CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 5)

Page 5 of 47
PDF with 185 Questions

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.

You plan to integrate Microsoft Sentinel with Splunk.

You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.

What should you include in the recommendation?

  1. a Microsoft Sentinel data connector
  2. Azure Event Hubs
  3. a Microsoft Sentinel workbook
  4. Azure Data Factory

Answer(s): B

Explanation:

Microsoft defines Azure Event Hubs as “a big data streaming platform and event ingestion service”. Most services inside of Azure, and some services outside of Azure, integrate with Event Hubs.


Reference:

https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Azure_Event_Hub_data



A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.

The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the endpoints.

Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. The client access tokens are refreshed.
  2. Microsoft Intune reports the endpoints as compliant.
  3. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
  4. Microsoft Defender for Endpoint reports the endpoints as compliant.

Answer(s): A,C

Explanation:

A: When a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access/refresh token pairs when the current access token expires. Refresh tokens are also used to acquire extra access tokens for other resources.

Refresh token expiration
Refresh tokens can be revoked at any time, because of timeouts and revocations.

C: Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It uses a combination of endpoint behavioral sensors, cloud security analytics, and threat intelligence.

The interviewees said that “by implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.” They also noted, “increased device performance and stability by managing all of their endpoints with Microsoft Endpoint Manager.” This had a bonus effect of reducing the number of agents installed on a user’s device, thereby increasing device stability and performance. “For some organizations, this can reduce boot times from 30 minutes to less than a minute,” the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. Implementing single sign-on (SSO), multifactor authentication (MFA), leveraging passwordless authentication, and eliminating VPN clients all further reduced friction and improved user productivity.



Note: Azure AD at the heart of your Zero Trust strategy
Azure AD provides critical functionality for your Zero Trust strategy. It enables strong authentication, a point of integration for device security, and the core of your user-centric policies to guarantee least-privileged access. Azure AD’s Conditional Access capabilities are the policy decision point for access to resource


Reference:

https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust-security-approach/
https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.

You plan to deploy Azure virtual machines that will run Windows Server.

You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.

How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Onboard the servers to Defender for Cloud.
Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers.

As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

Box 2: Configure Microsoft Sentinel playbooks.
As a SOAR platform, its primary purposes are to automate any recurring and predictable enrichment, response and remediation tasks that are the responsibility of Security Operations Centers (SOC/SecOps). Leveraging SOAR frees up time and resources for more in-depth investigation of and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks.


Reference:

https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377



You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).

The customer plans to obtain an Azure subscription and provision several Azure resources.

You need to evaluate the customer's security environment.

What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

  1. Azure AD Privileged Identity Management (PIM)
  2. role-based authorization
  3. resource-based authorization
  4. Azure AD Multi-Factor Authentication

Answer(s): D

Explanation:

Multifactor authentication (MFA), an important component of the Zero Trust Model, is missing in Azure AD Free edition.


Reference:

https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing



Page 5 of 47



Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

John Helper commented on September 16, 2024
Good collection, will definitely help
Anonymous
upvote

Thabo commented on July 26, 2024
Fantastic study package.
Anonymous
upvote

Gordon commented on March 30, 2024
Fantastic study package. Well worth the cost. I prepared me to pass my exam.
GERMANY
upvote

Ted commented on March 14, 2024
To all those folks out there... The questions in this exam dumps is valid and almost same as in the exam. However, I found about 3 to 4 questions which did not have the complete answers. But the Explanation section helped a lot to clarify them.
UNITED KINGDOM
upvote

Ashford Domah Asante commented on February 13, 2024
I appreciate the accompanying notes and references. Can always make reference on the internet to double check.
Anonymous
upvote

NA commented on October 04, 2023
Spot on, good material.
Anonymous
upvote

Darrell commented on April 23, 2023
I appreciate the quick reply in providing me the updated version.
NETHERLANDS
upvote

Carrie commented on March 18, 2023
This prep guide is like a secret cheat code - Passed my exam with flying colors.
UNITED STATES
upvote

CRAIG commented on March 17, 2023
I could not have prepared for my test without these dumps - they were spot-on with the real exam questions.
UNITED KINGDOM
upvote

Himavan commented on January 22, 2023
The questions are good and helpful but I suggest you organize them by topic.
INDIA
upvote

John commented on August 16, 2022
Passed the exam. This is valid. Cheersss!
UNITED KINGDOM
upvote

Matthew commented on July 27, 2022
This study guide package is very good if you want to pass the certification exam. For deep learning I suggest other souces as this package only contains questions which are very similar to real exam.
NETHERLANDS
upvote