Download Microsoft Cybersecurity Architect.PremiumDumps.SC-100.2023-10-23.1e.110q.vcex

Download Exam

File Info

Exam Microsoft Cybersecurity Architect (beta)
Number SC-100
File Name Microsoft Cybersecurity Architect.PremiumDumps.SC-100.2023-10-23.1e.110q.vcex
Size 5.17 Mb
Posted October 23, 2023
Downloads 15

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
 
 


Demo Questions

Question 1
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. 
What should you include in the recommendation?

  • A: Azure Monitor webhooks
  • B: Azure Event Hubs 
  • C: Azure Functions apps
  • D: Azure Logics Apps
Correct Answer: D
The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance. 
Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios. 
Incorrect:
Not C: Using Azure Functions apps would require more effort.
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation



Question 2
Your company is moving a big data solution to Azure. 
The company plans to use the following storage workloads:
Azure Storage blob containers 
Azure Data Lake Storage Gen2 
Azure Storage file shares - 
Azure Disk Storage 
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution. 
NOTE: Each correct selection is worth one point.

  • A: Azure Storage file shares
  • B: Azure Disk Storage
  • C: Azure Storage blob containers
  • D: Azure Data Lake Storage Gen2
Correct Answer: CD
C: Azure Storage supports using Azure Active Directory (Azure AD) to authorize requests to blob data. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service. 
You can scope access to Azure blob resources at the following levels, beginning with the narrowest scope:
An individual container. At this scope, a role assignment applies to all of the blobs in the container, as well as container properties and metadata. 
The storage account. 
The resource group. 
The subscription. 
A management group. 
D: You can securely access data in an Azure Data Lake Storage Gen2 (ADLS Gen2) account using OAuth 2.0 with an Azure Active Directory (Azure AD) application service principal for authentication. Using a service principal for authentication provides two options for accessing data in your storage account:
A mount point to a specific file or path 
Direct access to data - 
Incorrect:
Not A: To enable AD DS authentication over SMB for Azure file shares, you need to register your storage account with AD DS and then set the required domain
properties on the storage account. To register your storage account with AD DS, create an account representing it in your AD DS. 
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory 
https://docs.microsoft.com/en-us/azure/databricks/data/data-sources/azure/adls-gen2/azure-datalake-gen2-sp-access



Question 3
Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII). The company plans to use Microsoft Information Protection for the PII data store in Azure. You need to recommend a solution to discover PII data at risk in the Azure resources. What should you include in the recommendation? 
To answer, select the appropriate options in the answer area. 
NOTE: Each correct selection is worth one point.

Correct Answer: Exam simulator is required
Box 1: Azure Purview -
Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. 
Microsoft Purview allows you to:
Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. 
Enable data curators to manage and secure your data estate. 
Empower data consumers to find valuable, trustworthy data. 
Box 2: Microsoft Defender for Cloud
Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization's security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data. 
References:
https://docs.microsoft.com/en-us/azure/purview/overview
https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products



Question 4
You have a Microsoft 365 E5 subscription and an Azure subscription. 
You are designing a Microsoft deployment. 
You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. 
What should you recommend using in Microsoft Sentinel?

  • A: notebooks
  • B: playbooks
  • C: workbooks
  • D: threat intelligence
Correct Answer: C
After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what's happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook. 
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/get-visibility



Question 5
Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities. You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. 
Which Defender for Identity feature should you include in the recommendation? 

  • A: sensitivity labels
  • B: custom user tags
  • C: standalone sensors
  • D: honeytoken entity tags
Correct Answer: D
Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. 
Incorrect:
Not B: custom user tags -
After you apply system tags or custom tags to users, you can use those tags as filters in alerts, reports, and investigation. 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-identity/entity-tags



Question 6
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. 
You are developing a strategy to protect against ransomware attacks. 
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack. 
Which two controls should you include in the recommendation? Each correct answer presents a complete solution. 
NOTE: Each correct selection is worth one point.

  • A: Enable soft delete for backups.
  • B: Require PINs for critical operations.
  • C: Encrypt backups by using customer-managed keys (CMKs).
  • D: Perform offline backups to Azure Data Box.
  • E: Use Azure Monitor notifications when backup configurations change.
Correct Answer: AB
Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication. As part of adding an extra layer of authentication for critical operations, you're prompted to enter a security PIN before modifying online backups. 
Your backups need to be protected from sophisticated bot and malware attacks. Permanent loss of data can have significant cost and time implications to your business. To help protect against this, Azure Backup guards against malicious attacks through deeper security, faster notifications, and extended recoverability. 
For deeper security, only users with valid Azure credentials will receive a security PIN generated by the Azure portal to allow them to backup data. If a critical backup operation is authorized, such as  delete backup data,   a notification is immediately sent so you can engage and minimize the impact to your business. If a hacker does delete backup data, Azure Backup will store the deleted backup data for up to 14 days after deletion. 
E: Key benefits of Azure Monitor alerts include:
Monitor alerts at-scale via Backup center: In addition to enabling you to manage the alerts from Azure Monitor dashboard, Azure Backup also provides an alert management experience tailored to backups via Backup center. This allows you to filter alerts by backup specific properties, such as workload type, vault location, and so on, and a way to get quick visibility into the active backup security alerts that need attention. 
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware 
https://www.microsoft.com/security/blog/2017/01/05/azure-backup-protects-against-ransomware/ https://docs.microsoft.com/en- us/azure/backup/move-to-azure-monitor-alerts



Question 7
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit. 

