While the Workbooks are displayed differently in Microsoft Sentinel, it may be useful for you to see how to create interactive reports with Azure Monitor Workbooks. Microsoft Sentinel allows you to create custom workbooks across your data, and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source. Selected Answer: C Workbooks https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks- overview work book is correct (as it has dash board too) Selected Answer: C Correct Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. WorkBook is the correct Answer Page 17 of 460 18 Microsoft - SC-100 Practice Questions - SecExams.com Question #6 Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities. You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation? A) sensitivity labels B) custom user tags C) standalone sensors D) honeytoken entity tags (Correct Answer) Explanation Correct Answer: D Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. Incorrect: Not B: custom user tags - After you apply system tags or custom tags to users, you can use those tags as filters in alerts, reports, and investigation. Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-identity/entity-tags Community Discussion Selected Answer: D https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity- guide#honeytoken-activity Ans is correct as The Sensitive tag is used to identify high value assets.(user / devices / groups)Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. and Defender for Identity Page 18 of 460 19 Microsoft - SC-100 Practice Questions - SecExams.com considers Exchange servers as high-value assets and automatically tags them as Sensitive was on exam 15/06/23 honeytoken key Selected answer: D, In exam Nov 23, Question #7 Your company is moving all on-premises workloads to Azure and Microsoft 365. You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements: ✑ Minimizes manual intervention by security operation analysts ✑ Supports triaging alerts within Microsoft Teams channels What should you include in the strategy? A) KQL B) playbooks (Correct Answer) C) data connectors D) workbooks Explanation Correct Answer: B Playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps, a cloud service that helps you schedule, automate, and orchestrate tasks and workflows across systems throughout the enterprise. A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually or set to run automatically in response to specific alerts or incidents, when triggered by an analytics rule or an automation rule, respectively. Incorrect: Not A: Kusto Query Language is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. The query uses schema entities that are organized in a hierarchy similar to SQL's: Page 19 of 460 20 Microsoft - SC-100 Practice Questions - SecExams.com databases, tables, and columns. Not D: Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences. Workbooks allow users to visualize the active alerts related to their resources. Reference: https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview Community Discussion sentinel soar= playbook (logic app), so correct ans Selected Answer: B https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook? tabs=LAC Selected answer: B, In exam Nov 23, Selected Answer: B Answer is B playbooks Page 20 of 460 21 Microsoft - SC-100 Practice Questions - SecExams.com Question #8 You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks. You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack. Which two controls should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A) Enable soft delete for backups. B) Require PINs for critical operations. (Correct Answer) C) Encrypt backups by using customer-managed keys (CMKs). D) Perform offline backups to Azure Data Box. E) Use Azure Monitor notifications when backup configurations change. (Correct Answer) Explanation Correct Answer: BE Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication. As part of adding an extra layer of authentication for critical operations, you're prompted to enter a security PIN before modifying online backups. Your backups need to be protected from sophisticated bot and malware attacks. Permanent loss of data can have significant cost and time implications to your business. To help protect against this, Azure Backup guards against malicious attacks through deeper security, faster notifications, and extended recoverability. For deeper security, only users with valid Azure credentials will receive a security PIN generated by the Azure portal to allow them to backup data. If a critical backup operation is authorized, such as ג€delete backup data,ג€ a notification is immediately sent so you can engage and minimize the impact to your business. If a hacker does delete backup data, Azure Backup will store the deleted backup data for up to 14 days after deletion. E: Key benefits of Azure Monitor alerts include: Monitor alerts at-scale via Backup center: In addition to enabling you to manage the alerts from Azure Monitor dashboard, Azure Backup also provides an alert management experience tailored to backups via Backup center. This allows you to filter alerts by Page 21 of 460 22 Microsoft - SC-100 Practice Questions - SecExams.com backup specific properties, such as workload type, vault location, and so on, and a way to get quick visibility into the active backup security alerts that need attention. Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to- protect-against-ransomware https://www.microsoft.com/security/blog/2017/01/05/azure- backup-protects-against-ransomware/ https://docs.microsoft.com/en-us/azure/backup/ move-to-azure-monitor-alerts Community Discussion Selected Answer: AB https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to- protect-against-ransomware Selected Answer: AB Keyword are CONTROLS and ENSURE. So A & B both are the answer. https:// docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect- against-ransomware Selected answer: A,B, In exam Nov 23. Options B (Require PINs for critical operations), D (Perform offline backups to Azure Data Box), and E (Use Azure Monitor notifications when backup configurations change) are not directly related to ensuring the availability and restore capabilities of Azure Backup in the event of a ransomware attack. Therefore, the recommended controls to include in the strategy for protecting against ransomware attacks and ensuring the usability of Azure Backup for resource restoration are: A. Enable soft delete for backups C. Encrypt backups by using customer-managed keys (CMKs) A, C, and E are best practices for ransomware attack: https://learn.microsoft.com/en-us/ azure/backup/protect-backups-from-ransomware-faq The right answer is A, soft delete, and C, enabling CMK, to be able to restore after successful attack. If the attack deletes the data, enabled soft delete will restore it. If the attack encrypts the data, the backups that are encrypted by CMK cannot be tampered with and can be decrypted and restored. Page 22 of 460 23 Microsoft - SC-100 Practice Questions - SecExams.com Question #9 HOTSPOT - You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications: ✑ Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests. ✑ Users will authenticate by using Azure Active Directory (Azure AD) user accounts. You need to recommend an access security architecture for App1. