Your company wants to optimize using Microsoft Defender for Endpoint to protect its resources against ransomware based on Microsoft Security Best Practices.
You need to prepare a post-breach response plan for compromised computers based on the Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices.
What should you include in the response plan?
A. controlled folder access
B. application isolation
C. memory scanning
D. machine isolation
E. user isolation
You have an operational model based on the Microsoft Cloud Adoption Framework for Azure.
You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, databases, files, and storage accounts.
What should you include in the recommendation?
A. business resilience
B. modem access control
C. network isolation
D. security baselines in the Microsoft Cloud Security Benchmark
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
A. Azure Monitor webhooks
B. Azure Logics Apps
C. Azure Event Hubs
D. Azure Functions apps
You have an Azure subscription.
You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.
Developers use Azure DevOps to deploy web apps to App Service Environments. When a new app is deployed, a CNAME record for the app is registered in contoso.com.
You need to recommend a solution to secure the DNS record for each web app. The solution must meet the following requirements:
•
Ensure that when an app is deleted, the CNAME record for the app is removed also.
•
Minimize administrative effort.
What should you include in the recommendation?
A.
Microsoft Defender for Cloud Apps
B.
Microsoft Defender for DevOps
C.
Microsoft Defender for App Service
D.
Microsoft Defender for DNS
You have a Microsoft 365 tenant.
Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant.
You need to design a security strategy to meet the following requirements:
•
Users must be able to request access to App1 by using a self-service request.
•
When users request access to App1, they must be prompted to provide additional information about their request.
•
Every three months, managers must verify that the users still require access to App1. What should you include in the design?
A.
Microsoft Entra Identity Governance
B.
connected apps in Microsoft Defender for Cloud Apps
C.
access policies in Microsoft Defender for Cloud Apps
D.
Azure AD Application Proxy
You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AD credentials.
You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials.
What should you include in the recommendation?
A. Azure AD Application Proxy
B. Azure AD B2C
C. an Azure AD enterprise application
D. a relying party trust in Active Directory Federation Services (AD FS)
You have an Azure subscription that contains a Microsoft Sentinel workspace.
Your on-premises network contains firewalls that support forwarding event logs in the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls.
You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.
What should you include in the recommendation?
A. an Azure logic app
B. an on-premises Syslog server
C. an on-premises data gateway
D. Azure Data Factory
You are designing a security operations strategy based on the Zero Trust framework.
You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.
What should you do?
A. Enable built-in compliance policies in Azure Policy.
B. Enable self-healing in Microsoft 365 Defender.
C. Automate data classification.
D. Create hunting queries in Microsoft 365 Defender.
You have the following on-premises servers that run Windows Server:
Two domain controllers in an Active Directory Domain Services (AD DS) domain
Two application servers named Server1 and Server2 that run ASP.NET web apps
A VPN server named Served that authenticates by using RADIUS and AD DS
End users use a VPN to access the web apps over the internet.
You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference
Architectures (MCRA).
What should you include in the recommendation?
A. Publish the web apps by using Azure AD Application Proxy.
B. Configure the VPN to use Azure AD authentication.
C. Configure connectors and rules in Microsoft Defender for Cloud Apps.
D. Configure web protection in Microsoft Defender for Endpoint.
You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.
You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.
What should you recommend?
A. The nodes must restart after the updates are applied.
B. The updates must first be applied to the image used to provision the nodes.
C. The AKS cluster version must be upgraded.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.