The Renewal Guide To SC-100 Samples

NEW QUESTION 1

You need to recommend a solution to meet the requirements for connections to ClaimsDB.
What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model. Which framework should you follow to create the design?

• A. Enhanced Security Admin Environment (ESAE)
• B. Microsoft Security Development Lifecycle (SDL)
• C. Rapid Modernization Plan (RaMP)
• D. Microsoft Operational Security Assurance (OSA)

Answer: C

Explanation:
https://docs.microsoft.com/en-us/security/compass/security-rapid-modernization-plan This rapid modernization plan (RAMP) will help you quickly adopt Microsoft's recommended privileged access strategy.

NEW QUESTION 3

Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.

• A. Azure Firewall
• B. Azure Web Application Firewall (WAF)
• C. Microsoft Defender for Cloud alerts
• D. Azure Active Directory (Azure AD Privileged Identity Management (PIM)
• E. Microsoft Sentinel

Answer: AB

Explanation:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

NEW QUESTION 4

Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

• A. Azure Traffic Manager with priority traffic-routing methods
• B. Azure Application Gateway v2 with user-defined routes (UDRs).
• C. Azure Front Door with Azure Web Application Firewall (WAF)
• D. Azure Firewall with policy rule sets

Answer: C

Explanation:
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview

NEW QUESTION 5

You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?

• A. Storage account public access should be disallowed
• B. Azure Key Vault Managed HSM should have purge protection enabled
• C. Storage accounts should prevent shared key access
• D. Storage account keys should not be expired

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent

NEW QUESTION 6

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate?

• A. Data Protection
• B. Incident Response
• C. Posture and Vulnerability Management
• D. Asset Management
• E. Endpoint Security

Answer: E

Explanation:
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-endpoint-security

NEW QUESTION 7

Your company has an Azure App Service plan that is used to deploy containerized web apps. You are designing a secure DevOps strategy for deploying the web apps to the App Service plan. You need to recommend a strategy to integrate code scanning tools into a secure software development lifecycle. The code must be scanned during the following two phases:
Uploading the code to repositories Building containers
Where should you integrate code scanning for each phase? To answer, select the appropriate options in the answer area.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?

• A. Azure Event Hubs
• B. Azure Data Factor
• C. a Microsoft Sentinel workbook
• D. a Microsoft Sentinel data connector

Answer: D

Explanation:
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-side-by-side-with-splunk-via-ev

NEW QUESTION 9

You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.

• A. Assign an initiative to a management group.
• B. Assign a policy to each subscription.
• C. Assign a policy to a management group.
• D. Assign an initiative to each subscription.
• E. Assign a blueprint to each subscription.
• F. Assign a blueprint to a management group.

Answer: AF

Explanation:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.com/en-us/azure/governance/blueprints/overview https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001 https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

NEW QUESTION 10

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-privileged-access#pa-2-avoid-s

NEW QUESTION 11

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Azure AD Conditional Access integration with user flows and custom policies
• B. Azure AD workbooks to monitor risk detections
• C. custom resource owner password credentials (ROPC) flows in Azure AD B2C
• D. access packages in Identity Governance
• E. smart account lockout in Azure AD B2C

Answer: AC

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management
https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow

NEW QUESTION 12

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 13

You have a Microsoft 365 tenant.
Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:
• Users must be able to request access to App1 by using a self-service request.
• When users request access to App1, they must be prompted to provide additional information about their request.
• Every three months, managers must verify that the users still require access to Appl. What should you include in the design?

• A. Azure AD Application Proxy
• B. connected apps in Microsoft Defender for Cloud Apps
• C. Microsoft Entra Identity Governance
• D. access policies in Microsoft Defender for Cloud Apps

Answer: C

NEW QUESTION 14

You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.

What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network.
The company's security policy prevents the use of personal devices for accessing company data and applications.
You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.
What should you include in the recommendation?

• A. Migrate the on-premises applications to cloud-based applications.
• B. Redesign the VPN infrastructure by adopting a split tunnel configuration.
• C. Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
• D. Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

Explanation:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-microsoft-defender-for-c

NEW QUESTION 16
......