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Explanation Correct Answer: Page 23 of 460 24 Microsoft - SC-100 Practice Questions - SecExams.com Box 1: A managed identity in Azure AD Use a managed identity. You use Azure AD as the identity provider. Box 2: An access review in Identity Governance Access to groups and applications for employees and guests changes over time. To reduce the risk associated with stale access assignments, administrators can use Azure Active Directory (Azure AD) to create access reviews for group members or application access. Reference: https://docs.microsoft.com/en-us/azure/app-service/scenario-secure-app- authentication-app-service https://docs.microsoft.com/en-us/azure/active-directory/ governance/create-access-review Community Discussion I would go for: a) Azure AD application (https://docs.microsoft.com/en-us/azure/active- directory/manage-apps/what-is-application-management) b) An access package in identity governance (https://docs.microsoft.com/en-us/azure/active-directory/ governance/entitlement-management-access-package-create) Answer is incorrect Box 1 is the Azure AD Application https://docs.microsoft.com/en-us/ azure/active-directory/develop/quickstart-register-app Box 2 is Access Package in Identity Governance https://docs.microsoft.com/en-us/azure/active-directory/ governance/entitlement-management-access-package-create got this in exam 6oct23. passed with 896 marks. I answered AZURE AD APP REGISTRATION AN ACCESS PACKAGE IN IDENTITY GOVERNANCE Selected answer: Azure AD application REGISTRATION and Access package in Identity governance, In exam Nov 23 Agreed with this one, answer is A, A Page 24 of 460 25 Microsoft - SC-100 Practice Questions - SecExams.com Question #10 HOTSPOT - Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit. You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements: ✑ Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel. ✑ Use Defender for Cloud to review alerts from the virtual machines. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Page 25 of 460 26 Microsoft - SC-100 Practice Questions - SecExams.com Explanation Correct Answer: Box 1: Data connectors - Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel. Launch a WAF workbook (see step 7 below) The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource. To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource: 1. Select Diagnostic settings. 2. Select + Add diagnostic setting. 3. In the Diagnostic setting page (details skipped) 4. On the Azure home page, type Microsoft Sentinel in the search bar and select the Microsoft Sentinel resource. 5. Select an already active workspace or create a new workspace. 6. On the left side panel under Configuration select Data Connectors. 7. Search for Azure web application firewall and select Azure web application firewall (WAF). Select Open connector page on the bottom right. 8. Follow the instructions under Configuration for each WAF resource that you want to have log analytic data for if you haven't done so previously. 9. Once finished configuring individual WAF resources, select the Next steps tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources. Box 2: The Log Analytics agent - Page 26 of 460 27 Microsoft - SC-100 Practice Questions - SecExams.com Use the Log Analytics agent to integrate with Microsoft Defender for cloud. The Log Analytics agent is required for solutions, VM insights, and other services such as Microsoft Defender for Cloud. Note: The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements. Azure Log Analytics agent - Use Defender for Cloud to review alerts from the virtual machines. The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor. Incorrect: The Azure Diagnostics extension does not integrate with Microsoft Defender for Cloud. Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel https:// docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection https:// docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview Community Discussion Page 27 of 460 28 Microsoft - SC-100 Practice Questions - SecExams.com Correct Answer For WAF - in Sentinel we have Data Conenctor For the VM - we have to install the Log analytics agent in teh VM in the cloud or on premises The ans is correct Correct Answers New name for Log Analytics Agent - Azure Monitoring Agent waf - Data connector VM - LA Agent 1. Data connectors 2. Log Analytics agent (but should use Azure Monitor Agent now) https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/azure-web- application-firewall-waf https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate Question #11 Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk. You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation? A) a Microsoft Sentinel data connector (Correct Answer) B) Azure Event Hubs C) a Microsoft Sentinel workbook D) Azure Data Factory Explanation Correct Answer: A Microsoft Sentinel Add-On for Splunk allows Azure Log Analytics and Microsoft Sentinel users to ingest security logs from Splunk platform using the Azure HTTP Data Collector API. Reference: https://splunkbase.splunk.com/app/5312/ Page 28 of 460 29 Microsoft - SC-100 Practice Questions - SecExams.com Community Discussion if data need to go to splunk then event hub. https://www.splunk.com/en_us/blog/ platform/splunking-azure-event-hubs.html Selected Answer: B B. Data connectors are for receiving data not to send data agree as i donot see any Splunk data connector in Sentinel and also no Azure Http PI connector in Sentinel agree as i donot see any Splunk data connector in Sentinel and also no Azure Http PI connector in Sentinel Event Hub is the answer: https://techcommunity.microsoft.com/t5/microsoft-sentinel- blog/azure-sentinel-side-by-side-with-splunk-via-eventhub/ba-p/2307029 Question #12 A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications. The customer discovers that several endpoints are infected with malware. The customer suspends access attempts from the infected endpoints. The malware is removed from the endpoints. Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A) The client access tokens are refreshed. (Correct Answer) B) Microsoft Intune reports the endpoints as compliant. C) A new Azure Active Directory (Azure AD) Conditional Access policy is enforced. (Correct Answer) D) Microsoft Defender for Endpoint reports the endpoints as compliant. Explanation Correct Answer: Page 29 of 460 30 Microsoft - SC-100 Practice Questions - SecExams.com AC A: When a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access/refresh token pairs when the current access token expires. Refresh tokens are also used to acquire extra access tokens for other resources. Refresh token expiration - Refresh tokens can be revoked at any time, because of timeouts and revocations. C: Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It uses a combination of endpoint behavioral sensors, cloud security analytics, and threat intelligence. The interviewees said that ג€by implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.ג€ They also noted, increased device performance and stability by managing all of their endpoints with€ג Microsoft Endpoint Manager.ג€ This had a bonus effect of reducing the number of agents installed on a user's device, thereby increasing device stability and performance. ג€For some organizations, this can reduce boot times from 30 minutes to less than a minute,ג€ the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. Implementing single sign-on (SSO), multifactor authentication (MFA), leveraging passwordless authentication, and eliminating VPN clients all further reduced friction and improved user productivity. Note: Azure AD at the heart of your Zero Trust strategy Azure AD provides critical functionality for your Zero Trust strategy. It enables strong authentication, a point of integration for device security, and the core of your user- centric policies to guarantee least-privileged access. Azure AD's Conditional Access capabilities are the policy decision point for access to resource Page 30 of 460 31 Microsoft - SC-100 Practice Questions - SecExams.com Reference: https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a- comprehensive-zero-trust-security-approach/ https://docs.microsoft.com/en-us/azure/ active-directory/develop/refresh-tokens Community Discussion Selected Answer: AB AB looks correct to me I don't think this is correct. Zero Trust its reffering to Conditional Access, so would be Microsoft Intune reports the endpoints as compliant. https://docs.microsoft.com/en-us/ mem/intune/protect/advanced-threat-protection and I assume The client access tokens are refreshed. A second thought ( why NEW conditional access policy??) so the ans seems wrong and the correct one looks like Microsoft intune reports the endpoints as compliant and The client access token are refreshed A second thought ( why NEW conditional access policy??) so the ans seems wrong and the correct one looks like Microsoft intune reports the endpoints as compliant and The client access token are refreshed A second thought ( why NEW conditional access policy??) so the ans seems wrong and the correct one looks like Microsoft intune reports the endpoints as compliant and The client access token are refreshed Page 31 of 460 32 Microsoft - SC-100 Practice Questions - SecExams.com Question #13 HOTSPOT - You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure. You plan to deploy Azure virtual machines that will run Windows Server. You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel. How should you recommend enabling each capability? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Explanation Correct Answer: Page 32 of 460 33 Microsoft - SC-100 Practice Questions - SecExams.com Box 1: Onboard the servers to Defender for Cloud. Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. Box 2: Configure Microsoft Sentinel playbooks. As a SOAR platform, its primary purposes are to automate any recurring and predictable enrichment, response and remediation tasks that are the responsibility of Security Operations Centers (SOC/SecOps). Leveraging SOAR frees up time and resources for more in-depth investigation of and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks. Reference: https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr- modernize-security-operations/ https://techcommunity.microsoft.com/t5/microsoft- sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377 Community Discussion I agree with the answer but the explanation and links are not very good. For SOAR read this https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with- playbooks Endpoint detection and response (EDR) and eXtended detection and response Page 33 of 460 34 Microsoft - SC-100 Practice Questions - SecExams.com (XDR) are both part of Microsoft Defender. https://docs.microsoft.com/en-us/ microsoft-365/security/defender/eval-overview?view=o365-worldwide Given answer is correct Gotten this in May 2023 exam. Gotten this in May 2023 exam. Agree to the answer provided. Question #14 You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD). The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment. What will necessitate an upgrade from the Azure AD Free edition to the Premium edition? A) Azure AD Privileged Identity Management (PIM) B) role-based authorization C) resource-based authorization D) Azure AD Multi-Factor Authentication (Correct Answer) Explanation Correct Answer: D Multifactor authentication (MFA), an important component of the Zero Trust Model, is missing in Azure AD Free edition. Page 34 of 460 35 Microsoft - SC-100 Practice Questions - SecExams.com Reference: https://www.microsoft.com/en-us/security/business/identity-access/azure-active- directory-pricing Community Discussion Selected Answer: A PIM is correct. MFA can be enable on AAD Free using Security Defaults. Selected Answer: A PIM is the correct. I agree. The picture in the answer shows the whole package. If we look at the detailed view, we can see that MFA is already available in Azure Free. https://www.microsoft.com/ en-us/security/business/microsoft-entra-pricing I agree. The picture in the answer shows the whole package. If we look at the detailed view, we can see that MFA is already available in Azure Free. https://www.microsoft.com/ en-us/security/business/microsoft-entra-pricing Selected Answer: A PIM is correct. It's a P2 Feature Page 35 of 460 36 Microsoft - SC-100 Practice Questions - SecExams.com Question #15 You are designing the security standards for a new Azure environment. You need to design a privileged identity strategy based on the Zero Trust model. Which framework should you follow to create the design? A) Microsoft Security Development Lifecycle (SDL) B) Enhanced Security Admin Environment (ESAE) C) Rapid Modernization Plan (RaMP) (Correct Answer) D) Microsoft Operational Security Assurance (OSA) Explanation Correct Answer: C RaMP initiatives for Zero Trust. To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives. In particular, meet these deployment objectives to protect your privileged identities with Zero Trust. 