CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 16)

Page 16 of 47
PDF with 185 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend enabling adaptive network hardening.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

Note:
Secure management ports - Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups.

Recommendations:
- Internet-facing virtual machines should be protected with network security groups
- Management ports of virtual machines should be protected with just-in-time network access control
- Management ports should be closed on your virtual machines


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Secure management ports - Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups.

Recommendations:
- Internet-facing virtual machines should be protected with network security groups
- Management ports of virtual machines should be protected with just-in-time network access control
- Management ports should be closed on your virtual machines


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database.

You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.



You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.

Solution: You recommend creating private endpoints for the web app and the database layer.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

How to Use Azure Private Endpoints to Restrict Public Access to WebApps.
As an Azure administrator or architect, you are sometimes asked the question “How can we safely deploy internal business applications to Azure App Services?”

These applications characteristically are:

Not accessible from the public internet.
Accessible from within the on-premises corporate network
Accessible via an authorized VPN client from outside the corporate network.
For such scenarios, we can use Azure Private Links, which enables private and secure access to Azure PaaS services over Azure Private Endpoints, along with the Site-to-Site VPN, Point-to-Site VPN, or the Express Route. Azure Private Endpoint is a read-only network interface service associated with the Azure PAAS Services. It allows you to bring deployed sites into your virtual network, limiting access to them at the network level.

It uses one of the private IP addresses from your Azure VNet and associates it with the Azure App Services. These services are called Private Link resources. They can be Azure Storage, Azure Cosmos DB, SQL, App Services Web App, your own / partner owned services, Azure Backups, Event Grids, Azure Service Bus, or Azure Automations.


Reference:

https://www.varonis.com/blog/securing-access-azure-webapps



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database.

You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.



You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.

Solution: You recommend implementing Azure Key Vault to store credentials.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead use solution: You recommend creating private endpoints for the web app and the database layer.

Note:
How to Use Azure Private Endpoints to Restrict Public Access to WebApps.
As an Azure administrator or architect, you are sometimes asked the question “How can we safely deploy internal business applications to Azure App Services?”

These applications characteristically are:

Not accessible from the public internet.
Accessible from within the on-premises corporate network
Accessible via an authorized VPN client from outside the corporate network.
For such scenarios, we can use Azure Private Links, which enables private and secure access to Azure PaaS services over Azure Private Endpoints, along with the Site-to-Site VPN, Point-to-Site VPN, or the Express Route. Azure Private Endpoint is a read-only network interface service associated with the Azure PAAS Services. It allows you to bring deployed sites into your virtual network, limiting access to them at the network level.

It uses one of the private IP addresses from your Azure VNet and associates it with the Azure App Services. These services are called Private Link resources. They can be Azure Storage, Azure Cosmos DB, SQL, App Services Web App, your own / partner owned services, Azure Backups, Event Grids, Azure Service Bus, or Azure Automations.


Reference:

https://www.varonis.com/blog/securing-access-azure-webapps



Page 16 of 47



Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

John Helper commented on September 16, 2024
Good collection, will definitely help
Anonymous
upvote

Thabo commented on July 26, 2024
Fantastic study package.
Anonymous
upvote

Gordon commented on March 30, 2024
Fantastic study package. Well worth the cost. I prepared me to pass my exam.
GERMANY
upvote

Ted commented on March 14, 2024
To all those folks out there... The questions in this exam dumps is valid and almost same as in the exam. However, I found about 3 to 4 questions which did not have the complete answers. But the Explanation section helped a lot to clarify them.
UNITED KINGDOM
upvote

Ashford Domah Asante commented on February 13, 2024
I appreciate the accompanying notes and references. Can always make reference on the internet to double check.
Anonymous
upvote

NA commented on October 04, 2023
Spot on, good material.
Anonymous
upvote

Darrell commented on April 23, 2023
I appreciate the quick reply in providing me the updated version.
NETHERLANDS
upvote

Carrie commented on March 18, 2023
This prep guide is like a secret cheat code - Passed my exam with flying colors.
UNITED STATES
upvote

CRAIG commented on March 17, 2023
I could not have prepared for my test without these dumps - they were spot-on with the real exam questions.
UNITED KINGDOM
upvote

Himavan commented on January 22, 2023
The questions are good and helpful but I suggest you organize them by topic.
INDIA
upvote

John commented on August 16, 2022
Passed the exam. This is valid. Cheersss!
UNITED KINGDOM
upvote

Matthew commented on July 27, 2022
This study guide package is very good if you want to pass the certification exam. For deep learning I suggest other souces as this package only contains questions which are very similar to real exam.
NETHERLANDS
upvote