Free SC-100 Exam Braindumps (page: 15)

Page 14 of 56

You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive data.
What should you include in the recommendation?

  1. Microsoft Defender for Cloud Apps
  2. Microsoft Information Protection
  3. insider risk management
  4. Azure Purview

Answer(s): B

Explanation:

Microsoft Defender for Cloud Apps File policies.
File Policies allow you to enforce a wide range of automated processes using the cloud provider's APIs. Policies can be set to provide continuous compliance scans, legal eDiscovery tasks, DLP for sensitive content shared publicly, and many more use cases. Defender for Cloud Apps can monitor any file type based on more than 20 metadata filters (for example, access level, file type).


Reference:

https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies



HOTSPOT (Drag and Drop is not supported)
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation.
You need to recommend a security posture management solution for the following components:
-Azure IoT Edge devices
AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: Microsoft Defender for IoT
Microsoft Defender for IoT is a unified security solution for identifying IoT and OT devices, vulnerabilities, and threats and managing them through a central interface.
Azure IoT Edge provides powerful capabilities to manage and perform business workflows at the edge. The key part that IoT Edge plays in IoT environments make it particularly attractive for malicious actors.
Defender for IoT azureiotsecurity provides a comprehensive security solution for your IoT Edge devices. Defender for IoT module collects, aggregates and analyzes raw security data from your Operating System and container system into actionable security recommendations and alerts.
Box 2: Microsoft Defender for Cloud and Azure Arc
Microsoft Defender for Cloud provides the following features in the CSPM (Cloud Security Posture Management) category in the multi-cloud scenario for AWS.
Take into account that some of them require Defender plan to be enabled (such as Regulatory Compliance):
* Detection of security misconfigurations
* Single view showing Security Center recommendations and AWS Security Hub findings
* Incorporation of AWS resources into Security Center's secure score calculations
* Regulatory compliance assessments of AWS resources
Security Center uses Azure Arc to deploy the Log Analytics agent to AWS instances.
Incorrect:
AWS EC2 Microsoft Defender for Cloud Apps
Amazon Web Services is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
Connecting AWS to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, unusual deletions of VMs, and publicly exposed storage buckets.


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/security-edge-architecture https://samilamppu.com/2021/11/04/multi-cloud-security-posture-management-in-microsoft-defender-for-cloud/



Your company is moving all on-premises workloads to Azure and Microsoft 365.
You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:
-Minimizes manual intervention by security operation analysts
-Supports triaging alerts within Microsoft Teams channels
What should you include in the strategy?

  1. KQL
  2. playbooks
  3. data connectors
  4. workbooks

Answer(s): B

Explanation:

Playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps, a cloud service that helps you schedule, automate, and orchestrate tasks and workflows across systems throughout the enterprise.
A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually or set to run automatically in response to specific alerts or incidents, when triggered by an analytics rule or an automation rule, respectively.
Incorrect:
Not A: Kusto Query Language is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more.
The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
Not D: Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.
Workbooks allow users to visualize the active alerts related to their resources.


Reference:

https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview



Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD).
You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications.
What should you include in the recommendation?

  1. activity policies in Microsoft Defender for Cloud Apps
  2. sign-in risk policies in Azure AD Identity Protection
  3. Azure AD Conditional Access policies
  4. device compliance policies in Microsoft Endpoint Manager
  5. user risk poticies in Azure AD Identity Protection

Answer(s): C

Explanation:

Microsoft Defender for Cloud Apps Activity policies.
Activity policies allow you to enforce a wide range of automated processes using the app provider's APIs. These policies enable you to monitor specific activities carried out by various users, or follow unexpectedly high rates of one certain type of activity.
After you set an activity detection policy, it starts to generate alerts - alerts are only generated on activities that occur after you create the policy.
Each policy is composed of the following parts:
Activity filters ג€" Enable you to create granular conditions based on metadata.
Activity match parameters ג€" Enable you to set a threshold for the number of times an activity repeats to be considered to match the policy.
Actions ג€" The policy provides a set of governance actions that can be automatically applied when violations are detected.
Incorrect:
Not C: Azure AD Conditional Access policies applies to users, not to applications.
Note: Blocking user logins by location can be an added layer of security to your environment. The following process will use Azure Active Directory conditional access to block access based on geographical location. For example, you are positive that nobody in your organization should be trying to login to select cloud applications from specific countries.


Reference:

https://docs.microsoft.com/en-us/defender-cloud-apps/user-activity-policies https://cloudcompanyapps.com/2019/04/18/block-users-by-location-in-azure-o365/






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

SC-100 Discussions & Posts