1. Deploy secured privileged access to protect administrative user accounts. 2. Deploy Azure AD Privileged Identity Management (PIM) for a time-bound, just-in-time approval process for the use of privileged user accounts. Note 1: RaMP guidance takes a project management and checklist approach: * User access and productivity 1. Explicitly validate trust for all access requests Identities - Endpoints (devices) Apps - Network - * Data, compliance, and governance 2. Ransomware recovery readiness 3. Data * Modernize security operations 4. Streamline response 5. Unify visibility 6. Reduce manual effort Note 2: As an alternative to deployment guidance that provides detailed configuration steps for each of the technology pillars being protected by Zero Trust principles, Rapid Page 36 of 460 37 Microsoft - SC-100 Practice Questions - SecExams.com Modernization Plan (RaMP) guidance is based on initiatives and gives you a set of deployment paths to more quickly implement key layers of protection. By providing a suggested mapping of key stakeholders, implementers, and their accountabilities, you can more quickly organize an internal project and define the tasks and owners to drive them to conclusion. By providing a checklist of deployment objectives and implementation steps, you can see the bigger picture of infrastructure requirements and track your progress. Incorrect: Not B: Enhanced Security Admin Environment (ESAE) The Enhanced Security Admin Environment (ESAE) architecture (often referred to as red forest, admin forest, or hardened forest) is an approach to provide a secure environment for Windows Server Active Directory (AD) administrators. Microsoft's recommendation to use this architectural pattern has been replaced by the modern privileged access strategy and rapid modernization plan (RAMP) guidance as the default recommended approach for securing privileged users. The ESAE hardened administrative forest pattern (on-prem or cloud-based) is now considered a custom configuration suitable only for exception cases listed below. What are the valid ESAE use cases? While not a mainstream recommendation, this architectural pattern is valid in a limited set of scenarios. In these exception cases, the organization must accept the increased technical complexity and operational costs of the solution. The organization must have a sophisticated security program to measure risk, monitor risk, and apply consistent operational rigor to the usage and maintenance of the ESAE implementation. Example scenarios include: Isolated on-premises environments - where cloud services are unavailable such as offline research laboratories, critical infrastructure or utilities, disconnected operational technology (OT) environments such as Supervisory control and data acquisition (SCADA) / Industrial Control Systems (ICS), and public sector customers that are fully reliant on on-premises technology. Highly regulated environments ג€" industry or government regulation may specifically require an administrative forest configuration. High level security assurance is mandated - organizations with low risk tolerance that are willing to accept the increased complexity and operational cost of the solution. Reference: https://docs.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview https:// docs.microsoft.com/en-us/security/zero-trust/user-access-productivity-validate- trust#identities https://docs.microsoft.com/en-us/security/compass/esae-retirement Community Discussion Page 37 of 460 38 Microsoft - SC-100 Practice Questions - SecExams.com Answer is correct. https://docs.microsoft.com/en-us/security/compass/security-rapid- modernization-plan This rapid modernization plan (RAMP) will help you quickly adopt Microsoft's recommended privileged access strategy. Selected Answer: C C, BillyB provides a great link. SDL and OSA are SDLC related. ESAE has been retired and replaced by RAMP. Selected Answer: C as pointed out multiple times, C (RaMP) is the correct answer. Selected Answer: B I think B. RaMP is not a recognized security framework or model Selected Answer: C https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview Question #16 A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack. The customer plans to deploy Microsoft Sentinel. You need to recommend solutions to meet the following requirements: ✑ Ensure that the security operations team can access the security logs and the operation logs. ✑ Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. Which two solutions should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A) a custom collector that uses the Log Analytics agent B) the Azure Monitor agent (Correct Answer) Page 38 of 460 39 Microsoft - SC-100 Practice Questions - SecExams.com C) resource-based role-based access control (RBAC) (Correct Answer) D) Azure Active Directory (Azure AD) Conditional Access policies Explanation Correct Answer: BC A: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. C: Microsoft Sentinel uses Azure role-based access control (Azure RBAC) to provide built- in roles that can be assigned to users, groups, and services in Azure. Use Azure RBAC to create and assign roles within your security operations team to grant appropriate access to Microsoft Sentinel. The different roles give you fine-grained control over what Microsoft Sentinel users can see and do. Azure roles can be assigned in the Microsoft Sentinel workspace directly (see note below), or in a subscription or resource group that the workspace belongs to, which Microsoft Sentinel inherits. Incorrect: A: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview https:// docs.microsoft.com/en-us/azure/sentinel/connect-custom-logs?tabs=DCG https:// docs.microsoft.com/en-us/azure/sentinel/roles Community Discussion Page 39 of 460 40 Microsoft - SC-100 Practice Questions - SecExams.com These answer options have been abridged. Other dumps say: A. Create a custom collector that uses the Log Analytics agent. B. Use the Azure Monitor agent with the multi-homing configuration. C. Implement resource-based role-based access control (RBAC) in Microsoft Sentinel. D. Configure Azure Active Directory (Azure AD) Conditional Access policies. Given the expanded answers B and C are the clear best choices. B - this use case is spelled out in exact detail. This is must be the exact wording that the question was created from https://docs.microsoft.com/en-us/azure/sentinel/best-practices-data#on- premises-windows-log-collection C - https://docs.microsoft.com/en-us/azure/sentinel/ resource-context-rbac#scenarios-for-resource-context-rbac Given the expanded answers B and C are the clear best choices. B - this use case is spelled out in exact detail. This is must be the exact wording that the question was created from https://docs.microsoft.com/en-us/azure/sentinel/best-practices-data#on- premises-windows-log-collection