CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 2)

Page 1 of 56
PDF with 257 Questions

Your company has a Microsoft 365 ES subscription.
The Chief Compliance Officer plans to enhance privacy management in the working environment.
You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:
-Identify unused personal data and empower users to make smart data handling decisions.
-Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.
-Provide users with recommendations to mitigate privacy risks.
What should you include in the recommendation?

  1. communication compliance in insider risk management
  2. Microsoft Viva Insights
  3. Privacy Risk Management in Microsoft Priva
  4. Advanced eDiscovery

Answer(s): C

Explanation:

Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you:
Detect overexposed personal data so that users can secure it.
Spot and limit transfers of personal data across departments or regional borders.
Help users identify and reduce the amount of unused personal data that you store.
Incorrect:
Not B: Microsoft Viva Insights provides personalized recommendations to help you do your best work. Get insights to build better work habits, such as following through on commitments made to collaborators and protecting focus time in the day for uninterrupted, individual work.
Not D: The Microsoft Purview eDiscovery (Premium) solution builds on the existing Microsoft eDiscovery and analytics capabilities. eDiscovery (Premium) provides an end-to-end workflow to preserve, collect, analyze, review, and export content that's responsive to your organization's internal and external investigations.


Reference:

https://docs.microsoft.com/en-us/privacy/priva/risk-management



You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

  1. app registrations in Azure Active Directory (Azure AD)
  2. OAuth app policies in Microsoft Defender for Cloud Apps
  3. Azure Security Benchmark compliance controls in Defender for Cloud
  4. application control policies in Microsoft Defender for Endpoint

Answer(s): D

Explanation:

Microsoft Defender for Cloud Apps OAuth app policies.
OAuth app policies enable you to investigate which permissions each app requested and which users authorized them for Office 365, Google Workspace, and
Salesforce. You're also able to mark these permissions as approved or banned. Marking them as banned will revoke permissions for each app for each user who authorized it.
Incorrect:
Not D: Windows Defender Application cannot be used for virtual machines.


Reference:

https://docs.microsoft.com/en-us/defender-cloud-apps/app-permission-policy



HOTSPOT (Drag and Drop is not supported)
You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: Microsoft defender for cloud
Scenario: Prevent AD DS user accounts from being locked out by brute force attacks that target Azure AD user accounts.
When Microsoft Defender for Cloud detects a Brute-force attack, it triggers an alert to bring you awareness that a brute force attack took place. The automation uses this alert as a trigger to block the traffic of the IP by creating a security rule in the NSG attached to the VM to deny inbound traffic from the IP addresses attached to the alert. In the alerts of this type, you can find the attacking IP address appearing in the 'entities' field of the alert.
Box 2: An account lockout policy in AD DS
Scenario:
Detect brute force attacks that directly target AD DS user accounts.
Smart lockout helps lock out bad actors that try to guess your users' passwords or use brute-force methods to get in. Smart lockout can recognize sign-ins that come from valid users and treat them differently than ones of attackers and other unknown sources. Attackers get locked out, while your users continue to access their accounts and be productive.
Verify on-premises account lockout policy
To verify your on-premises AD DS account lockout policy, complete the following steps from a domain-joined system with administrator privileges:
1. Open the Group Policy Management tool.
2. Edit the group policy that includes your organization's account lockout policy, such as, the Default Domain Policy.
3. Browse to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.
4. Verify your Account lockout threshold and Reset account lockout counter after values.


Reference:

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/automation-to-block-brute-force-attacked-ip-detected-by/ba-p/1616825 https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout#verify-on-premises-account-lockout-policy



HOTSPOT (Drag and Drop is not supported)
What should you create in Azure AD to meet the Contoso developer requirements?
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: A synced user account
Need to use a synched user account.
Incorrect:
* Not A user account in the fabrikam.onmicrosoft.com tenant
The Contoso developers must use their existing contoso.onmicrosoft.com credentials to access the resources in Sub1.
* Guest accounts would not meet the requirements.
Note: Developers at Contoso will connect to the resources of Fabrikam to test or update applications. The developers will be added to a security group named
ContosoDevelopers in fabrikam.onmicrosoft.com that will be assigned to roles in Sub1.
The ContosoDevelopers group is assigned the db_owner role for the ClaimsDB database.
Contoso Developers Requirements
Fabrikam identifies the following requirements for the Contoso developers:
Every month, the membership of the ContosoDevelopers group must be verified.
The Contoso developers must use their existing contoso.onmicrosoft.com credentials to access the resources in Sub1.
The Contoso developers must be prevented from viewing the data in a column named MedicalHistory in the ClaimDetails table.
Box 2: An access review
Scenario: Every month, the membership of the ContosoDevelopers group must be verified.
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
Access review is part of Azure AD Identity governance.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

SC-100 Exam Discussions & Posts