    

You are designing a logging and auditing solution for the proposed architecture. 
The solution must meet the following requirements:
Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel. 
Use Defender for Cloud to review alerts from the virtual machines. 
What should you include in the solution? To answer, select the appropriate options in the answer area. 
NOTE: Each correct selection is worth one point.

Correct Answer: Exam simulator is required
Box 1: Data connectors -
Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel. 
Launch a WAF workbook (see step 7 below) 
The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource. 
To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource:



Question 8
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. 
You plan to integrate Microsoft Sentinel with Splunk. 
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. 
What should you include in the recommendation?

  • A: a Microsoft Sentinel data connector
  • B: Azure Event Hubs
  • C: a Microsoft Sentinel workbook
  • D: Azure Data Factory
Correct Answer: B
Microsoft Sentinel Add-On for Splunk allows Azure Log Analytics and Microsoft Sentinel users to ingest security logs from Splunk platform using the Azure HTTP Data Collector API. 
Reference:
https://splunkbase.splunk.com/app/5312/



Question 9
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications. The customer discovers that several endpoints are infected with malware. 
The customer suspends access attempts from the infected endpoints. 
The malware is removed from the endpoints. 
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution. 
NOTE: Each correct selection is worth one point.

  • A: The client access tokens are refreshed.
  • B: Microsoft Intune reports the endpoints as compliant.
  • C: A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
  • D: Microsoft Defender for Endpoint reports the endpoints as compliant.
Correct Answer: AB
A: When a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access/refresh token pairs when the current access token expires. Refresh tokens are also used to acquire extra access tokens for other resources. 
Refresh token expiration - 
Refresh tokens can be revoked at any time, because of timeouts and revocations. 
C: Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It uses a combination of endpoint behavioral sensors, cloud security analytics, and threat intelligence. 
The interviewees said that  by implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.   They also noted,  increased device performance and stability by managing all of their endpoints with Microsoft Endpoint Manager.   This had a bonus effect of reducing the number of agents installed on a user's device, thereby increasing device stability and performance.  For some organizations, this can reduce boot times from 30 minutes to less than a minute,   the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. 
Implementing single sign-on 
(SSO), multifactor authentication (MFA), leveraging passwordless authentication, and eliminating VPN clients all further reduced friction and improved user productivity. 

    

Note: Azure AD at the heart of your Zero Trust strategy
Azure AD provides critical functionality for your Zero Trust strategy. It enables strong authentication, a point of integration for device security, and the core of your user-centric policies to guarantee least-privileged access. Azure AD's Conditional Access capabilities are the policy decision point for access to resource 
Reference:
https://www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust-security-approach/ 
https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens



Question 10
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All on-premises servers in the perimeter network are prevented from connecting directly to the internet. 
The customer recently recovered from a ransomware attack. 
The customer plans to deploy Microsoft Sentinel. 
You need to recommend solutions to meet the following requirements:
Ensure that the security operations team can access the security logs and the operation logs. Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. 
Which two solutions should you include in the recommendation? Each correct answer presents a complete solution. 
NOTE: Each correct selection is worth one point.

  • A: a custom collector that uses the Log Analytics agent
  • B: the Azure Monitor agent
  • C: resource-based role-based access control (RBAC)
  • D: Azure Active Directory (Azure AD) Conditional Access policies
Correct Answer: BC
A: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. 
You can connect your data sources to Microsoft Sentinel using custom log formats. 
C: Microsoft Sentinel uses Azure role-based access control (Azure RBAC) to provide built-in roles that can be assigned to users, groups, and services in Azure.
Use Azure RBAC to create and assign roles within your security operations team to grant appropriate access to Microsoft Sentinel. The different roles give you fine-grained control over what Microsoft Sentinel users can see and do. Azure roles can be assigned in the Microsoft Sentinel workspace directly (see note below), or in a subscription or resource group that the workspace belongs to, which Microsoft Sentinel inherits. 
Incorrect:
A: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. 
You can connect your data sources to Microsoft Sentinel using custom log formats. 
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview 
https://docs.microsoft.com/en- us/azure/sentinel/connect-custom-logs?tabs=DCG
https://docs.microsoft.com/en-us/azure/sentinel/roles






CONNECT US


ProfExam
PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount..

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen



HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset