Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free Microsoft SC-100 Exam Questions (page: 3)

Page 3 of 41
PDF with 315 Questions

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.

You need to recommend a solution to evaluate and remediate the alerts by using a workflow automation feature of Microsoft Defender for Cloud.

What should you include in the recommendation?

  1. Azure Monitor alert webhooks
  2. Azure Event Hubs
  3. Azure Functions
  4. Azure Logic Apps

Answer(s): D

Explanation:

The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance.
Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios.

Incorrect:
Not C: Using Azure Functions apps would require more effort.


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation



Your company is moving a big data solution to Azure.

The company plans to use the following storage workloads:

Azure Storage blob containers

Azure Data Lake Storage Gen2

Azure Storage file shares

Azure Disk Storage

Which two storage workloads support authentication by using Azure AD? Each correct answer presents a complete solution.

Note: Each correct selection is worth one point.

  1. Azure Storage file shares
  2. Azure Disk Storage
  3. Azure Storage blob containers
  4. Azure Data Lake Storage Gen2

Answer(s): C,D

Explanation:

C: Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Microsoft Entra ID to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service.
You can scope access to Azure blob resources at the following levels, beginning with the narrowest scope:
* An individual container. At this scope, a role assignment applies to all of the blobs in the container, as well as container properties and metadata.
* The storage account.
* The resource group.
* The subscription.
* A management group.
D: You can securely access data in an Azure Data Lake Storage Gen2 (ADLS Gen2) account using OAuth 2.0
with a Microsoft Entra application service principal for authentication. Using a service principal for authentication provides two options for accessing data in your storage account:
A mount point to a specific file or path
Direct access to data

Incorrect:
Not A: To enable AD DS authentication over SMB for Azure file shares, you need to register your storage account with AD DS and then set the required domain properties on the storage account. To register your storage account with AD DS, create an account representing it in your AD DS.


Reference:

https://docs.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory https://docs.microsoft.com/en-us/azure/databricks/data/data-sources/azure/adls-gen2/azure-datalake-gen2-sp- access



HOTSPOT (Drag and Drop is not supported)

Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII).

The company plans to use Microsoft Information Protection for the PII data store in Azure.

You need to recommend a solution to discover PII data at risk in the Azure resources.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

Box 1: Azure Purview
Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Microsoft Purview allows you to:

Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage.
Enable data curators to manage and secure your data estate.
Empower data consumers to find valuable, trustworthy data.

Box 2: Microsoft Defender for Cloud
Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization's security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data.

https://docs.microsoft.com/en-us/azure/purview/overview https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products



You have a Microsoft 365 E5 subscription and an Azure subscription.

You are designing a Microsoft deployment.

You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events.

What should you recommend using in Microsoft Sentinel?

  1. notebooks
  2. playbooks
  3. workbooks
  4. threat intelligence

Answer(s): C

Explanation:

After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what's happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook.


Reference:

https://docs.microsoft.com/en-us/azure/sentinel/get-visibility



Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.

You are informed about incidents that relate to compromised identities.

You need to recommend a solution to expose several accounts for attackers to exploit.
When the attackers attempt to exploit the accounts, an alert must be triggered.

Which Defender for Identity feature should you include in the recommendation?

  1. sensitivity labels
  2. custom user tags
  3. standalone sensors
  4. honeytoken entity tags

Answer(s): D

Explanation:

Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert.

Incorrect:
Not B: custom user tags
After you apply system tags or custom tags to users, you can use those tags as filters in alerts, reports, and investigation.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-identity/entity-tags



Your company is moving all on-premises workloads to Azure and Microsoft 365.

You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:

Minimizes manual intervention by security operation analysts

Supports triaging alerts within Microsoft Teams channels

What should you include in the strategy?

  1. KQL
  2. playbooks
  3. data connectors
  4. workbooks

Answer(s): B

Explanation:

Playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps, a cloud service that helps you schedule, automate, and orchestrate tasks and workflows across systems throughout the enterprise.
A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually or set to run automatically in response to specific alerts or incidents, when triggered by an analytics rule or an automation rule, respectively.

Incorrect:
Not A: Kusto Query Language is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
Not D: Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.
Workbooks allow users to visualize the active alerts related to their resources.


Reference:

https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview



You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases.

All resources are backed up multiple times a day by using Azure Backup.

You are developing a strategy to protect against ransomware attacks.

You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.

Which two controls should you include in the recommendation? Each correct answer presents a complete solution.

Note: Each correct selection is worth one point.

  1. Enable soft delete for backups.
  2. Require PINs for critical operations.
  3. Encrypt backups by using customer-managed keys (CMKs).
  4. Perform offline backups to Azure Data Box.
  5. Use Azure Monitor notifications when backup configurations change.

Answer(s): A,B



HOTSPOT (Drag and Drop is not supported)

You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:

Users will authenticate by using Microsoft Entra user accounts.

Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.

You need to recommend an access security architecture for App1.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: A managed identity in Microsoft Entra ID

Use a managed identity. You use Microsoft Entra ID as the identity provider.

Box 2: An access review in Identity Governance
Access to groups and applications for employees and guests changes over time. To reduce the risk associated with stale access assignments, administrators can use Microsoft Entra ID to create access reviews for group members or application access.


Reference:

https://docs.microsoft.com/en-us/azure/app-service/scenario-secure-app-authentication-app-service https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review



Viewing page 3 of 41



Post your Comments and Discuss Microsoft SC-100 exam prep with other Community members:

SC-100 Exam Discussions & Posts