CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free SC-100 Exam Braindumps (page: 8)

Page 7 of 56
PDF with 249 Questions

HOTSPOT (Drag and Drop is not supported)
You need to recommend a solution to meet the requirements for connections to ClaimsDB.
What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: A private endpoint
Scenario: An Azure SQL database named ClaimsDB that contains a table named ClaimDetails
Requirements. ClaimsApp Deployment.
Fabrikam plans to implement an internet-accessible application named ClaimsApp that will have the following specifications:
- ClaimsApp will be deployed to Azure App Service instances that connect to Vnet1 and Vnet2.
Users will connect to ClaimsApp by using a URL of https://claims.fabrikam.com.

- ClaimsApp will access data in ClaimsDB.
- ClaimsDB must be accessible only from Azure virtual networks.
- The app services permission for ClaimsApp must be assigned to ClaimsDB.
Web app private connectivity to Azure SQL Database.
Architecture:

Workflow
1. Using Azure App Service regional VNet Integration, the web app connects to Azure through an AppSvcSubnet delegated subnet in an Azure Virtual Network.
2. In this example, the Virtual Network only routes traffic and is otherwise empty, but other subnets and workloads could also run in the Virtual Network.
3. The App Service and Private Link subnets could be in separate peered Virtual Networks, for example as part of a hub-and-spoke network configuration.
4. Azure Private Link sets up a private endpoint for the Azure SQL Database in the PrivateLinkSubnet of the Virtual Network.
5. The web app connects to the SQL Database private endpoint through the PrivateLinkSubnet of the Virtual Network.
The database firewall allows only traffic coming from the PrivateLinkSubnet to connect, making the database inaccessible from the public internet.
Box 2: A managed identity
Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without managing credentials.


Reference:

https://docs.microsoft.com/en-us/azure/architecture/example-scenario/private-web-app/private-web-app https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-status



Your company is developing a modern application that will un as an Azure App Service web app.
You plan to perform threat modeling to identity potential security issues by using the Microsoft Threat Modeling Tool.
Which type of diagram should you create?

  1. system flow
  2. data flow
  3. process flow
  4. network flow

Answer(s): B

Explanation:

Process flow diagrams are the result of a maturing threat modeling discipline. They genuinely allow incorporation of developers in the threat modeling process during the application design phase. This helps developers working within an Agile development methodology initially write secure code.
Application threat models use process-flow diagrams, representing the architectural point of view. Operational threat models are created from an attacker point of view based on DFDs. This approach allows for the integration of VAST into the organization's development and DevOps lifecycles.
Incorrect:
Not B: Data-flow diagrams are graphical representations of your system and should specify each element, their interactions and helpful context.
Data-flow diagrams are made up of shapes that create graphical representations of your system. Each shape represents a unique function. Each interaction is analyzed to help you identify potential threats and ways to reduce risk.
Using shapes correctly allows you to receive better input from colleagues and security teams. Everyone will then understand how the system works. It can also help them avoid going through countless design documents and development plans to get them up and running.


Reference:

https://threatmodeler.com/data-flow-diagrams-process-flow-diagrams/ https://docs.microsoft.com/en-us/learn/modules/tm-create-a-threat-model-using-foundational-data-flow-diagram-elements/1b-elements



HOTSPOT (Drag and Drop is not supported)
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: Azure AD B2C
Scenario: Provide centralized, cross-tenant subscription management without the overhead of maintaining guest accounts.
Azure AD B2C
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
By serving as the central authentication authority for your web applications, mobile apps, and APIs, Azure AD B2C enables you to build a single sign-on (SSO) solution for them all. Centralize the collection of user profile and preference information, and capture detailed analytics about sign-in behavior and sign-up conversion.
Note: Azure AD B2C is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks.
Incorrect:
Azure Lighthouse
Cross-tenant management experiences
As a service provider, you can use Azure Lighthouse to manage resources for multiple customers from within your own Azure Active Directory (Azure AD) tenant.
With Azure Lighthouse, the onboarding process specifies users within the service provider's tenant who will be able to work on delegated subscriptions and resource groups in the customer's tenant. These users can then sign in to the Azure portal using their own credentials. Within the Azure portal, they can manage resources belonging to all customers to which they have access.
Box 2: Azure Arc
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
Note:
Requirements. Hybrid Requirements
Litware identifies the following hybrid cloud requirements:
*Enable the management of on-premises resources from Azure, including the following:
Use Azure Policy for enforcement and compliance evaluation.
Provide change tracking and asset inventory.
Implement patch management.
Incorrect:
* Azure Stack Edge acts as a cloud storage gateway and enables eyes-off data transfers to Azure, while retaining local access to files.
* Microsoft Azure Stack Hub is a hybrid cloud platform that lets you deliver services from your datacenter.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview https://docs.microsoft.com/en-us/azure/azure-arc/overview https://docs.microsoft.com/en-us/azure/lighthouse/concepts/cross-tenant-management-experience



You need to recommend a solution to meet the security requirements for the virtual machines.
What should you include in the recommendation?

  1. just-in-time (JIT) VM access
  2. an Azure Bastion host
  3. Azure Virtual Desktop
  4. a network security group (NSG)

Answer(s): C

Explanation:

Scenario: Requirements. Compliance Requirements
Fabrikam wants to automatically remediate the virtual machines in Sub1 to be compliant with the HIPAA HITRUST standard. The virtual machines in TestRG must be excluded from the compliance assessment.
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software.
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.


Reference:

https://docs.microsoft.com/en-us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/governance/policy/samples/hipaa-hitrust-9-2






Post your Comments and Discuss Microsoft SC-100 exam with other Community members:

SC-100 Discussions & Posts