This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ] Export date:Sat Apr 5 6:11:04 2025 / +0000 GMT ___________________________________________________ Title: [Q22-Q41] Positive Aspects of ValidExamDumps SC-100 Exam Dumps! [May-2023] --------------------------------------------------- Positive Aspects of Valid Dumps SC-100 Exam Dumps! [May-2023] First Attempt Guaranteed Success in SC-100 Exam 2023 Prerequisites for Microsoft SC-100 Certification Exam Microsoft Cybersecurity Architect certification exam is an entry level exam. The main purpose of this exam is to ensure the candidate is familiar with the basic concepts of cybersecurity and can be a part of a team that works on securing the systems from attacks. The following are some points to consider before you take Microsoft SC-100 exam: Have good knowledge of Windows Server OS and Windows Client OS.Have at least 2 - 3 years experience in IT security, cyber defense or information assurance field.Knowledge of cloud technologies like Azure, AWS etc.Knowledge of network infrastructure such as firewalls, switches, routers and load balancers. The need for Microsoft SC-100 Certification Exam study material The need for Microsoft SC-100 Certification Exam study material has increased a lot in the IT industry. This is because there are many people who are looking for jobs in this field and they want to get certified. The demand for qualified professionals is increasing day by day, and this is why more and more people are looking for ways to get certified. If you want to be successful in your career, then you should take this certification exam. The recommend devices issues conditional statement tests whether a device is present or not. ValidBraindumps offer SC-100 dump which help you to prepare for the exam easily without having to spend too much money. By taking this test, you will be able to prove that you have adequate knowledge of cybersecurity architecture. This can help you reach your career goals easily because employers will know that they can trust you with their work. Even if you are already working as a cyber security architect, it is important that you take this test because there may be some things which you don't know about it yet. Your employer might also ask that you take the test so that they can assess whether or not they should promote you or not. The best part about taking this test is that there are many companies which provide training material for it online. The Microsoft SC-100 exam covers a wide range of cybersecurity topics, including threat management, identity and access management, security management, and data and application protection. Candidates will be required to demonstrate their knowledge and skills in these areas through a combination of multiple-choice questions, case studies, and scenarios. Upon passing the SC-100 exam, candidates will demonstrate their proficiency in implementing and managing security solutions in Microsoft environments, which can lead to new career opportunities and higher salaries.   Q22. You have a Microsoft 365 E5 subscription.You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared.Which two components should you include in the recommendation? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  data loss prevention (DLP) policies  sensitivity label policies  retention label policies  eDiscovery cases Data loss prevention in Office 365. Data loss prevention (DLP) helps you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization’s data without hindering the productivity of users and their ability to collaborate. Plan for integration into a broader information protection scheme. On top of coexistence with OME, sensitivity labels can be used along-side capabilities like Microsoft Purview Data Loss Prevention (DLP) and Microsoft Defender for Cloud Apps.https://motionwave.com.au/keeping-your-confidential-data-secure-with-microsoft-office-365/ https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-protect-information?view=o365-worldwide#sensitivity-labelsQ23. You need to recommend a solution to meet the requirements for connections to ClaimsDB.What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Q24. You need to recommend a solution to meet the security requirements for the virtual machines. What should you include in the recommendation?  an Azure Bastion host  a network security group (NSG)  just-in-time (JIT) VM access  Azure Virtual Desktop Q25. You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.You need to recommend a solution to secure the components of the copy process.What should you include in the recommendation for each component? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point. Q26. Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point. Q27. Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices:* Computers that run either Windows 10 or Windows 11* Tablets and phones that run either Android or iOSYou need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?  eDiscovery  retention policies  Compliance Manager  Microsoft Information Protection https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protectionhttps://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwideQ28. You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.Solution: You recommend access restrictions that allow traffic from the Front Door service tags.Does this meet the goal?  Yes  No https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#restrict-access-to-a-specific-azure-front-door-instanceQ29. You need to recommend a solution to meet the AWS requirements.What should you include in the recommendation? