Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

sc-100 > Questions 61-90 > Flashcards

Questions 61-90 Flashcards

1
Q

Your company has devices that run either Windows 10, Windows 11, or Windows Server.
You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?

A. Microsoft Intune
B. Local Group Policy Object (LGPO)
C. Windows Autopilot
D. Policy Analyzer
A

D. Policy Analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

A. Azure Active Directory (Azure AD) Conditional Access App Control policies
B. OAuth app policies in Microsoft Defender for Cloud Apps
C. app protection policies in Microsoft Endpoint Manager
D. application control policies in Microsoft Defender for Endpoint
A

D. application control policies in Microsoft Defender for Endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company’s on-premises network.
The company’s security policy prevents the use of personal devices for accessing company data and applications.
You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.
What should you include in the recommendation?

A. Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.
B. Redesign the VPN infrastructure by adopting a split tunnel configuration.
C. Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.
D. Migrate the on-premises applications to cloud-based applications.
A

A. Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company has a Microsoft 365 E5 subscription.
The Chief Compliance Officer plans to enhance privacy management in the working environment.
You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:
✑ Identify unused personal data and empower users to make smart data handling decisions.
✑ Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.
✑ Provide users with recommendations to mitigate privacy risks.
What should you include in the recommendation?

A. communication compliance in insider risk management
B. Microsoft Viva Insights
C. Privacy Risk Management in Microsoft Priva
D. Advanced eDiscovery
A

C. Privacy Risk Management in Microsoft Priva

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HOTSPOT -
You have a Microsoft 365 E5 subscription and an Azure subscription.
You need to evaluate the existing environment to increase the overall security posture for the following components:
✑ Windows 11 devices managed by Microsoft Intune
✑ Azure Storage accounts
✑ Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area:
Windows 11 devices:
* Microsoft 365 compliance center
* Microsoft 365 Defender
* Microsoft Defender for Cloud
* Microsoft Sentinel

Azure virtual machines:
* Microsoft 365 compliance center
* Microsoft 365 Defender
* Microsoft Defender for Cloud
* Microsoft Sentinel

Azure Storage accounts:
* Microsoft 365 compliance center
* Microsoft 365 Defender
* Microsoft Defender for Cloud
* Microsoft Sentinel

A

Windows 11 devices: Microsoft 365 Defender
Azure virtual machines: Microsoft Defender for Cloud
Azure Storage accounts: Microsoft Defender for Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DRAG DROP -
You have a Microsoft 365 subscription.
You need to recommend a security solution to monitor the following activities:
✑ User accounts that were potentially compromised
✑ Users performing bulk file downloads from Microsoft SharePoint Online
What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Components:
* A data loss prevention (DLP) policy
* Azure Active Directory (Azure AD) Conditional Access
* Azure Active Directory (Azure AD) Identity protection
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps

Answer Area:
User accounts that were potentially compromised: ??????????
Users performing bulk file downloads from SharePoint Online: ??????????

A

User accounts that were potentially compromised: Azure Active Directory (Azure AD) Identity protection
Users performing bulk file downloads from SharePoint Online: Microsoft Defender for Cloud Apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

A. adaptive application controls in Defender for Cloud
B. app protection policies in Microsoft Endpoint Manager
C. app discovery anomaly detection policies in Microsoft Defender for Cloud Apps
D. Azure Security Benchmark compliance controls in Defender for Cloud
A

A. adaptive application controls in Defender for Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions.
You are evaluating the security posture of the customer.
You discover that the AKS resources are excluded from the secure score recommendations.
You need to produce accurate recommendations and update the secure score.
Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Enable Defender plans.
B. Configure auto provisioning.
C. Add a workflow automation.
D. Assign regulatory compliance policies.
E. Review the inventory.
A

A. Enable Defender plans.
B. Configure auto provisioning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company is exploring migrating data into Azure. They would like to have a central authentication solution when accessing the data. They have chosen Azure Active Directory.
Which two storage types natively support Active Directory authentication?

A. Azure Data Box
B. Azure Data Lake Storage Gen2
C. Azure File Share
D. Azure Storage blob containers
A

B. Azure Data Lake Storage Gen2
D. Azure Storage blob containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company has Microsoft 365 E5 licenses and Azure subscriptions.
The company plans to automatically label sensitive data stored in the following locations:
✑ Microsoft SharePoint Online
✑ Microsoft Exchange Online
✑ Microsoft Teams
You need to recommend a strategy to identify and protect sensitive data.
Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Scopes:
* Files and emails
* Groups and sites
* Schematized data assets

Answer Area:
SharePoint Online: ??????????
Microsoft Teams: ??????????
Exchange Online: ??????????

