Free SC-100 Exam Braindumps (page: 5)

Page 5 of 70

Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.
Which Defender for Identity feature should you include in the recommendation?

  1. sensitivity labels
  2. custom user tags
  3. standalone sensors
  4. honeytoken entity tags

Answer(s): D

Explanation:

Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert.
Incorrect:
Not B: custom user tags
After you apply system tags or custom tags to users, you can use those tags as filters in alerts, reports, and investigation.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-identity/entity-tags



Your company is moving all on-premises workloads to Azure and Microsoft 365.
You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:
Minimizes manual intervention by security operation analysts Supports triaging alerts within Microsoft Teams channels
What should you include in the strategy?

  1. KQL
  2. playbooks
  3. data connectors
  4. workbooks

Answer(s): B

Explanation:

Playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps, a cloud service that helps you schedule, automate, and orchestrate tasks and workflows across systems throughout the enterprise.
A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually or set to run automatically in response to specific alerts or incidents, when triggered by an analytics rule or an automation rule, respectively.
Incorrect:
Not A: Kusto Query Language is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
Not D: Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.
Workbooks allow users to visualize the active alerts related to their resources.


Reference:

https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview



You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup.
You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  1. Enable soft delete for backups.
  2. Require PINs for critical operations.
  3. Encrypt backups by using customer-managed keys (CMKs).
  4. Perform offline backups to Azure Data Box.
  5. Use Azure Monitor notifications when backup configurations change.

Answer(s): A,B



HOTSPOT (Drag and Drop is not supported)
You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:
Users will authenticate by using Microsoft Entra user accounts.
Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: A managed identity in Microsoft Entra ID
Use a managed identity. You use Microsoft Entra ID as the identity provider.
Box 2: An access review in Identity Governance
Access to groups and applications for employees and guests changes over time. To reduce the risk associated with stale access assignments, administrators can use Microsoft Entra ID to create access reviews for group members or application access.


Reference:

https://docs.microsoft.com/en-us/azure/app-service/scenario-secure-app-authentication-app-service https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review






Post your Comments and Discuss Microsoft SC-100 exam prep with other Community members:

SC-100 Exam Discussions & Posts