CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 23)

Page 22 of 56
PDF with 249 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions that allow traffic from the Front Door service tags.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead: You recommend access restrictions based on HTTP headers that have the Front Door ID.
Restrict access to a specific Azure Front Door instance
Traffic from Azure Front Door to your application originates from a well-known set of IP ranges defined in the AzureFrontDoor.Backend service tag. Using a service tag restriction rule, you can restrict traffic to only originate from Azure Front Door. To ensure traffic only originates from your specific instance, you will need to further filter the incoming requests based on the unique http header that Azure Front Door sends.


Reference:

https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions https://docs.microsoft.com/en-us/azure/virtual-network/vnet-integration-for-azure-services



You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

  1. Azure AD Privileged Identity Management (PIM)
  2. role-based authorization
  3. resource-based authorization
  4. Azure AD Multi-Factor Authentication

Answer(s): A

Explanation:

Multifactor authentication (MFA), an important component of the Zero Trust Model, is missing in Azure AD Free edition.


Reference:

https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing



You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)
After remediating the threat, which policy definition should you assign to prevent the threat from reoccurring?

  1. Storage account public access should be disallowed
  2. Azure Key Vault Managed HSM should have purge protection enabled
  3. Storage accounts should prevent shared key access
  4. Storage account keys should not be expired

Answer(s): C

Explanation:

Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data, but may also present a security risk. It's important to manage anonymous access judiciously and to understand how to evaluate anonymous access to your data. Operational complexity, human error, or malicious attack against data that is publicly accessible can result in costly data breaches. Microsoft recommends that you enable anonymous access only when necessary for your application scenario.
Note: Attackers have been crawling for public containers using tools such as MicroBurst.
Exploiting Anonymous Blob Access
Now, there are thousands of articles explaining how this can be abused and how to search for insecure storage in Azure. One of the easiest way is to use
MicroBurst, provide the storage account name to search for, and it'll check if the containers exists based on a wordlist saved in the Misc/permutations.txt


Reference:

https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent https://hackingthe.cloud/azure/anonymous-blob-access/



Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)
Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

  1. Azure Traffic Manager with priority traffic-routing methods
  2. Azure Firewall with policy rule sets
  3. Azure Front Door with Azure Web Application Firewall (WAF)
  4. Azure Application Gateway v2 with user-defined routes (UDRs)

Answer(s): B

Explanation:

Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection for your web applications. WAF defends your web services against common exploits and vulnerabilities. It keeps your service highly available for your users and helps you meet compliance requirements.
WAF on Front Door is a global and centralized solution. It's deployed on Azure network edge locations around the globe. WAF enabled web applications inspect every incoming request delivered by Front Door at the network edge.
WAF prevents malicious attacks close to the attack sources, before they enter your virtual network.

Incorrect:
Not D: Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
You could use Azure Application Gateway with the Azure Web Application Firewall (WAF).


Reference:

https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

SC-100 Discussions & Posts