C - https://docs.microsoft.com/en-us/azure/sentinel/ resource-context-rbac#scenarios-for-resource-context-rbac Selected Answer: BC I agree with B & C after the expaned version of the answers The link for B also states this Servers do not connect to the internet, Use the Log Analytics gateway Configuring a proxy to your agent requires extra firewall rules to allow the Gateway to work. Page 40 of 460 41 Microsoft - SC-100 Practice Questions - SecExams.com Question #17 Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit. You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation? A) Azure Active Directory (Azure AD) enterprise applications B) an Azure App Service Environment (ASE) (Correct Answer) C) Azure service endpoints D) an Azure Active Directory (Azure AD) application proxy Explanation Correct Answer: B The Azure App Service Environment v2 is an Azure App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale. This capability can host your: Windows web apps - Linux web apps - Docker containers - Page 41 of 460 42 Microsoft - SC-100 Practice Questions - SecExams.com Mobile apps - Functions - App Service environments (ASEs) are appropriate for application workloads that require: Very high scale. Isolation and secure network access. High memory utilization. Customers can create multiple ASEs within a single Azure region or across multiple Azure regions. This flexibility makes ASEs ideal for horizontally scaling stateless application tiers in support of high requests per second (RPS) workloads. Reference: https://docs.microsoft.com/en-us/azure/app-service/environment/intro Community Discussion Selected Answer: B Answer is correct. https://docs.microsoft.com/en-us/azure/app-service/environment/ overview was on exam 15/06/23 On exam 5/25/2023 Thank you Zelleck. I took AZ-500 and SC-100 shortly after you. You helped me a lot. I know you wouldn't see this message, but I really appreciate your effort Glad that my comments are useful! =) Question #18 You are evaluating an Azure environment for compliance. You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources. Which effect should you use in Azure Policy? A) Deny Page 42 of 460 43 Microsoft - SC-100 Practice Questions - SecExams.com B) Modify C) Append D) Disabled (Correct Answer) Explanation Correct Answer: D This effect is useful for testing situations or for when the policy definition has parameterized the effect. This flexibility makes it possible to disable a single assignment instead of disabling all of that policy's assignments. An alternative to the Disabled effect is enforcementMode, which is set on the policy assignment. When enforcementMode is Disabled, resources are still evaluated. Incorrect: Not A: Deny is used to prevent a resource request that doesn't match defined standards through a policy definition and fails the request. Not B: Modify evaluates before the request gets processed by a Resource Provider during the creation or updating of a resource. The Modify operations are applied to the request content when the if condition of the policy rule is met. Each Modify operation can specify a condition that determines when it's applied. Operations with conditions that are evaluated to false are skipped. Not C: Append is used to add additional fields to the requested resource during creation or update. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects Community Discussion Selected Answer: D It has to be disabled since deny will send the compliance report as non-complaint. The question is misleadingly worded. The question asks which effect can be used to report on compliance without changing anything. The Azure Policy "effect" used to do this is "Audit", which is not one of the provided options. There isn't an "effect" setting in the choices that matches the criteria. However, "Disabled" and "Enabled" are the two Azure Policy "enforcement" setting options. If an Azure Policy's "enforcement" is set to "Disabled", any "effect" set on this Azure Policy will report but will not make changes. "Disabled" is the best answer available, although technically incorrect because "Disabled" isn't an Azure Policy "effect". Page 43 of 460 44 Microsoft - SC-100 Practice Questions - SecExams.com https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#deny- evaluation https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#deny- evaluation 1. You're confused between "effect" and an "enforcement mode". 2. Policy definitions that use the Disabled effect have the default compliance state Compliant after assignment. The only possible answer is A - Deny. Page 44 of 460 45 Microsoft - SC-100 Practice Questions - SecExams.com Question #19 You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit. You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate? A) Asset Management B) Posture and Vulnerability Management C) Data Protection D) Endpoint Security (Correct Answer) E) Incident Response Page 45 of 460 46 Microsoft - SC-100 Practice Questions - SecExams.com Explanation Correct Answer: D Microsoft Defender for servers compliance control installed on Windows Defender for clout "Endpoint Security" azure security benchmark v3 Endpoint Security covers controls in endpoint detection and response, including use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments. Security Principle: Enable Endpoint Detection and Response (EDR) capabilities for VMs and integrate with SIEM and security operations processes. Azure Guidance: Azure Defender for servers (with Microsoft Defender for Endpoint integrated) provides EDR capability to prevent, detect, investigate, and respond to advanced threats. Use Microsoft Defender for Cloud to deploy Azure Defender for servers for your endpoint and integrate the alerts to your SIEM solution such as Azure Sentinel. Incorrect: Not A: Asset Management covers controls to ensure security visibility and governance over Azure resources, including recommendations on permissions for security personnel, security access to asset inventory, and managing approvals for services and resources (inventory, track, and correct). Not B: Posture and Vulnerability Management focuses on controls for assessing and improving Azure security posture, including vulnerability scanning, penetration testing and remediation, as well as security configuration tracking, reporting, and correction in Azure resources. Not C: Data Protection covers control of data protection at rest, in transit, and via authorized access mechanisms, including discover, classify, protect, and monitor sensitive data assets using access control, encryption, key and certificate management in Azure. Not E: Incident Response covers controls in incident response life cycle - preparation, detection and analysis, containment, and post-incident activities, including using Azure services such as Microsoft Defender for Cloud and Sentinel to automate the incident response process. Reference: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3- endpoint-security Community Discussion Selected Answer: D Page 46 of 460 47 Microsoft - SC-100 Practice Questions - SecExams.com No grey area. Endpoint security is the option that meets the goal. D is correct correct D is fine The given answer D, is correct. great, and yes correct Page 47 of 460 48 Microsoft - SC-100 Practice Questions - SecExams.com Question #20 HOTSPOT - You have a Microsoft 365 E5 subscription and an Azure subscription. You need to evaluate the existing environment to increase the overall security posture for the following components: ✑ Windows 11 devices managed by Microsoft Intune ✑ Azure Storage accounts ✑ Azure virtual machines What should you use to evaluate the components? