Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Free Microsoft SC-100 Exam Braindumps (page: 8)

Page 8 of 70
PDF with 303 Questions

HOTSPOT (Drag and Drop is not supported)
You are planning the security levels for a security access strategy.
You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA).
Which security level should you configure for each job role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Specialized security
Securing devices as part of the privileged access story


Box 2: Enterprise security Box 3: Privileged security


Reference:

https://learn.microsoft.com/en-us/security/compass/privileged-access-devices



Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment. You need to recommend the top three modernization areas to prioritize as part of the plan.
Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. data, compliance, and governance
  2. infrastructure and development
  3. user access and productivity
  4. operational technology (OT) and IoT
  5. modern security operations

Answer(s): A,C,E

Explanation:

RaMP initiatives for Zero Trust
To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives.
Critical security modernization initiatives:
(C) User access and productivityExplicitly validate trust for all access requests IdentitiesEndpoints (devices) AppsNetwork(A) Data, compliance, and governanceRansomware recovery readinessData(E) Modernize security operationsStreamline responseUnify visibilityreduce manual effort
Incorrect:
As needed
Additional initiatives based on Operational Technology (OT) or IoT usage, on-premises and cloud adoption, and security for in-house app development:
(not D) OT and Industrial IoT Discover
Protect Monitor
* Datacenter & DevOps Security Security Hygiene
Reduce Legacy Risk DevOps Integration Microsegmentation


Reference:

https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview



HOTSPOT (Drag and Drop is not supported)
For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA).
You need to protect against the following external threats of an attack chain: An attacker attempts to exfiltrate data to external websites.
An attacker attempts lateral movement across domain-joined computers.
What should you include in the recommendation for each threat? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Microsoft Defender for Identity
An attacker attempts to exfiltrate data to external websites.
Exfiltration alerts
Typically, cyberattacks are launched against any accessible entity, such as a low-privileged user, and then quickly move laterally until the attacker gains access to valuable assets. Valuable assets can be sensitive accounts, domain administrators, or highly sensitive data. Microsoft Defender for Identity identifies these advanced threats at the source throughout the entire attack kill chain and classifies them into the following phases:
Reconnaissance Compromised credentials Lateral Movements Domain dominance
Exfiltration
Box 2: Microsoft Defender for Identity
An attacker attempts lateral movement across domain-joined computers.
Microsoft Defender for Identity Lateral Movement Paths (LMPs)
Lateral movement is when an attacker uses non-sensitive accounts to gain access to sensitive accounts throughout your network. Lateral movement is used by attackers to identify and gain access to the sensitive accounts and machines in your network that share stored sign-in credentials in accounts, groups and machines. Once an attacker makes successful lateral moves towards your key targets, the attacker can also take advantage and gain access to your domain controllers. Lateral movement attacks are carried out using many of the methods described in Microsoft Defender for Identity Security Alerts.
A key component of Microsoft Defender for Identity's security insights are Lateral Movement Paths or LMPs. Defender for Identity LMPs are visual guides that help you quickly understand and identify exactly how attackers can move laterally inside your network.


Reference:

https://learn.microsoft.com/en-us/defender-for-identity/exfiltration-alerts



For an Azure deployment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.
You need to recommend a best practice for implementing service accounts for Azure API management. What should you include in the recommendation?

  1. application registrations in Microsoft Entra ID
  2. managed identities in Azure
  3. Azure service principals with usernames and passwords
  4. device registrations in Microsoft Entra ID
  5. Azure service principals with certificate credentials

Answer(s): B

Explanation:

IM-3: Manage application identities securely and automatically Features
Managed Identities
Description: Data plane actions support authentication using managed identities.
Configuration Guidance: Use a Managed Service Identity generated by Microsoft Entra ID to allow your API Management instance to easily and securely access other Microsoft Entra ID-protected resources, such as Azure Key Vault instead of using service principals. Managed identity credentials are fully managed, rotated, and protected by the platform, avoiding hard-coded credentials in source code or configuration files.


Reference:

https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/api-management-security- baseline



Viewing page 8 of 70
Viewing questions 29 - 32 out of 303 questions



Post your Comments and Discuss Microsoft SC-100 exam prep with other Community members:

SC-100 Exam Discussions & Posts