Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Microsoft SC-100 - Microsoft Cybersecurity Architect

Microsoft SC-100 Premium Access     Download Demo    
Page: 1 / 5
Total 215 questions

You are designing a ransomware response plan that follows Microsoft Security Best Practices-

You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.

What should you include in the recommendations?

A.

Privileged Access Workstations (PAWs)

B.

emergency access accounts

C.

device compliance policies

D.

Customer Lockbox for Microsoft Azure

For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management. What should you include in the recommendation?

A.

device registrations in Azure AD

B.

application registrations m Azure AD

C.

Azure service principals with certificate credentials

D.

Azure service principals with usernames and passwords

E.

managed identities in Azure

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening.

Does this meet the goal?

A.

Yes

B.

No

You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.

You need to recommend a solution to secure the components of the copy process.

What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

A.

app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

B.

adaptive application controls in Defender for Cloud

C.

Azure Security Benchmark compliance controls m Defender for Cloud

D.

app protection policies in Microsoft Endpoint Manager

Your company has a Microsoft 365 E5 subscription.

The company wants to identify and classify data in Microsoft Teams, SharePoint Online, and Exchange Online.

You need to recommend a solution to identify documents that contain sensitive information.

What should you include in the recommendation?

A.

data classification content explorer

B.

data loss prevention (DLP)

C.

eDiscovery

D.

Information Governance

Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled.

You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.

You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.

You need to recommend an Azure AD identity Governance solution that meets the following requirements:

• Project managers must verify that their project group contains only the current members of their project team

• The members of each project team must only have access to the resources of the project to which they are assigned

• Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.

• Administrative effort must be minimized.

What should you include in the recommendation? To answer select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have Microsoft Defender for Cloud assigned to Azure management groups.

You have a Microsoft Sentinel deployment.

During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

workload protections in Defender for Cloud

B.

threat intelligence reports in Defender for Cloud

C.

Microsoft Sentinel notebooks

D.

Microsoft Sentinel threat intelligence workbooks

You have an operational model based on the Microsoft Cloud Adoption framework for Azure.

You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, database, files, and storage accounts.

What should you include in the recommendation?

A.

security baselines in the Microsoft Cloud Security Benchmark

B.

modern access control

C.

business resilience

D.

network isolation

For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.

What are three best practices for identity management based on the Azure Security Benchmark? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

Manage application identities securely and automatically.

B.

Manage the lifecycle of identities and entitlements

C.

Protect identity and authentication systems.

D.

Enable threat detection for identity and access management.

E.

Use a centralized identity and authentication system.