Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

sc-100 > Questions 91-120 > Flashcards

Questions 91-120 Flashcards

1
Q

-CASE 1-
HOTSPOT -
You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
For Azure AD targeted threats:
* Azure AD Identity Protection
* Azure AD Password Protection
* Microsoft Defender for Cloud

For AD DS-targeted threats:
* An account lockout policy in AD DS
* Microsoft Defender for Endpoint
* Microsoft Defender for Identity

A

For Azure AD targeted threats: - Azure AD Identity Protection
For AD DS-targeted threats: - An account lockout policy in AD DS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

-CASE1-
HOTSPOT -
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area
Segment Microsoft Sentinel workspaces by:
* Azure AD tenant
* Enterprise
* Region and Azure AD tenant

Integrate Azure subscriptions by:
* Self-service sign-up user flows for Azure AD B2B
* Self-service sign-up user flows for Azure AD B2C
* The Azure Lighthouse subscription onboarding process

A

Segment Microsoft Sentinel workspaces by: - Region and Azure AD tenant
Integrate Azure subscriptions by: - The Azure Lighthouse subscription onboarding process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

-CASE1-
HOTSPOT -
You need to recommend a multi-tenant and hybrid security solution that meets the business requirements and the hybrid requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
To centralize subscription management:
* Azure AD B2B
* Azure AD B2C
* Azure Lighthouse

To enable the management of on-premise resources:
* Azure Arc
* Azure Stack Edge
* Azure Stack Hub

A

To centralize subscription management: - Azure Lighthouse
To enable the management of on-premise resources: - Azure Arc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

-CASE1-
You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.
What should you configure for each landing zone?

A. an ExpressRoute gateway
B. Microsoft Defender for Cloud
C. an Azure Private DNS zone
D. Azure DDoS Protection Standard
A

C. an Azure Private DNS zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

-CASE1-
HOTSPOT -
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
Evaluate regulatory compliance of cloud resources by assigning:
* Azure Policy definitions to management groups
* Azure Policy initiatives to management groups
* Azure Policy initiatives to subscriptions

Evaluate regulatory compliance of on-premises resources by using:
* Azure Arc
* Group Policy
* PowerShell Desired State Configuration (DSC)

A

Evaluate regulatory compliance of cloud resources by assigning: - Azure Policy initiatives to management groups
Evaluate regulatory compliance of on-premises resources by using: - Azure Arc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

-CASE1-
You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.
What should you recommend as part of the landing zone deployment?

A. local network gateways
B. forced tunneling
C. service chaining
D. a VNet-to-VNet connection
A

C. service chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

-CASE1-
HOTSPOT -
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
For connectivity from App Service web apps to virtual machines, use:
* Private endpoints
* Service endpoints
* Virtual network integration

For connectivity from virtual machines to App Service web apps, use:
* Private endpoints
* Service endpoints
* Virtual network integration

A

For connectivity from App Service web apps to virtual machines, use: - Virtual network integration
For connectivity from virtual machines to App Service web apps, use: - Private endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

-CASE1-
HOTSPOT -
You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
For the delegated management of users and groups, use:
* AD DS organizational units
* Azure AD administrative units
* Custom Azure AD roles

To ensure that you can perform leaked credential detection:
* Enable password has synchronization in the Azure AD Connect deployment
* Enable Security defaults in the Azure AD tenant of Litware
* Replace pass-through authentication with Active Directory Federation Services

A

For the delegated management of users and groups, use: - Azure AD administrative units
To ensure that you can perform leaked credential detection: - Enable password has synchronization in the Azure AD Connect deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

-CASE1-
You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.
Which two services should you leverage in the strategy? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Azure AD Conditional Access
B. access reviews in Azure AD
C. Microsoft Defender for Cloud
D. Microsoft Defender for Cloud Apps
E. Microsoft Defender for Endpoint
A

A. Azure AD Conditional Access
D. Microsoft Defender for Cloud Apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

-CASE1-
To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Security Assertion Markup Language (SAML)
B. NTLMv2
C. certificate-based authentication
D. Kerberos
A

A. Security Assertion Markup Language (SAML)
D. Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.
You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.
What should you include in the recommendation?

A. Set the AllowSharedKeyAccess property to false.
B. Apply read-only locks on the storage accounts.
C. Set the AllowBlobPublicAccess property to false.
D. Configure automated key rotation.
A

B. Apply read-only locks on the storage accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your company has the virtual machine infrastructure shown in the following table.