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Page 48 of 460 49 Microsoft - SC-100 Practice Questions - SecExams.com Explanation Correct Answer: Box 1: Microsoft 365 Defender - The Microsoft 365 Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. It includes Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization. Microsoft Defender for Endpoint works with devices that run: Android - iOS/iPadOS Windows 10 - Page 49 of 460 50 Microsoft - SC-100 Practice Questions - SecExams.com Windows 11 - Box 2: Microsoft Defender for Cloud Microsoft Defender for Cloud currently protects Azure Blobs, Azure Files and Azure Data Lake Storage Gen2 resources. Microsoft Defender for SQL on Azure price applies to SQL servers on Azure SQL Database, Azure SQL Managed Instance and Azure Virtual Machines. Box 3: Microsoft 365 Compliance Center Azure Storage Security Assessment: Microsoft 365 Compliance Center monitors and recommends encryption for Azure Storage, and within a few clicks customers can enable built-in encryption for their Azure Storage Accounts. Note: Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. Microsoft Purview can be setup to manage policies for one or more Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/purview/tutorial-data-owner-policies-storage https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365- defender ? https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft- defender-endpoint https://azure.microsoft.com/en-gb/pricing/details/defender-for- cloud/ Community Discussion Selection 1: Microsoft 365 Defender (Microsoft Defender for Endpoint is part of it). Selection 2: Microsoft Defender for Cloud. Selection 3: Microsoft Defender for Cloud. Defender for cloud on VMs & Storage Read "Security posture management for storage" in this learning module: https://docs.microsoft.com/en-us/learn/modules/design-strategy- for-secure-paas-iaas-saas-services/8-specify-security-requirements-for-storage- workloads got this in exam 6oct23. passed with 896 marks. I answered 1. Microsoft 365 Defender 2. Microsoft Defender for Cloud. 3. Microsoft Defender for Cloud agreed. agreed. Page 50 of 460 51 Microsoft - SC-100 Practice Questions - SecExams.com Question #21 Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first? A) From Azure Policy, assign a built-in initiative that has a scope of the subscription. (Correct Answer) B) From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector. C) From Defender for Cloud, review the Azure security baseline for audit report. D) From Microsoft Defender for Cloud Apps, create an access policy for cloud applications. Explanation Correct Answer: A The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in NIST SP 800-53 Rev. 5. The following mappings are to the NIST SP 800-53 Rev. 5 controls. Use the navigation on the right to jump directly to a specific compliance domain. Many of the controls are implemented with an Azure Policy initiative definition. To review the complete initiative definition, open Policy in the Azure portal and select the Definitions page. Then, find and select the NIST SP 800-53 Rev. 5 Regulatory Compliance built-in initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/samples/gov-nist- sp-800-53-r5 Community Discussion Selected Answer: A The given answer is probably the closest. In real life I'd add a regulatory compliance standard in Defender for Cloud. This question might be seen written another way where that is the answer. https://docs.microsoft.com/en-us/azure/defender-for-cloud/update- regulatory-compliance-packages#what-regulatory-compliance-standards-are-available- in-defender-for-cloud Page 51 of 460 52 Microsoft - SC-100 Practice Questions - SecExams.com was on exam 15/06/23 One keyword in the question is "review". Answer A would "assign" the policy initiative - not "review". Given that the company has Defender for Cloud, Answer C would be my choice. A - I agree that I'd probably use Defender for Cloud as the UI is much better, however this service simply doesn't do the work, rather it invokes the Azure Policy initiative which is then reported back to Defender for Cloud. https://learn.microsoft.com/en-us/azure/ defender-for-cloud/policy-reference A - I agree that I'd probably use Defender for Cloud as the UI is much better, however this service simply doesn't do the work, rather it invokes the Azure Policy initiative which is then reported back to Defender for Cloud. https://learn.microsoft.com/en-us/azure/ defender-for-cloud/policy-reference Question #22 You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementation. You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A) Microsoft Defender for Containers (Correct Answer) B) Microsoft Defender for servers C) Azure Active Directory (Azure AD) Conditional Access (Correct Answer) D) Azure Active Directory (Azure AD) Privileged Identity Management (PIM) E) Azure Policy (Correct Answer) Explanation Correct Answer: ACE Environment settings page (in preview) (recommended) - This preview page provides a greatly improved, simpler, onboarding experience (including auto provisioning). This mechanism also extends Defender for Cloud's enhanced security features to your AWS Page 52 of 460 53 Microsoft - SC-100 Practice Questions - SecExams.com resources: *(A) Microsoft Defender for Containers brings threat detection and advanced defenses to your Amazon EKS clusters. This plan includes Kubernetes threat protection, behavioral analytics, Kubernetes best practices, admission control recommendations and more. * Microsoft Defender for Servers, though it requires Arc. C: AWS installations can benefit from Conditional Access. Defender for Cloud Apps integrates with Azure AD Conditional Access to enforce additional restrictions, and monitors and protects sessions after sign-in. Defender for Cloud Apps uses user behavior analytics (UBA) and other AWS APIs to monitor sessions and users and to support information protection. E: Kubernetes data plane hardening. For a bundle of recommendations to protect the workloads of your Kubernetes containers, install the Azure Policy for Kubernetes. You can also auto deploy this component as explained in enable auto provisioning of agents and extensions. With the add-on on your AKS cluster, every request to the Kubernetes API server will be monitored against the predefined set of best practices before being persisted to the cluster. You can then configure to enforce the best practices and mandate them for future workloads. Incorrect: Not B: To enable the Defender for Servers plan you need Azure Arc for servers installed on your EC2 instances. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws? pivots=env-settings https://docs.microsoft.com/en-us/azure/defender-for-cloud/ defender-for-containers-introduction https://docs.microsoft.com/en-us/azure/ architecture/reference-architectures/aws/aws-azure-security-solutions Community Discussion Selected Answer: ACE I would go for ACE. That being said, this link covers Azure Policy Extension in hardening Kubernetes data plane. https://docs.microsoft.com/en-us/azure/defender-for-cloud/ supported-machines-endpoint-solutions-clouds-containers?tabs=aws-eks E can not be an answer, because in-order to apply Azure Policy on AWS based resources, you must need to use Azure Arc, which can not be the case based on requirements. So, ACD can be the possible answers. PIM is privilege identity management.. I wouldn’t say its nice to have..its a must Page 53 of 460 54 Microsoft - SC-100 Practice Questions - SecExams.com PIM is privilege identity management.. I wouldn’t say its nice to have..its a must PIM is privilege identity management.. I wouldn’t say its nice to have..its a must Question #23 Your company has on-premises network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server. The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription. Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server. You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency for developers. Which three actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A) Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges. B) Deploy a Remote Desktop server to an Azure region located in France. C) Migrate from the Remote Desktop server to Azure Virtual Desktop. (Correct Answer) D) Implement Azure Firewall to restrict host pool outbound access. (Correct Answer) E) Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations. (Correct Answer) Explanation Correct Answer: CDE E: Organizations can use this location for common tasks like: Requiring multi-factor authentication for users accessing a service when they're off the corporate network. Blocking access for users accessing a service from specific countries or regions. Page 54 of 460 55 Microsoft - SC-100 Practice Questions - SecExams.com The location is determined by the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app. Conditional Access policies by default apply to all IPv4 and IPv6 addresses. CD: Use Azure Firewall to protect Azure Virtual Desktop deployments. Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. When an end user connects to an Azure Virtual Desktop environment, their session is run by a host pool. A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts. These virtual machines run in your virtual network and are subject to the virtual network security controls. They need outbound Internet access to the Azure Virtual Desktop service to operate properly and might also need outbound Internet access for end users. Azure Firewall can help you lock down your environment and filter outbound traffic. Reference: https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop Community Discussion Selected Answer: CDE CDE is the answer. https://learn.microsoft.com/en-us/azure/firewall/protect-azure- virtual-desktop?tabs=azure Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. When an end user connects to an Azure Virtual Desktop environment, their session is run by a host pool. A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts. These virtual machines run in your virtual network and are subject to the virtual network security controls. They need outbound Internet access to the Azure Virtual Desktop service to operate properly and might also need outbound Internet access for end users. Azure Firewall can help you lock down your environment and filter outbound traffic. https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa Users can sign into Azure Virtual Desktop from anywhere using different devices and clients. However, there are certain measures you should take to help keep yourself and your users safe. Using Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) with Azure Virtual Desktop prompts users during the sign-in process for another form of identification in addition to their username and password. You can enforce MFA for Azure Virtual Desktop using Conditional Access, and can also configure whether it applies to the web client, mobile apps, desktop clients, or all clients. https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa Users can sign into Azure Virtual Desktop from anywhere using different devices and clients. However, there are certain measures you should take to help keep yourself and your users safe. Using Page 55 of 460 56 Microsoft - SC-100 Practice Questions - SecExams.com Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) with Azure Virtual Desktop prompts users during the sign-in process for another form of identification in addition to their username and password. You can enforce MFA for Azure Virtual Desktop using Conditional Access, and can also configure whether it applies to the web client, mobile apps, desktop clients, or all clients. Selected Answer: CDE Correct. Selected Answer: CDE This is a tricky one… Based on zero trust, minimizing latency, and keeping the existing firewall requirement in place; I’d go with C,D,E Page 56 of 460 57 Microsoft - SC-100 Practice Questions - SecExams.com Question #24 HOTSPOT - Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components: ✑ Azure IoT Edge devices AWS EC2 instances - Which services should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Explanation Correct Answer: Page 57 of 460 58 Microsoft - SC-100 Practice Questions - SecExams.com Box 1: Microsoft Defender for IoT Microsoft Defender for IoT is a unified security solution for identifying IoT and OT devices, vulnerabilities, and threats and managing them through a central interface. Azure IoT Edge provides powerful capabilities to manage and perform business workflows at the edge. The key part that IoT Edge plays in IoT environments make it particularly attractive for malicious actors. Defender for IoT azureiotsecurity provides a comprehensive security solution for your IoT