CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 25)

Page 25 of 47
PDF with 185 Questions

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions.

You are evaluating the security posture of the customer.

You discover that the AKS resources are excluded from the secure score recommendations.

You need to produce accurate recommendations and update the secure score.

Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. Enable Defender plans.
  2. Configure auto provisioning.
  3. Add a workflow automation.
  4. Assign regulatory compliance policies.
  5. Review the inventory.

Answer(s): B,D

Explanation:

D: How are regulatory compliance standards represented in Defender for Cloud?
Industry standards, regulatory standards, and benchmarks are represented in Defender for Cloud's regulatory compliance dashboard. Each standard is an initiative defined in Azure Policy.

To see compliance data mapped as assessments in your dashboard, add a compliance standard to your management group or subscription from within the Security policy page.

When you've assigned a standard or benchmark to your selected scope, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments.

B: Configure Defender for Containers components
If you disabled any of the default protections when you enabled Microsoft Defender for Containers, you can change the configurations and reenable them via auto provisioning.

1. To configure the Defender for Containers components:

2. Sign in to the Azure portal.

3. Navigate to Microsoft Defender for Cloud > Environment settings.

4. Select the relevant subscription.

5. From the left side tool bar, select Auto provisioning.

6. Ensure that Microsoft Defenders for Containers components (preview) is toggled to On.



Incorrect:
Not A: When you enable Microsoft Defender for Containers, Azure Kubernetes Service clusters, and Azure Arc enabled Kubernetes clusters (Preview) protection are both enabled by default.
To upgrade to Microsoft Defender for Containers, open the Defender plans page in the portal and enable the new plan:



Not C: No need for automation.

Note: Automate responses to Microsoft Defender for Cloud triggers.
Every security program includes multiple workflows for incident response. These processes might include notifying relevant stakeholders, launching a change management process, and applying specific remediation steps. Security experts recommend that you automate as many steps of those procedures as you can. Automation reduces overhead. It can also improve your security by ensuring the process steps are done quickly, consistently, and according to your predefined requirements.


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation



Your company has an office in Seattle.

The company has two Azure virtual machine scale sets hosted on different virtual networks.

The company plans to contract developers in India.

You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:

-Prevent exposing the public IP addresses of the virtual machines.
-Provide the ability to connect without using a VPN.
-Minimize costs.

Which two actions should you perform? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. Create a hub and spoke network by using virtual network peering.
  2. Deploy Azure Bastion to each virtual network.
  3. Deploy Azure Bastion to one virtual network.
  4. Create NAT rules and network rules in Azure Firewall.
  5. Enable just-in-time VM access on the virtual machines.

Answer(s): A,C

Explanation:

Azure Bastion is deployed to a virtual network and supports virtual network peering. Specifically, Azure Bastion manages RDP/SSH connectivity to VMs created in the local or peered virtual networks.

Note: Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS.
When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software.

Incorrect:
Not B: Two Azure Bastions would increase the cost.


Reference:

https://docs.microsoft.com/en-us/azure/bastion/bastion-overview



HOTSPOT (Drag and Drop is not supported)
You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.

You need to recommend a solution to secure the components of the copy process.

What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Azure Web Application Firewall with network service tags
A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules.

You can use service tags to define network access controls on network security groups, Azure Firewall, and user-defined routes.

Incorrect:
* Not Azure private link with network service tags
Network service tags are not used with Private links.

Box 2: Automation Contributor built-in role
The Automation Contributor role allows you to manage all resources in the Automation account, except modifying other user's access permissions to an Automation account.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview https://docs.microsoft.com/en-us/azure/automation/automation-role-based-access-control



You have Windows 11 devices and Microsoft 365 E5 licenses.

You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites.

What should you include in the recommendation?

  1. Compliance Manager
  2. Microsoft Defender for Cloud Apps
  3. Microsoft Endpoint Manager
  4. Microsoft Defender for Endpoint

Answer(s): D

Explanation:

Web content filtering is part of the Web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.

Note: Turn on web content filtering
From the left-hand navigation in Microsoft 365 Defender portal, select Settings > Endpoints > General > Advanced Features. Scroll down until you see the entry for Web content filtering. Switch the toggle to On and Save preferences.

Configure web content filtering policies
Web content filtering policies specify which site categories are blocked on which device groups. To manage the policies, go to Settings > Endpoints > Web content filtering (under Rules).


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering



Page 25 of 47



Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

John Helper commented on September 16, 2024
Good collection, will definitely help
Anonymous
upvote

Thabo commented on July 26, 2024
Fantastic study package.
Anonymous
upvote

Gordon commented on March 30, 2024
Fantastic study package. Well worth the cost. I prepared me to pass my exam.
GERMANY
upvote

Ted commented on March 14, 2024
To all those folks out there... The questions in this exam dumps is valid and almost same as in the exam. However, I found about 3 to 4 questions which did not have the complete answers. But the Explanation section helped a lot to clarify them.
UNITED KINGDOM
upvote

Ashford Domah Asante commented on February 13, 2024
I appreciate the accompanying notes and references. Can always make reference on the internet to double check.
Anonymous
upvote

NA commented on October 04, 2023
Spot on, good material.
Anonymous
upvote

Darrell commented on April 23, 2023
I appreciate the quick reply in providing me the updated version.
NETHERLANDS
upvote

Carrie commented on March 18, 2023
This prep guide is like a secret cheat code - Passed my exam with flying colors.
UNITED STATES
upvote

CRAIG commented on March 17, 2023
I could not have prepared for my test without these dumps - they were spot-on with the real exam questions.
UNITED KINGDOM
upvote

Himavan commented on January 22, 2023
The questions are good and helpful but I suggest you organize them by topic.
INDIA
upvote

John commented on August 16, 2022
Passed the exam. This is valid. Cheersss!
UNITED KINGDOM
upvote

Matthew commented on July 27, 2022
This study guide package is very good if you want to pass the certification exam. For deep learning I suggest other souces as this package only contains questions which are very similar to real exam.
NETHERLANDS
upvote