CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 8)

Page 8 of 47
PDF with 185 Questions

DRAG DROP (Drag and Drop is not supported)
For a Microsoft cloud environment, you need to recommend a security architecture that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

Which security methodologies should you include in the recommendation? To answer, drag the appropriate methodologies to the correct principles. Each methodology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Note: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Segment access
Assume breach
Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

Box 2: Data classification
Verify explicitly
Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

Box 3: Just-in-time (JIT) access
Use least-privilege access
Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.


Reference:

https://www.microsoft.com/en-us/security/business/zero-trust



You have legacy operational technology (OT) devices and IoT devices.

You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.

Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. active scanning
  2. threat monitoring
  3. software patching
  4. passive traffic monitoring

Answer(s): B,C

Explanation:

Microsoft Cybersecurity Reference Architectures
Apply zero trust principles to securing OT and industrial IoT environments

Operational Technology (OT) Environments
Safety/Integrity/Availability
•Hardware Age: 50-100 years (mechanical + electronic overlay)
•Warranty length: up to 30-50 years
•Protocols: Industry Specific (often bridged to IP networks)
•Security Hygiene: Isolation, threat monitoring, managing vendor access risk, (patching rarely)

Information Technology (IT) Environments
Confidentiality/Integrity/Availability
•Hardware Age: 5-10 years
•Warranty length 3-5 years
•Protocols: Native IP, HTTP(S), Others
•Security Hygiene: Multi-factor authentication (MFA), patching, threat monitoring, antimalware


Reference:

https://learn.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra



You have an on-premises network and a Microsoft 365 subscription.

You are designing a Zero Trust security strategy.

Which two security controls should you include as part of the Zero Trust solution? Each correct answer presents part of the solution.

Note: Each correct answer is worth one point.

  1. Always allow connections from the on-premises network.
  2. Disable passwordless sign-in for sensitive accounts.
  3. Block sign-in attempts from unknown locations.
  4. Block sign-in attempts from noncompliant devices.

Answer(s): C,D

Explanation:

Securing identity with Zero Trust

User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection.

As users appear on new devices and from new locations, being able to respond to an MFA challenge is one of the most direct ways that your users can teach us that these are familiar devices/locations as they move around the world (without having administrators parse individual signals).

Incorrect:
Not B: Use passwordless authentication to reduce the risk of phishing and password attacks
With Azure AD supporting FIDO 2.0 and passwordless phone sign-in, you can move the needle on the credentials that your users (especially sensitive/privileged users) are employing day-to-day. These credentials are strong authentication factors that can mitigate risk as well.

Cloud identity federates with on-premises identity systems


Reference:

https://learn.microsoft.com/en-us/security/zero-trust/deploy/identity#v-user-device-location-and-behavior-is-analyzed-in-real-time-to-determine-risk-and-deliver-ongoing-protection



You are designing a ransomware response plan that follows Microsoft Security Best Practices.

You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files.

What should you include in the recommendation?

  1. Windows Defender Device Guard
  2. Microsoft Defender for Endpoint
  3. Azure Files
  4. BitLocker Drive Encryption (BitLocker)
  5. protected folders

Answer(s): E

Explanation:

The primary goal here is to minimize the risk of ransomware encrypting local user files. A feature designed to protect against unauthorized access to critical system files and user data, particularly from ransomware, is protected folders.
Option E, "protected folders," should be included in the recommendation.

In Windows, the Controlled Folder Access feature protects files in key system folders and user-defined folders by only allowing authorized apps to make changes. This can prevent ransomware from encrypting files in those folders.
While some of the other options listed, such as B. Microsoft Defender for Endpoint, may provide broader protection against malware, option E specifically targets the requirement to protect local user files against ransomware encryption.


Reference:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide



Page 8 of 47



Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

John Helper commented on September 16, 2024
Good collection, will definitely help
Anonymous
upvote

Thabo commented on July 26, 2024
Fantastic study package.
Anonymous
upvote

Gordon commented on March 30, 2024
Fantastic study package. Well worth the cost. I prepared me to pass my exam.
GERMANY
upvote

Ted commented on March 14, 2024
To all those folks out there... The questions in this exam dumps is valid and almost same as in the exam. However, I found about 3 to 4 questions which did not have the complete answers. But the Explanation section helped a lot to clarify them.
UNITED KINGDOM
upvote

Ashford Domah Asante commented on February 13, 2024
I appreciate the accompanying notes and references. Can always make reference on the internet to double check.
Anonymous
upvote

NA commented on October 04, 2023
Spot on, good material.
Anonymous
upvote

Darrell commented on April 23, 2023
I appreciate the quick reply in providing me the updated version.
NETHERLANDS
upvote

Carrie commented on March 18, 2023
This prep guide is like a secret cheat code - Passed my exam with flying colors.
UNITED STATES
upvote

CRAIG commented on March 17, 2023
I could not have prepared for my test without these dumps - they were spot-on with the real exam questions.
UNITED KINGDOM
upvote

Himavan commented on January 22, 2023
The questions are good and helpful but I suggest you organize them by topic.
INDIA
upvote

John commented on August 16, 2022
Passed the exam. This is valid. Cheersss!
UNITED KINGDOM
upvote

Matthew commented on July 27, 2022
This study guide package is very good if you want to pass the certification exam. For deep learning I suggest other souces as this package only contains questions which are very similar to real exam.
NETHERLANDS
upvote