Edge devices. Defender for IoT module collects, aggregates and analyzes raw security data from your Operating System and container system into actionable security recommendations and alerts. Box 2: Microsoft Defender for Cloud and Azure Arc Microsoft Defender for Cloud provides the following features in the CSPM (Cloud Security Posture Management) category in the multi-cloud scenario for AWS. Take into account that some of them require Defender plan to be enabled (such as Regulatory Compliance): * Detection of security misconfigurations * Single view showing Security Center recommendations and AWS Security Hub findings * Incorporation of AWS resources into Security Center's secure score calculations * Regulatory compliance assessments of AWS resources Security Center uses Azure Arc to deploy the Log Analytics agent to AWS instances. Incorrect: AWS EC2 Microsoft Defender for Cloud Apps Amazon Web Services is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, Page 58 of 460 59 Microsoft - SC-100 Practice Questions - SecExams.com compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization. Connecting AWS to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, unusual deletions of VMs, and publicly exposed storage buckets. Reference: https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/security-edge- architecture https://samilamppu.com/2021/11/04/multi-cloud-security-posture- management-in-microsoft-defender-for-cloud/ Community Discussion Dude stop this nonsense Dude stop this nonsense Good answer, bad references Defender for IoT https://docs.microsoft.com/en-us/azure/ defender-for-iot/organizations/architecture EC2 instances need Defender for Cloud by way of Arc https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart- onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/azure-arc/ servers/overview#supported-cloud-operations We should still be thankful with examtopic researchers for their efforts, and least such examples makes us to validate our review and correct those mistakes :D) We should still be thankful with examtopic researchers for their efforts, and least such examples makes us to validate our review and correct those mistakes :D) Page 59 of 460 60 Microsoft - SC-100 Practice Questions - SecExams.com Question #25 Your company has a hybrid cloud infrastructure. The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company's on-premises network. The company's secutity policy prevents the use of personal devices for accessing company data and applications. You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand. What should you include in the recommendation? A) Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps. (Correct Answer) B) Redesign the VPN infrastructure by adopting a split tunnel configuration. C) Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access. D) Migrate the on-premises applications to cloud-based applications. Explanation Correct Answer: A You can connect an Azure Virtual Desktop to an on-premises network using a virtual private network (VPN), or use Azure ExpressRoute to extend the on- premises network into the Azure cloud over a private connection. * Azure AD: Azure Virtual Desktop uses Azure AD for identity and access management. Azure AD integration applies Azure AD security features like conditional access, multi- factor authentication, and the Intelligent Security Graph, and helps maintain app compatibility in domain-joined VMs. * Azure Virtual Desktop, enable Microsoft Defender for Cloud. We recommend enabling Microsoft Defender for Cloud's enhanced security features to: Manage vulnerabilities. Assess compliance with common frameworks like PCI. * Microsoft Defender for Cloud Apps, formerly known as Microsoft Cloud App Security, is a comprehensive solution for security and compliance teams enabling users in the organization, local and remote, to safely adopt business applications without compromising productivity. Reference: https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows- virtual-desktop https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide Page 60 of 460 61 Microsoft - SC-100 Practice Questions - SecExams.com https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing- microsoft-defender-for-cloud-apps/ba-p/2835842 Community Discussion it is really nice to see that everyone says the same answer Selected Answer: A That is the only way. Gotten this in May 2023 exam. Gotten this in May 2023 exam. indeed no brainer Question #26 Your company is preparing for cloud adoption. You are designing security for Azure landing zones. Which two preventative controls can you implement to increase the secure score? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A) Azure Web Application Firewall (WAF) B) Azure Active Directory (Azure AD) Privileged Identity Management (PIM) (Correct Answer) C) Microsoft Sentinel (Correct Answer) D) Azure Firewall E) Microsoft Defender for Cloud alerts Explanation Correct Answer: BC B: Azure identity and access for landing zones, Privileged Identity Management (PIM) Use Azure AD Privileged Identity Management (PIM) to establish zero-trust and least Page 61 of 460 62 Microsoft - SC-100 Practice Questions - SecExams.com privilege access. Map your organization's roles to the minimum access levels needed. Azure AD PIM can use Azure native tools, extend current tools and processes, or use both current and native tools as needed. Azure identity and access for landing zones, Design recommendations include: * (B) Use Azure AD managed identities for Azure resources to avoid credential-based authentication. Many security breaches of public cloud resources originate with credential theft embedded in code or other text. Enforcing managed identities for programmatic access greatly reduces the risk of credential theft. * Etc. C: Improve landing zone security, onboard Microsoft Sentinel You can enable Microsoft Sentinel, and then set up data connectors to monitor and protect your environment. After you connect your data sources using data connectors, you choose from a gallery of expertly created workbooks that surface insights based on your data. These workbooks can be easily customized to your needs. Note: Landing zone security best practices The following list of reference architectures and best practices provides examples of ways to improve landing zone security: Microsoft Defender for Cloud: Onboard a subscription to Defender for Cloud. Microsoft Sentinel: Onboard to Microsoft Sentinel to provide a security information event management (SIEM) and security orchestration automated response (SOAR) solution. Secure network architecture: Reference architecture for implementing a perimeter network and secure network architecture. Identity management and access control: Series of best practices for implementing identity and access t