CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 28)

Page 27 of 56
PDF with 249 Questions

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

  1. adaptive application controls in Defender for Cloud
  2. app protection policies in Microsoft Endpoint Manager
  3. OAuth app policies in Microsoft Defender for Cloud Apps
  4. Azure Active Directory (Azure AD) Conditional Access App Control policies

Answer(s): A



You have a Microsoft 365 tenant that uses Microsoft SharePoint Online and Microsoft Purview. Microsoft Purview has a sensitivity
label named Label1 that is applied to the files stored on SharePoint Online sites.
You need to recommend a Microsoft Purview Data Loss Prevention (DLP) policy that meets the following requirements:
• Prevents users from uploading the files to third-party external websites
• Allows users to upload the files to Microsoft OneDrive for Business
To which location should you apply the DLP policy?

  1. Devices
  2. OneDrive accounts
  3. SharePoint sites
  4. Microsoft Defender for Cloud Apps

Answer(s): D



Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment.
You need to recommend the top three modernization areas to prioritize as part of the plan.
Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. data, compliance, and governance
  2. infrastructure and development
  3. user access and productivity
  4. operational technology (OT) and IoT
  5. modern security operations

Answer(s): A,C,E



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Secure management ports - Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time
VM access and network security groups.
Recommendations:
- Internet-facing virtual machines should be protected with network security groups
- Management ports of virtual machines should be protected with just-in-time network access control
- Management ports should be closed on your virtual machines


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

SC-100 Discussions & Posts