A

SharePoint Online: Groups and sites
Microsoft Teams: Groups and sites
Exchange Online: Files and emails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company has a Microsoft 365 E5 subscription.
The company plans to deploy 45 mobile self-service kiosks that will run Windows 10.
You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:
✑ Ensure that only authorized applications can run on the kiosks.
✑ Regularly harden the kiosks against new threats.
Which two actions should you include in the recommendations? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Implement Automated investigation and Remediation (AIR) in Microsoft Defender for Endpoint.
B. Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.
C. Implement threat and vulnerability management in Microsoft Defender for Endpoint.
D. Onboard the kiosks to Azure Monitor.
E. Implement Privileged Access Workstation (PAW) for the kiosks.
A

B. Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.
E. Implement Privileged Access Workstation (PAW) for the kiosks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have a Microsoft 365 E5 subscription.
You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.
You need to recommend a solution to prevent Personally Identifiable Information (PII) from being shared.
Which two components should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. data loss prevention (DLP) policies
B. retention label policies
C. eDiscovery cases
D. sensitivity label policies
A

A. data loss prevention (DLP) policies
D. sensitivity label policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating.
The company identifies protected health information (PHI) within stored documents and communications.
What should you recommend using to prevent the PHI from being shared outside the company?

A. sensitivity label policies
B. data loss prevention (DLP) policies
C. insider risk management policies
D. retention policies
A

B. data loss prevention (DLP) policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Azure AD workbooks to monitor risk detections
B. Azure AD Conditional Access integration with user flows and custom policies
C. smart account lockout in Azure AD B2C
D. access packages in Identity Governance
E. custom resource owner password credentials (ROPC) flows in Azure AD B2C
A

B. Azure AD Conditional Access integration with user flows and custom policies
C. smart account lockout in Azure AD B2C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD).
You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications.
What should you include in the recommendation?

A. activity policies in Microsoft Defender for Cloud Apps
B. sign-in risk policies in Azure AD Identity Protection
C. Azure AD Conditional Access policies
D. device compliance policies in Microsoft Endpoint Manager
E. user risk policies in Azure AD Identity Protection
A

C. Azure AD Conditional Access policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have a customer that has a Microsoft 365 subscription and an Azure subscription.
The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.
You need to design a security solution to assess whether all the devices meet the customer’s compliance rules.
What should you include in the solution?

A. Microsoft Defender for Endpoint
B. Microsoft Endpoint Manager
C. Microsoft Information Protection
D. Microsoft Sentinel
A

B. Microsoft Endpoint Manager

17
Q

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance.
What should you do first?

A. From Defender for Cloud, review the secure score recommendations.
B. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.
C. From Defender for Cloud, review the Azure security baseline for audit report.
D. From Defender for Cloud, add a regulatory compliance standard.
A

D. From Defender for Cloud, add a regulatory compliance standard.

18
Q

You have Windows 11 devices and Microsoft 365 E5 licenses.
You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites.
What should you include in the recommendation?

A. Compliance Manager
B. Microsoft Defender for Cloud Apps
C. Microsoft Endpoint Manager
D. Microsoft Defender for Endpoint
A

D. Microsoft Defender for Endpoint

19
Q

You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive data.
What should you include in the recommendation?

A. Microsoft Defender for Cloud Apps
B. Microsoft Purview Information Protection
C. insider risk management
D. Azure Purview
A

B. Microsoft Purview Information Protection

20
Q

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service.
You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?

A. Azure Active Directory (Azure AD) B2C
B. Azure Active Directory Domain Services (Azure AD DS)
C. Azure Active Directory (Azure AD)
D. Active Directory Domain Services (AD DS)
A

B. Azure Active Directory Domain Services (Azure AD DS)

21
Q

HOTSPOT -
Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII).
The company plans to use Microsoft Information Protection for the PII data store in Azure.
You need to recommend a solution to discover PII data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
To connect the Azure data sources to Microsoft Information Protection:
* Azure Purview
* Endpoint data loss prevention
* Microsoft Defender for Cloud Apps
* Microsoft Information Protection

To triage security alerts related to resources that contain PII data:
* Azure Monitor
* Endpoint data loss prevention
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps

A

To connect the Azure data sources to Microsoft Information Protection: - Azure Purview
To triage security alerts related to resources that contain PII data: - Microsoft Defender for Cloud

22
Q

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

–>Key ^Vault<–
Other services and clients–>Patient API in API Management–>Patient API–>Audit API
–>Mongo API on Azure Cosmos DB<–

You need to recommend a solution to isolate the compute components on an Azure virtual network.
What should you include in the recommendation?

