Abreast Of The Times Microsoft Cybersecurity Architect SC-100 Test Preparation

NEW QUESTION 1

You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?

• A. Storage account public access should be disallowed
• B. Azure Key Vault Managed HSM should have purge protection enabled
• C. Storage accounts should prevent shared key access
• D. Storage account keys should not be expired

Answer: A

NEW QUESTION 2

What should you create in Azure AD to meet the Contoso developer requirements?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3

Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements-.
• Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
• Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

You have Windows 11 devices and Microsoft 365 E5 licenses.
You need to recommend a solution to prevent users from accessing websites that contain adult content such as
gambling sites. What should you include in the recommendation?

• A. Microsoft Endpoint Manager
• B. Compliance Manager
• C. Microsoft Defender for Cloud Apps
• D. Microsoft Defender for Endpoint

Answer: D

NEW QUESTION 5

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server.
The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription.
Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server.
You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency tor developers.
Which three actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.
• B. Implement Azure Firewall to restrict host pool outbound access.
• C. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations.
• D. Migrate from the Remote Desktop server to Azure Virtual Desktop.
• E. Deploy a Remote Desktop server to an Azure region located in France.

Answer: BDE

NEW QUESTION 8

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?

• A. Enhanced Security Admin Environment (ESAE)
• B. Microsoft Security Development Lifecycle (SDL)
• C. Rapid Modernization Plan (RaMP)
• D. Microsoft Operational Security Assurance (OSA)

Answer: A

NEW QUESTION 9

You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?

• A. Add Microsoft Sentinel data connectors.
• B. Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.
• C. Enable the Defender plan for all resource types in Microsoft Defender for Cloud.
• D. Obtain Azure Active Directory Premium Plan 2 licenses.

Answer: A

NEW QUESTION 10

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 11

You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive data. What should you include in the recommendation?

• A. Microsoft Defender for Cloud Apps
• B. insider risk management
• C. Microsoft Information Protection
• D. Azure Purview

Answer: A

NEW QUESTION 12

You have a customer that has a Microsoft 365 subscription and an Azure subscription.
The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.
You need to design a security solution to assess whether all the devices meet the customer's compliance rules. What should you include in the solution?

• A. Microsoft Information Protection
• B. Microsoft Defender for Endpoint
• C. Microsoft Sentinel
• D. Microsoft Endpoint Manager

Answer: D

NEW QUESTION 13

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 14

Your company has an office in Seattle.
The company has two Azure virtual machine scale sets hosted on different virtual networks. The company plans to contract developers in India.
You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:
• Prevent exposing the public IP addresses of the virtual machines.
• Provide the ability to connect without using a VPN.
• Minimize costs.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Deploy Azure Bastion to one virtual network.
• B. Deploy Azure Bastion to each virtual network.
• C. Enable just-in-time VM access on the virtual machines.
• D. Create a hub and spoke network by using virtual network peering.
• E. Create NAT rules and network rules in Azure Firewall.

Answer: DE

NEW QUESTION 15

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.
You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.
What should you include in the recommendation?

• A. Apply read-only locks on the storage accounts.
• B. Set the AllowSharcdKeyAccess property to false.
• C. Set the AllowBlobPublicAcccss property to false.
• D. Configure automated key rotation.

Answer: A

NEW QUESTION 16
......