Top Tips Of Update SC-100 Test Preparation

NEW QUESTION 1

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening. Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 2

Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud. You receive the following recommendations in Defender for Cloud
• Access to storage accounts with firewall and virtual network configurations should be restricted,
• Storage accounts should restrict network access using virtual network rules.
• Storage account should use a private link connection.
• Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

• A. Azure Storage Analytics
• B. Azure Network Watcher
• C. Microsoft Sentinel
• D. Azure Policy

Answer: A

NEW QUESTION 3

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.
You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.
Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Configure auto provisioning.
• B. Assign regulatory compliance policies.
• C. Review the inventory.
• D. Add a workflow automation.
• E. Enable Defender plans.

Answer: BD

NEW QUESTION 4

You need to recommend a solution to meet the compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

Your company has a hybrid cloud infrastructure.
Data and applications are moved regularly between cloud environments.
The company's on-premises network is managed as shown in the following exhibit.

NOTE Each correct selection is worth one point.

• A. Azure VPN Gateway
• B. guest configuration in Azure Policy
• C. on-premises data gateway
• D. Azure Bastion
• E. Azure Arc

Answer: CE

NEW QUESTION 6

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

You need to recommend a solution to meet the AWS requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

What should you create in Azure AD to meet the Contoso developer requirements?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

Your company has a Microsoft 365 E5 subscription.
The company plans to deploy 45 mobile self-service kiosks that will run Windows 10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:
• Ensure that only authorized applications can run on the kiosks.
• Regularly harden the kiosks against new threats.
Which two actions should you include in the recommendations? Each correct answer presents part of the
solution. NOTE: Each correct selection is worth one point.

• A. Onboard the kiosks to Azure Monitor.
• B. Implement Privileged Access Workstation (PAW) for the kiosks.
• C. Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.
• D. Implement threat and vulnerability management in Microsoft Defender for Endpoint.
• E. Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.

Answer: AB

NEW QUESTION 10

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

• A. Azure Key Vault
• B. GitHub Advanced Security
• C. Application Insights in Azure Monitor
• D. Azure DevTest Labs

Answer: D

NEW QUESTION 11

A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware. The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Microsoft Defender for Endpoint reports the endpoints as compliant.
• B. Microsoft Intune reports the endpoints as compliant.
• C. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
• D. The client access tokens are refreshed.

Answer: CD

NEW QUESTION 12

Your company is moving a big data solution to Azure.
The company plans to use the following storage workloads:
• Azure Storage blob containers
• Azure Data Lake Storage Gen2
• Azure Storage file shares
• Azure Disk Storage
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Azure Disk Storage
• B. Azure Storage blob containers
• C. Azure Storage file shares
• D. Azure Data Lake Storage Gen2

Answer: BD

NEW QUESTION 13

Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation?

• A. standalone sensors
• B. honeytoken entity tags
• C. sensitivity labels
• D. custom user tags

Answer: D

NEW QUESTION 14

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?

• A. Azure Active Directory Domain Services (Azure AD DS)
• B. Azure Active Directory (Azure AD) B2C
• C. Azure Active Directory (Azure AD)
• D. Active Directory Domain Services (AD DS)

Answer: A

NEW QUESTION 15

Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network.
The company's security policy prevents the use of personal devices for accessing company data and applications.
You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.
What should you include in the recommendation?

• A. Migrate the on-premises applications to cloud-based applications.
• B. Redesign the VPN infrastructure by adopting a split tunnel configuration.
• C. Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
• D. Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer: D

NEW QUESTION 16

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?

• A. Azure Event Hubs
• B. Azure Data Factor
• C. a Microsoft Sentinel workbook
• D. a Microsoft Sentinel data connector

Answer: C

NEW QUESTION 17

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?

• A. Enhanced Security Admin Environment (ESAE)
• B. Microsoft Security Development Lifecycle (SDL)
• C. Rapid Modernization Plan (RaMP)
• D. Microsoft Operational Security Assurance (OSA)

Answer: A

NEW QUESTION 18

You have Microsoft Defender for Cloud assigned to Azure management groups. You have a Microsoft Sentinel deployment.
During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. workload protections in Defender for Cloud
• B. threat intelligence reports in Defender for Cloud
• C. Microsoft Sentinel notebooks
• D. Microsoft Sentinel threat intelligence workbooks

Answer: A

NEW QUESTION 19
......