Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free Microsoft SC-100 Exam Braindumps

You are designing a ransomware response plan that follows Microsoft Security Best Practices.
You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files. What should you include in the recommendation?

  1. Windows Defender Device Guard
  2. Microsoft Defender for Endpoint
  3. Azure Files
  4. BitLocker Drive Encryption (BitLocker)
  5. protected folders

Answer(s): E



You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.
What should you recommend?

  1. a managed identity in Azure
  2. a Microsoft Entra user account that has role assignments in Microsoft Entra Privileged Identity Management (PIM)
  3. a group managed service account (gMSA)
  4. a Microsoft Entra user account that has a password stored in Azure Key Vault

Answer(s): A



You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.
You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.
What should you recommend?

  1. The nodes must restart after the updates are applied.
  2. The updates must first be applied to the image used to provision the nodes.
  3. The AKS cluster version must be upgraded.

Answer(s): B

Explanation:

Patch and upgrade AKS worker nodes
This section of the Azure Kubernetes Service (AKS) day-2 operations guide describes patching and upgrading practices for AKS worker nodes and Kubernetes (K8S) versions.
Node image upgrades
Microsoft provides patches and new images for image nodes weekly. For AKS Linux nodes, we have two mechanisms to patch the nodes: unattended updates and node image upgrade. Unattended updates are automatic, but they don’t account for kernel level patches. You're required to use something like KURED or node image upgrade to reboot the node and complete the cycle. For node image upgrade, we create a patched node every week for customers to use, which would require applying that patched virtual hard disk (VHD). Auto- upgrade with the node image update SKU can automate the process.


Reference:

https://learn.microsoft.com/en-us/azure/architecture/operator-guides/aks/aks-upgrade-practices



You have the following on-premises servers that run Windows Server:
Two domain controllers in an Active Directory Domain Services (AD DS) domain Two application servers named Server1 and Server2 that run ASP.NET web apps A VPN server named Server3 that authenticates by using RADIUS and AD DS
End users use a VPN to access the web apps over the internet.
You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
What should you include in the recommendation?

  1. Publish the web apps by using Microsoft Entra Application Proxy.
  2. Configure the VPN to use Microsoft Entra authentication.
  3. Configure connectors and rules in Microsoft Defender for Cloud Apps.
  4. Configure web protection in Microsoft Defender for Endpoint.

Answer(s): A

Explanation:

Microsoft Defender Secure On premises web app VPN
Modernize secure access for your on-premises resources with Zero Trust
When it comes to classic or on-premises applications, Microsoft Entra Application Proxy enables your security team to easily apply the same policies and security controls used for cloud apps to your on-premises apps.
Note: Using Microsoft Entra Application Proxy to publish on-premises apps for remote users
Microsoft Entra ID offers many capabilities for protecting users, apps, and data in the cloud and on-premises. In particular, the Microsoft Entra Application Proxy feature can be implemented by IT professionals who want to publish on-premises web applications externally. Remote users who need access to internal apps can then access them in a secure manner.
While not comprehensive, the list below illustrates some of the things you can enable by implementing Application Proxy in a hybrid coexistence scenario:
Publish on-premises web apps externally in a simplified way without a DMZ
Support single sign-on (SSO) across devices, resources, and apps in the cloud and on-premises Support multi-factor authentication for apps in the cloud and on-premises
Quickly leverage cloud features with the security of the Microsoft Cloud Centralize user account management
Centralize control of identity and security
Automatically add or remove user access to applications based on group membership
This article explains how Microsoft Entra ID and Application Proxy give remote users a single sign-on (SSO) experience. Users securely connect to on-premises apps without a VPN or dual-homed servers and firewall rules.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy https://www.microsoft.com/en-us/security/blog/2020/11/19/modernize-secure-access-for-your-on-premises- resources-with-zero-trust/



Viewing page 10 of 70
Viewing questions 37 - 40 out of 303 questions



Post your Comments and Discuss Microsoft SC-100 exam prep with other Community members:

SC-100 Exam Discussions & Posts