Online Access Free SC-100 Exam Questions

No.# B. Always Encrypted

No.# Privileged Access Workstations (PAWs)

No.# The security requirement this question wants us to meet is "The secure host must be provisioned from a custom operating system image."

D. Azure Virtual Desktop

No.# NO: only 3 controls you can implement for Management Ports =
1.) Internet facing vm's should be protected with NSG's
2.) Management ports should be closed on your vm's
3.) Management ports on VM's should be protected with JIT
Logon to Defender for Cloud and have a look under "General/Recommendations".

No.# 1. Threat Intelligence connector - Allow you to integrate Microsoft Sentinel with third-party security vendors to access information about known threats, such as malware and command-and-control servers.
2. Threat detection rule- Allow you to define conditions that, when met, will automatically generate an incident in Microsoft Sentinel.
https://learn.microsoft.com/en-us/azure/sentinel/partner-integrations
https://learn.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts

No.# Use a Log Analytics workspace for all three types of logs because it:

Can centrally collect all three types of logs (SQL, Security, and App Service)
Supports log retention for 365+ days
Can log all privileged access
Is the most cost-effective option compared to running multiple services
Provides a single pane of glass for all audit logs

No.# Based on the Azure Security Benchmark v3, here are three best practices for identity management:

Use a centralized identity and authentication system:

Standardize on Azure Active Directory (Azure AD) to govern your organization's identity and authentication for both cloud and on-premises resources.
This centralization simplifies management and enhances security by providing a single control point for all identity-related activities.
MICROSOFT LEARN
Protect identity and authentication systems:

Implement strong security measures to safeguard your identity and authentication infrastructure.
This includes restricting privileged roles, enforcing multi-factor authentication (MFA) for all users, and continuously monitoring for suspicious activities.
MICROSOFT LEARN
Manage application identities securely and automatically:

Utilize managed identities for applications instead of human accounts to access resources.
Managed identities help reduce the risk of credential exposure and support automated credential rotation, enhancing security....

No.# Intune supports the listed device OS -- thus Endpoint Manager.

No.# The following are three key steps in DART ransomware investigations:
1. Assess the current situation
2. Identify the affected line-of-business (LOB) apps
3. Determine the compromise recovery (CR) process

No.# Azure AD Application Proxy also supports Azure AD Conditional Access, which allows you to set policies that determine when and how users can access your applications. This can help you ensure that only authorized users are able to access the web apps, and that their access is secure. Additionally, Azure AD Application Proxy simplifies the end-user experience by providing a single sign-on (SSO) experience for the users, which can reduce the need for them to remember multiple usernames and passwords.

No.# Azure Active Directory's Application Proxy provides secure remote access to on-premises web applications. After a single sign-on to Azure AD, users can access both cloud and on-premises applications through an external URL or an internal application portal. For example, Application Proxy can provide remote access and single sign-on to Remote Desktop, SharePoint, Teams, Tableau, Qlik, and line of business (LOB) applications.

No.# A. data classification content explorer
This recommendation is appropriate because:
The company has a Microsoft 365 E5 subscription, which includes access to advanced compliance features like Content Explorer2.
Content Explorer is specifically designed to review classification results and identify sensitive data across Microsoft 365 services, including Teams, SharePoint Online, and Exchange Online2.
It allows users with appropriate permissions to see each item containing sensitive information and its location2.
Content Explorer provides a comprehensive view of classified data, showing the number of items classified as sensitive information types and their classifications3.
This tool is part of the Microsoft Purview (formerly Microsoft 365 Compliance) suite, which is the core tool for Microsoft data classification13.
Using the data classification content explorer will enable the company to effectively identify and review documents containing sensitive information across their Microsoft 365 environment....

No.# It has to be disabled since deny will send the compliance report as non-complaint.

No.# The requirement is to identify EC2 instances which are noncompliant with secure score recommendations. Secure Score = Defender for Cloud.
Microsoft Sentinel
https://learn.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3

No.# Since VNet1-VNet2 form one peered group and VNet3-VNet4 form another peered group, you need two Azure Bastion deployments—one in VNet1 or VNet2, and another in VNet3 or VNet4.

Correct Answer: B. 2

Testing engine is a gem. I passed the SC-100 exam in the first attempt using the pdf file at freecram. Highly suggested.