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Topic 1, Litware, inc. Case Study 2OverviewLitware, inc. is a financial services company that has main offices in New York and San Francisco. litware has30 branch offices and remote employees across the United States. The remote employees connect to the main offices by using a VPN.Litware has grown significantly during the last two years due to mergers and acquisitions. The acquisitions include several companies based in France.Existing EnvironmentLitware has an Azure Active Directory (Azure AD) tenant that syncs with an Active Directory Domain Services (AD D%) forest named Utvvare.com and is linked to 20 Azure subscriptions. Azure AD Connect is used to implement pass-through authentication. Password hash synchronization is disabled, and password writeback is enabled. All Litware users have Microsoft 365 E5 licenses.The environment also includes several AD DS forests, Azure AD tenants, and hundreds of Azure subscriptions that belong to the subsidiaries of Litware.Planned ChangesLitware plans to implement the following changes:* Create a management group hierarchy for each Azure AD tenant.* Design a landing zone strategy to refactor the existing Azure environment of Litware and deploy all future Azure workloads.* Implement Azure AD Application Proxy to provide secure access to internal applications that are currently accessed by using the VPN.Business RequirementsLitware identifies the following business requirements:* Minimize any additional on-premises infrastructure.* Minimize the operational costs associated with administrative overhead.Hybrid RequirementsLitware identifies the following hybrid cloud requirements:* Enable the management of on-premises resources from Azure, including the following:*Use Azure Policy for enforcement and compliance evaluation.* Provide change tracking and asset inventory.* Implement patch management.* Provide centralized, cross-tenant subscription management without the overhead of maintaining guest accounts.Microsoft Sentinel RequirementsLitware plans to leverage the security information and event management (SIEM) and security orchestration automated response (SOAK) capabilities of Microsoft Sentinel. The company wants to centralize Security Operations Center (SOQ by using Microsoft Sentinel.Identity RequirementsLitware identifies the following identity requirements:* Detect brute force attacks that directly target AD DS user accounts.* Implement leaked credential detection in the Azure AD tenant of Litware.* Prevent AD DS user accounts from being locked out by brute force attacks that target Azure AD user accounts.* Implement delegated management of users and groups in the Azure AD tenant of Litware, including support for.* The management of group properties, membership, and licensing* The management of user properties, passwords, and licensing* The delegation of user management based on business units.Regulatory Compliance RequirementsLitware identifies the following regulatory compliance requirements:* insure data residency compliance when collecting logs, telemetry, and data owned by each United States- and France-based subsidiary.* Leverage built-in Azure Policy definitions to evaluate regulatory compliance across the entire managed environment.* Use the principle of least privilege.Azure Landing Zone RequirementsLitware identifies the following landing zone requirements:* Route all internet-bound traffic from landing zones through Azure Firewall in a dedicated Azure subscription.* Provide a secure score scoped to the landing zone.* Ensure that the Azure virtual machines in each landing zone communicate with Azure App Service web apps in the same zone over the Microsoft backbone network, rather than over public endpoints.* Minimize the possibility of data exfiltration.* Maximize network bandwidth.The landing zone architecture will include the dedicated subscription, which will serve as the hub for internet and hybrid connectivity. Each landing zone will have the following characteristics:* Be created in a dedicated subscription.* Use a DNS namespace of litware.com.Application Security RequirementsLitware identifies the following application security requirements:* Identify internal applications that will support single sign-on (SSO) by using Azure AD Application Proxy.* Monitor and control access to Microsoft SharePoint Online and Exchange Online data in real time.Q30. Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend creating private endpoints for the web app and the database layer. Does this meet the goal?  Yes  No Q31. You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:* Windows 11 devices managed by Microsoft Intune* Azure Storage accounts* Azure virtual machinesWhat should you use to evaluate the components? To answer, select the appropriate options in the answer area. Q32. You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance. You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID.Does this meet the goal?  Yes  No Explanationhttps://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backendQ33. Your company is developing a new Azure App Service web app. You are providing design assistance to verify the security of the web app.You need to recommend a solution to test the web app for vulnerabilities such as insecure server configurations, cross-site scripting (XSS), and SQL injection.What should you include in the recommendation?  dynamic application security testing (DAST)  runtime application se/f-protection (RASP)  interactive application security testing (IAST)  static application security testing (SAST) Q34. You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point. Q35. Your company has Microsoft 365 E5 licenses and Azure subscriptions.The company plans to automatically label sensitive data stored in the following locations:* Microsoft SharePoint Online* Microsoft Exchange Online* Microsoft TeamsYou need to recommend a strategy to identify and protect sensitive data.Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Topic 1, Litware, inc.Existing EnvironmentLitware has an Azure Active Directory (Azure AD) tenant that syncs with an Active Directory Domain Services (AD D%) forest named Utvvare.com and is linked to 20 Azure subscriptions. Azure AD Connect is used to implement pass-through authentication. Password hash synchronization is disabled, and password writeback is enabled. All Litware users have Microsoft 365 E5 licenses.The environment also includes several AD DS forests, Azure AD tenants, and hundreds of Azure subscriptions that belong to the subsidiaries of Litware.Planned ChangesLitware plans to implement the following changes:* Create a management group hierarchy for each Azure AD tenant.