A. Azure Active Directory (Azure AD) enterprise applications
B. an Azure App Service Environment (ASE)
C. Azure service endpoints
D. an Azure Active Directory (Azure AD) application proxy
A

B. an Azure App Service Environment (ASE)

23
Q

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

Microsoft Defender for Cloud
Azure Security Benchmark V3

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows.
Which compliance control should you evaluate?

A. Asset Management
B. Posture and Vulnerability Management
C. Data Protection
D. Endpoint Security
E. Incident Response
A

D. Endpoint Security

24
Q

HOTSPOT -
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation.
You need to recommend a security posture management solution for the following components:
✑ Azure IoT Edge devices
✑ AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
For the IoT Edge devices:
* Azure Arc
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps
* Microsoft Defender for Endpoint
* Microsoft Defender for IoT

For the AWS EC2 instances:
* Azure Arc only
* Microsoft Defender for Cloud and Azure Arc
* Microsoft Defender for Cloud Apps only
* Microsoft Defender for Cloud only
* Microsoft Defender for Endpoint and Azure Arc
* Microsoft Defender for Endpoint only

A

For the IoT Edge devices: - Microsoft Defender for IoT
For the AWS EC2 instances: - Microsoft Defender for Cloud and Azure Arc

25
Q

HOTSPOT -
You open Microsoft Defender for Cloud as shown in the following exhibit.

Home>Microsoft Defender for Cloud>
Recommendations

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
To increase the score for the Restrict unauthorized network access control, implement ??????????
* Azure Active Directory (Azure AD) Conditional Access policies
* Azure Web Application Firewall (WAF)
* network security groups (NSGs)

To increase the score for the Enable endpoint protection control, implement ??????????
* Microsoft Defender for Resource Manager
* Microsoft Defender for Servers
* private endpoints

A

To increase the score for the Restrict unauthorized network access control, implement - network security groups (NSGs)
To increase the score for the Enable endpoint protection control, implement - Microsoft Defender for Servers

26
Q

You are a cloud security Engineer and you recently Enabled Microsoft Defender for Cloud on your Azure subscription. You would like to remedy minor security alerts automatically.
Which solution can you use to evaluate and apply remedial action via workflow automation?
The solution should require the least amount of effort.

A. Azure Workbooks
B. Azure Event Hubs
C. Azure Function Apps
D. Azure Logic Apps
A

D. Azure Logic Apps

27
Q

Your company has on-premises Microsoft SQL Server databases.
The company plans to move the databases to Azure.
You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.
What should you include in the recommendation?

A. Azure SQL Managed Instance
B. Azure Synapse Analytics dedicated SQL pools
C. Azure SQL Database
D. SQL Server on Azure Virtual Machines
A

C. Azure SQL Database
-OR-
A. Azure SQL Managed Instance

28
Q

Your company has a Microsoft 365 E5 subscription.
The company wants to identify and classify data in Microsoft Teams, SharePoint Online, and Exchange Online.
You need to recommend a solution to identify documents that contain sensitive information.
What should you include in the recommendation?

A. data classification content explorer
B. data loss prevention (DLP)
C. eDiscovery
D. Information Governance
A

A. data classification content explorer

29
Q

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription.
The company uses the following devices:
✑ Computers that run either Windows 10 or Windows 11
✑ Tablets and phones that run either Android or iOS
You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored.
What should you include in the recommendation?

A. eDiscovery
B. Microsoft Information Protection
C. Compliance Manager
D. retention policies
A

B. Microsoft Information Protection

30
Q

Your company is developing a modern application that will run as an Azure App Service web app.
You plan to perform threat modeling to identity potential security issues by using the Microsoft Threat Modeling Tool.
Which type of diagram should you create?

A. system flow
B. data flow
C. process flow
D. network flow
A

B. data flow

sc-100 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions