SC-100 Exam Question 81
You have a multicloud environment that contains an Azure subscription, an Amazon Web Services (AWS) subscription, and a Google Cloud Platform (GCP) subscription.
You plan to implement Cloud Security Posture Management (CSPM) by using Microsoft Defender for Cloud.
You need to design a solution that will provide attack path analysis functionality for each subscription.
What should you include in the solution?
You plan to implement Cloud Security Posture Management (CSPM) by using Microsoft Defender for Cloud.
You need to design a solution that will provide attack path analysis functionality for each subscription.
What should you include in the solution?
SC-100 Exam Question 82
You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid-joined to Microsoft Entra.
You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.
You plan to remove all the domain accounts from the Administrators groups on the Windows computers.
You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.
What should you include in the recommendation?
You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.
You plan to remove all the domain accounts from the Administrators groups on the Windows computers.
You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.
What should you include in the recommendation?
SC-100 Exam Question 83
Hotspot Question
You have the resources shown in the following table.
You need to configure multi-user authorization (MUA) for Azure Backup to protect the Recovery Services vaults. The solution must maximize the security of the MUA configuration.
To which location should you deploy Resource Guard, and which role-based access control (RBAC) role should you assign to the team responsible for managing the backup of Resource Guard? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have the resources shown in the following table.
You need to configure multi-user authorization (MUA) for Azure Backup to protect the Recovery Services vaults. The solution must maximize the security of the MUA configuration.
To which location should you deploy Resource Guard, and which role-based access control (RBAC) role should you assign to the team responsible for managing the backup of Resource Guard? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 84
Hotspot Question
You have an Azure subscription.
You need to use a federated model in Azure API Management to control access to your organization's APIs. The solution must meet the following requirements:
- Support the use of role-based access control (RBAC) to manage the
APIs.
- Support the use of keys to control the consumption of the APIs.
To which scope should you associate each control method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You need to use a federated model in Azure API Management to control access to your organization's APIs. The solution must meet the following requirements:
- Support the use of role-based access control (RBAC) to manage the
APIs.
- Support the use of keys to control the consumption of the APIs.
To which scope should you associate each control method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-100 Exam Question 85
Hotspot Question
You have an Azure subscription that contains a Microsoft Sentinel workspace named MWS1 and an Azure Data Lake Storage account named lake1. Firewall log data is ingested into MWS1.
You plan to export historical firewall log data from MWS1 to lake1.
You need to ensure that security analysts can perform threat hunting from MWS1. The solution must ensure that the firewall logs stored in lake1 can be included in threat hunting queries.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a Microsoft Sentinel workspace named MWS1 and an Azure Data Lake Storage account named lake1. Firewall log data is ingested into MWS1.
You plan to export historical firewall log data from MWS1 to lake1.
You need to ensure that security analysts can perform threat hunting from MWS1. The solution must ensure that the firewall logs stored in lake1 can be included in threat hunting queries.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