  • Operation system; Location; Number of virtual machines; Hypervisor
  • Linux; On-premises; 100; VMWare vSphere
  • Windows Server; On-premises; 100; Hyper-V

The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.
You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.
What should you include in the recommendation?

A. Use geo-redundant storage (GRS).
B. Maintain multiple copies of the virtual machines.
C. Encrypt the backups by using customer-managed keys (CMKS).
D. Require PINs to disable backups.
A

D. Require PINs to disable backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are a cloud security administrator and you have been tasked with providing a security solution for an Azure App Service, a web app named web-app0. Web-app0 has the following requirements:
✑ Users will request access to web-app0 through the organization portal and an internal stakeholder will approve.
✑ Authentication for users must be provided by Azure AD.
What would be your recommended approach to enable AD authentication to web-app0?

A. Azure AD application
B. Azure AD application proxy
C. Microsoft Defender 365
D. Application Gateway
A

A. Azure AD application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

HOTSPOT -
You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:
✑ Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
✑ Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
To enable Azure AD authentication for App1, use:
* Azure AD application
* Azure AD Application Proxy
* Azure Application Gateway
* A managed identity in Azure AD
* Microsoft Defender for App

To implement access requests for App1, use:
* An access package in Identity Governance
* An access policy in Microsoft Defender for Cloud Apps
* An access review in Identity Governance
* Azure AD Conditional Access App Control
* An OAuth app policy in Microsoft Defender for Cloud Apps

A

To enable Azure AD authentication for App1, use: - Azure AD application
To implement access requests for App1, use: - An access package in Identity Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company has a hybrid cloud infrastructure that contains an on-premises Active Directory Domain Services (AD DS) forest, a Microsoft 365 subscription, and an Azure subscription.
The company’s on-premises network contains internal web apps that use Kerberos authentication. Currently, the web apps are accessible only from the network.
You have remote users who have personal devices that run Windows 11.
You need to recommend a solution to provide the remote users with the ability to access the web apps. The solution must meet the following requirements:
✑ Prevent the remote users from accessing any other resources on the network.
✑ Support Azure Active Directory (Azure AD) Conditional Access.
✑ Simplify the end-user experience.
What should you include in the recommendation?

A. Azure AD Application Proxy
B. web content filtering in Microsoft Defender for Endpoint
C. Microsoft Tunnel
D. Azure Virtual WAN
A

A. Azure AD Application Proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

-CASE 2-
HOTSPOT -
What should you create in Azure AD to meet the Contoso developer requirements?
Hot Area:

Answer Area
Account type for the developers:
* A guest account in the contoso.onmicrosoft.com tenant
* A guest account in the fabrikam.onmicrosoft.com tenant
* A synced user account in the corp.fabrikam.com domain
* A user account in the fabrikam.onmicrosoft.com tenant

Component in Identity Governance:
* A connected organization
* An access package
* An access review
* An Azure AD role
* An Azure resource role

A

Account type for the developers: - A guest account in the fabrikam.onmicrosoft.com tenant
Component in Identity Governance: - An access review

17
Q

-CASE 2-
You need to recommend a solution to meet the security requirements for the InfraSec group.
What should you use to delegate the access?

A. a subscription
B. a custom role-based access control (RBAC) role
C. a resource group
D. a management group
A

B. a custom role-based access control (RBAC) role

18
Q

-CASE 2-
HOTSPOT -
You need to recommend a solution to meet the AWS requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
For the AWS EC2 instances:
* Azure Blueprints
* Defender for Cloud
* Microsoft defender for Cloud Apps
* Microsoft defender for Servers
* Microsoft Endpoint Manager
* Microsoft Sentinel

For the AWS service logs:
* Azure Blueprints
* Defender for Cloud
* Microsoft defender for Cloud Apps
* Microsoft defender for Servers
* Microsoft Endpoint Manager
* Microsoft Sentinel

A

For the AWS EC2 instances: - Defender for Cloud
For the AWS service logs: - Microsoft Sentinel

19
Q

-CASE 2-
You need to recommend a solution to resolve the virtual machine issue.
What two options should you include in the recommendation?

A. Enable the Qualys scanner in Defender for Cloud.
B. Onboard the virtual machines to Microsoft Defender for Endpoint.
C. Create a device compliance policy in Microsoft Endpoint Manager.
D. Onboard the virtual machines to Azure Arc.
A

A. Enable the Qualys scanner in Defender for Cloud.
B. Onboard the virtual machines to Microsoft Defender for Endpoint.

20
Q

-CASE 2-
You need to recommend a solution to meet the security requirements for the virtual machines.
What should you include in the recommendation?

