Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free Microsoft SC-100 Exam Braindumps (page: 13)

Page 13 of 70
PDF with 303 Questions

You have 10 Azure subscriptions that contain 100 role-based access control (RBAC) role assignments. You plan to consolidate the role assignments.
You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort.
What should you include in the recommendation?

  1. Microsoft Defender for Cloud
  2. Microsoft Entra access reviews
  3. Microsoft Entra Privileged Identity Management (PIM)
  4. Microsoft Entra Permissions Management

Answer(s): D

Explanation:

Microsoft Entra Permissions Management is designed to manage and monitor permissions across multiple cloud environments, including Azure. It provides insights into permissions, allowing you to identify unused role assignments over a specified period, like the last 90 days. This solution helps you track permissions, detect unused roles, and optimize role assignments across subscriptions, minimizing administrative effort by offering automated recommendations for role consolidation.



You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).
You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.
You need to ensure that a compromised local administrator account cannot be used to stop scheduled backups.
What should you do?

  1. From Azure Backup, configure multi-user authorization by using Resource Guard.
  2. From Microsoft Entra Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role.
  3. From Microsoft Azure Backup Setup, register MABS with a Recovery Services vault.
  4. From a Recovery Services vault, generate a security PIN for critical operations.

Answer(s): A

Explanation:

MUA for Azure Backup uses a new resource called the Resource Guard to ensure critical operations, such as disabling soft delete, stopping and deleting backups, or reducing retention of backup policies, are performed only with applicable authorization.


Reference:

https://learn.microsoft.com/en-us/azure/backup/protect-backups-from-ransomware-faq



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.
You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:
Support access to the shares by using the SMB protocol. Limit access to the blobs to specific periods of time.
Include authentication support when possible.
What should you recommend for each resource? To answer, select the options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Account shared access signature (SAS) Azure Storage blobs
Limit access to the blobs to specific periods of time
Account SAS
An account SAS is secured with the storage account key. An account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service or user delegation SAS are also available via an account SAS.
Box 2: Service shared access signature (SAS) Azure Files shares
Support access to the shares by using the SMB protocol.
A shared access signature can take one of the following two forms:
* Ad hoc SAS. When you create an ad hoc SAS, the start time, expiry time, and permissions are specified in the SAS URI. Any type of SAS can be an ad hoc SAS.
*-> Service SAS with stored access policy. A stored access policy is defined on a resource container, which can be a blob container, table, queue, or file share. The stored access policy can be used to manage constraints for one or more service shared access signatures. When you associate a service SAS with a stored access policy, the SAS inherits the constraints—the start time, expiry time, and permissions—defined for the stored access policy.


Reference:

https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview



DRAG DROP (Drag and Drop is not supported)
You need to design a solution to accelerate a Zero Trust security implementation. The solution must be based on the Zero Trust Rapid Modernization Plan (RaMP).
Which three initiatives should you include in the solution, and in which order should you implement the initiatives? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Step 1: Explicitly validate trust for all access requests RaMP initiatives for Zero Trust
To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives.
Explicitly validate trust for all access requests [Step 1]
Step 2: Apply provisions for ransomware recovery readiness
Ransomware recovery readiness [Step 2]
Step 3: Classify and protect data
3. Data protection
This Rapid Modernization Plan (RaMP) checklist helps you protect your on-premises and cloud data from both inadvertent and malicious access.
https://learn.microsoft.com/en-us/security/zero-trust/data-compliance-gov-data
1.1 Know your data [Step 3]
Perform these implementation steps to meet the Know your data deployment objective.
1. Determine data classification levels.
2. Determine built-in and custom sensitive information types.
3. Determine the use of pre-trained and custom trainable classifiers.
4. Discover and classify sensitive data.
2. Protect your data [Step 3] Incorrect:
Modernize security operations
4. Streamline response
5. Unify visibility
6. Reduce manual effort
* Discover and protect IoT devices
Other initiatives based on Operational Technology (OT) or IoT usage, on-premises and cloud adoption, and security for in-house app development:
Discover Protect Monitor


Reference:

https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview https://learn.microsoft.com/en-us/security/zero-trust/data-compliance-gov-data



Viewing page 13 of 70
Viewing questions 49 - 52 out of 303 questions



Post your Comments and Discuss Microsoft SC-100 exam prep with other Community members:

SC-100 Exam Discussions & Posts