* Design a landing zone strategy to refactor the existing Azure environment of Litware and deploy all future Azure workloads.* Implement Azure AD Application Proxy to provide secure access to internal applications that are currently accessed by using the VPN.Business RequirementsLitware identifies the following business requirements:* Minimize any additional on-premises infrastructure.* Minimize the operational costs associated with administrative overhead.Hybrid RequirementsLitware identifies the following hybrid cloud requirements:* Enable the management of on-premises resources from Azure, including the following:* Use Azure Policy for enforcement and compliance evaluation.* Provide change tracking and asset inventory.* Implement patch management.* Provide centralized, cross-tenant subscription management without the overhead of maintaining guest accounts.Microsoft Sentinel RequirementsLitware plans to leverage the security information and event management (SIEM) and security orchestration automated response (SOAK) capabilities of Microsoft Sentinel. The company wants to centralize Security Operations Center (SOQ by using Microsoft Sentinel.Identity RequirementsLitware identifies the following identity requirements:* Detect brute force attacks that directly target AD DS user accounts.* Implement leaked credential detection in the Azure AD tenant of Litware.* Prevent AD DS user accounts from being locked out by brute force attacks that target Azure AD user accounts.* Implement delegated management of users and groups in the Azure AD tenant of Litware, including support for.* The management of group properties, membership, and licensing* The management of user properties, passwords, and licensing* The delegation of user management based on business units.Regulatory Compliance RequirementsLitware identifies the following regulatory compliance requirements:* insure data residency compliance when collecting logs, telemetry, and data owned by each United States- and France-based subsidiary.* Leverage built-in Azure Policy definitions to evaluate regulatory compliance across the entire managed environment.* Use the principle of least privilege.Azure Landing Zone RequirementsLitware identifies the following landing zone requirements:* Route all internet-bound traffic from landing zones through Azure Firewall in a dedicated Azure subscription.* Provide a secure score scoped to the landing zone.* Ensure that the Azure virtual machines in each landing zone communicate with Azure App Service web apps in the same zone over the Microsoft backbone network, rather than over public endpoints.* Minimize the possibility of data exfiltration.* Maximize network bandwidth.The landing zone architecture will include the dedicated subscription, which will serve as the hub for internet and hybrid connectivity. Each landing zone will have the following characteristics:* Be created in a dedicated subscription.* Use a DNS namespace of litware.com.Application Security RequirementsLitware identifies the following application security requirements:* Identify internal applications that will support single sign-on (SSO) by using Azure AD Application Proxy.* Monitor and control access to Microsoft SharePoint Online and Exchange Online data in real time.Q36. Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?  From Defender for Cloud, review the secure score recommendations.  From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.  From Defender for Cloud, review the Azure security baseline for audit report.  From Defender for Cloud, add a regulatory compliance standard. https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regulatory-compliance-standards-are-available-in-defender-for-cloudQ37. You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point. Q38. A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.The customer discovers that several endpoints are infected with malware.The customer suspends access attempts from the infected endpoints.The malware is removed from the end point.Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Microsoft Defender for Endpoint reports the endpoints as compliant.  Microsoft Intune reports the endpoints as compliant.  A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.  The client access tokens are refreshed. https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust-security-approach/https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokensQ39. You have a Microsoft 365 subscriptionYou need to recommend a security solution to monitor the following activities:* User accounts that were potentially compromised* Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each Correct selection is worth one Point. Q40. You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.Does this meet the goal?  Yes  No Q41. Your company has a Microsoft 365 E5 subscription.Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating.The company identifies protected health information (PHI) within stored documents and communications.What should you recommend using to prevent the PHI from being shared outside the company?  insider risk management policies  data loss prevention (DLP) policies  sensitivity label policies  retention policies Explanationhttps://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide Loading … Practice LATEST SC-100 Exam Updated 132 Questions: https://www.validbraindumps.com/SC-100-exam-prep.html --------------------------------------------------- Images: https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-05-30 11:58:40 Post date GMT: 2023-05-30 11:58:40 Post modified date: 2023-05-30 11:58:40 Post modified date GMT: 2023-05-30 11:58:40