You have Microsoft Defender for Cloud assigned to Azure management groups.
You have a Microsoft Sentinel deployment.
During the triage of alerts, you require additional information about the security events, including suggestions for remediation.
Which two components can you use to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Microsoft Sentinel threat intelligence workbooksYour company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure.
You need to perform threat modeling by using a top-down approach based on the Microsoft Cloud Adoption Framework for Azure.
What should you use to start the threat modeling process?
A. the STRIDE modelHOTSPOT
You have a Microsoft 365 E5 subscription
You plan to implement Microsoft Priva Subject Rights Requests for Microsoft 365 data. You need to streamline the creation and processing of subject rights requests. The solution must minimize development effort.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains 500 Windows 11 devices.
You have a Microsoft 365 subscription and an Azure subscription.
You have a Microsoft Entra tenant that syncs with the domain and is linked to the subscriptions. The devices are Microsoft Entra hybrid joined.
You plan to deploy a solution to mitigate attacks against privileged accounts. The solution will include Microsoft Sentinel rules that will detect attempts to use fake cached credentials.
You need to recommend a solution to create the fake cached credentials on client computers.
What should you recommend?
A. User and Entity Behavior Analytics (UEBA) in Microsoft SentinelHOTSPOT
You have a Microsoft Entra tenant named contoso.com. You have 30 Azure subscriptions that are linked to contoso.com.
The tenant contains the management groups shown in the following table.

You need to design a governance solution to manage access to all the Azure Storage accounts across the subscriptions. The solution must meet the following requirements:
1. Use custom role-based access control (RBAC) to provide granular access to control plane and data plane operations.
2. Minimize administrative effort.
At which scope should you assign the roles, and what is the minimum number of assignments per role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.
Developers use Azure DevOps to deploy web apps to App Service Environments. When a new app is deployed, a CNAME record for the app is registered in contoso.com.
You need to recommend a solution to secure the DNS record for each web app. The solution must meet the following requirements:
1. Ensure that when an app is deleted, the CNAME record for the app is removed also.
2. Minimize administrative effort.
What should you include in the recommendation?
A. Microsoft Defender for Cloud AppsYour company has a main office and a branch office.
1. The main office houses 20 on-premises servers running Windows Server, which host applications published via Microsoft Entra application proxy.
2. The main office also has 500 on-premises computers running Windows
11. In contrast, the branch office has 100 on-premises Windows 11 computers.
3. All computers in the main office are enrolled in Microsoft Intune, while the branch office computers are not.
4. Your company holds a Microsoft 365 E5 subscription and has a Microsoft Entra tenant.
5. A third-party Software as a Service (SaaS) application is registered within the Microsoft Entra tenant.
6. You plan to implement Global Secure Access and are considering the use of compliant network checks and Conditional Access policies.
You need to determine which two scenarios are supported by compliant network check.
Which two scenarios are supported by compliant network check?
A. connections to the third-party SaaS appHOTSPOT
You have a Microsoft 365 subscription.
You configure Microsoft Purview Information Protection to apply sensitivity labels automatically.
You need to recommend a solution that will prevent users from uploading unlabeled files to Microsoft SharePoint Online if the files contain content defined by Microsoft Purview classifiers as sensitive.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices. You need to implement a solution that meets the following requirements:
Allows user access to SaaS apps that Microsoft has identified as low risk.
Blocks user access to Saas apps that Microsoft has identified as high risk.
Solution: From Microsoft Defender for Cloud Apps, you configure SaaS security posture management (SSPM) and create an access policy.
Does this meet the goal?
A. YesYour company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance.
What should you do first?
A. From Azure Policy, assign a built-in initiative that has a scope of the subscription.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.