CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 6)

Page 5 of 56
PDF with 249 Questions

You need to recommend a solution to resolve the virtual machine issue.
What should you include in the recommendation?

  1. Enable the Qualys scanner in Defender for Cloud.
  2. Onboard the virtual machines to Microsoft Defender for Endpoint.
  3. Create a device compliance policy in Microsoft Endpoint Manager.
  4. Onboard the virtual machines to Azure Arc.

Answer(s): A

Explanation:

Scenario: 20 virtual machines that are configured as application servers and are NOT onboarded to Microsoft Defender for Cloud.
Existing Environment. Problem Statements
The secure score in Defender for Cloud shows that all the virtual machines generate the following recommendation: Machines should have a vulnerability assessment solution.
All the virtual machines must be compliant in Defender for Cloud.
Note: Deploying Microsoft Defender for Endpoint is a two-step process.
Onboard devices to the service
Configure capabilities of the service


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm



HOTSPOT (Drag and Drop is not supported)
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: Virtual network integration
Integrate your app with an Azure virtual network.
With Azure virtual networks, you can place many of your Azure resources in a non-internet-routable network. The App Service virtual network integration feature enables your apps to access resources in or through a virtual network.
Box 2: Private endpoints
Ensure that the Azure virtual machines in each landing zone communicate with Azure App Service web apps in the same zone over the Microsoft backbone network, rather than over public endpoints.
A virtual machine can connect to the web app across the private endpoint.


Reference:

https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration https://docs.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-webapp-portal



You need to recommend a solution to scan the application code. The solution must meet the application development requirements.
What should you include in the recommendation?

  1. GitHub Advanced Security
  2. Azure Key Vault
  3. Azure DevTest Labs
  4. Application Insights in Azure Monitor

Answer(s): A

Explanation:

Requirements. Application Development Requirements
Fabrikam identifies the following requirements for application development:
* All the application code must be stored in GitHub Enterprise.
* All application code changes must be scanned for security vulnerabilities, including application code or configuration files that contain secrets in clear text.
Scanning must be done at the time the code is pushed to a repository.
A GitHub Advanced Security license provides the following additional features:
Code scanning - Search for potential security vulnerabilities and coding errors in your code.
Secret scanning - Detect secrets, for example keys and tokens, that have been checked into the repository. If push protection is enabled, also detects secrets when they are pushed to your repository.
Dependency review - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request.
Security overview - Review the security configuration and alerts for an organization and identify the repositories at greatest risk.
Incorrect:
Not C:
Scenario: Azure DevTest labs will be used by developers for testing.
Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service
(PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms.
Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own
VMs and environments. Lab policies and other methods track and control lab usage and costs.


Reference:

https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security



To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  1. Security Assertion Markup Language (SAML)
  2. NTLMv2
  3. certificate-based authentication
  4. Kerberos

Answer(s): A,D

Explanation:

A: SAML
Litware identifies the following application security requirements:
Identify internal applications that will support single sign-on (SSO) by using Azure AD Application Proxy.
You can provide single sign-on (SSO) to on-premises applications that are secured with SAML authentication and provide remote access to these applications through Application Proxy. With SAML single sign-on, Azure Active Directory (Azure AD) authenticates to the application by using the user's Azure AD account.
D: You can provide single sign-on for on-premises applications published through Application Proxy that are secured with integrated Windows authentication.
These applications require a Kerberos ticket for access. Application Proxy uses Kerberos Constrained Delegation (KCD) to support these applications.
Incorrect:
Not C: Certificate. This is not a custom domain scenario!
If you're using a custom domain, you also need to upload the TLS/SSL certificate for your application.
To configure an on-premises app to use a custom domain, you need a verified Azure Active Directory custom domain, a PFX certificate for the custom domain, and an on-premises app to configure.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-on-premises-apps https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-kcd https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-custom-domain






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

SC-100 Discussions & Posts