A. just-in-time (JIT) VM access
B. an Azure Bastion host
C. Azure Virtual Desktop
D. a network security group (NSG)
A

C. Azure Virtual Desktop

21
Q

-CASE 2-
HOTSPOT -
You need to recommend a solution to meet the compliance requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
To enforce compliance to the regulatory standard, create:
* An Azure Automation account
* A Blueprint
* A managed identity
* Workflow automation

To exclude TestRG from the compliance assessment:
* Edit an Azure Blueprint
* Modify a Defender for Cloud workflow automation
* Modify an Azure policy definition
* Update an Azure policy assignment

A

To enforce compliance to the regulatory standard, create: - A Blueprint
To exclude TestRG from the compliance assessment: - Update an Azure policy assignment

22
Q

-CASE 2-
You need to recommend a solution to scan the application code. The solution must meet the application development requirements.
What should you include in the recommendation?

A. GitHub Advanced Security
B. Azure Key Vault
C. Azure DevTest Labs
D. Application Insights in Azure Monitor
A

A. GitHub Advanced Security

23
Q

-CASE 2-
You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.
What should you include in the recommendation?

A. row-level security (RLS)
B. Transparent Data Encryption (TDE)
C. Always Encrypted
D. data classification
E. dynamic data masking
A

C. Always Encrypted

24
Q

-CASE 2-
HOTSPOT -
You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
Statements:
FD1 can be used to protect all the instances of ClaimsApp. - Yes/No
FD1 must be configured to have a certificate for claims.fabrikam.com. - Yes/No
To block connections from North Korea to ClaimsApp, you require a custom rule in FD1. - Yes/No

A

FD1 can be used to protect all the instances of ClaimsApp. - No
FD1 must be configured to have a certificate for claims.fabrikam.com. - Yes
To block connections from North Korea to ClaimsApp, you require a custom rule in FD1. - Yes

25
Q

-CASE 2-
HOTSPOT -
You need to recommend a solution to meet the requirements for connections to ClaimsDB.
What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer Area
ClaimsDB must be accessible only from Azure virtual networks:
* A NAT gateway
* A network security group
* A private endpoint
* A service endpoint

The app services permission for ClaimsApp must be assigned to ClaimsDB:
* A custom role-based access control (RBAC) role
* A managed identity
* An access package
* Azure AD Privileged Identity Management (PIM)

A

ClaimsDB must be accessible only from Azure virtual networks: - A private endpoint
The app services permission for ClaimsApp must be assigned to ClaimsDB: - A managed identity

26
Q

You are a Security Engineer tasked with finding a solution that would help improve personal data protection for the organization.
The Chief Information Officer has identified three areas that this solution should address:
✑ Identifying overexposed personal data
✑ Identifying personal data that is being transferred across regions
✑ Provide users with feedback to reduce the amount of unused data store
Which solution can you use?

A. Microsoft Viva Insights
B. Microsoft Defender for Cloud
C. Privacy Risk Management in Microsoft Priva
D. Microsoft Purview eDiscovery
A

C. Privacy Risk Management in Microsoft Priva

27
Q

Your company is moving a big data solution to Azure.
The company plans to use the following storage workloads:
✑ Azure Storage blob containers
✑ Azure Data Lake Storage Gen2
✑ Azure Storage file shares
✑ Azure Disk Storage
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Azure Storage file shares
B. Azure Disk Storage
C. Azure Storage blob containers
D. Azure Data Lake Storage Gen2
A

C. Azure Storage blob containers
D. Azure Data Lake Storage Gen2

28
Q

Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.
You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.
Which Defender for Identity feature should you include in the recommendation?

A. sensitivity labels
B. custom user tags
C. standalone sensors
D. honeytoken entity tags
A

D. honeytoken entity tags

29
Q

You have 50 Azure subscriptions.
You need to monitor the resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
What are two ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Assign an initiative to a management group.
B. Assign a policy to each subscription.
C. Assign a policy to a management group.
D. Assign an initiative to each subscription.
E. Assign a blueprint to each subscription.
F. Assign a blueprint to a management group.
A

A. Assign an initiative to a management group.
F. Assign a blueprint to a management group.

30
Q

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer’s security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

A. Azure AD Privileged Identity Management (PIM)
B. role-based authorization
C. resource-based authorization
D. Azure AD Multi-Factor Authentication
A

A. Azure AD Privileged Identity Management (PIM)

sc-100 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions