Valid SC-100 Dumps shared by PassLeader for Helping Passing SC-100 Exam! PassLeader now offer the newest SC-100 VCE dumps and SC-100 PDF dumps, the PassLeader SC-100 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader SC-100 dumps with VCE and PDF here: https://www.passleader.com/sc-100.html (286 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader SC-100 dumps from Cloud Storage: https://drive.google.com/drive/folders/1ByJyHdB_NYyHMI7Z_J24E5fgwr4Egv2X
NEW QUESTION 269
Your network contains an Active Directory Domain Services (AD DS) domain named Domain1. You have a Microsoft Entra tenant. Domain1 syncs with the tenant by using Microsoft Entra Connect. You need to monitor Domain1 for privilege escalation attacks. What should you use?
A. Microsoft Entra ID Protection
B. Microsoft Defender for Servers
C. Microsoft Defender for Identity
D. Privileged Identity Management (PIM)
Answer: C
Explanation:
Defender for Identity is fully integrated with Microsoft Defender XDR, and leverages signals from both on-premises Active Directory and cloud identities to help you better identify, detect, and investigate advanced threats directed at your organization.
Note:
Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) Microsoft Defender for Identity detects activity from the early stages of the attack chain by monitoring anomalous behavior as seen by the domain controller.
https://learn.microsoft.com/en-us/defender-for-identity/what-is
https://www.microsoft.com/en-us/security/blog/2022/05/25/detecting-and-preventing-privilege-escalation-attacks-leveraging-kerberos-relaying- krbrelayup/
NEW QUESTION 270
You have an Azure subscription and an Azure DevOps organization. You need to recommend a solution for connecting Azure DevOps pipelines to the resources in the subscription by using Azure Resource Manager (ARM) service connections. The solution must align with Microsoft Cloud Adoption Framework for Azure best practices, including the principle of least privilege. What should you include in the recommendation?
A. service principals and secrets
B. workload identity federation and service principals
C. workload identity federation and user-assigned managed identities
D. workload identity federation and system-assigned managed identities
Answer: C
Explanation:
An Azure Resource Manager service connection allows you to connect to Azure resources like Azure Key Vault from your pipeline. This connection lets you use a pipeline to deploy to Azure resources, such as an Azure App Service app, without needing to authenticate each time. You have multiple authentication options for connecting to Azure with an Azure Resource Manager service connection. We recommend using workload identity federation with either an app registration or managed identity. Workload identity federation eliminates the need for secrets and secret management.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure
NEW QUESTION 271
You have a Microsoft 365 subscription. You have an Azure subscription. You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:
– Assign compliance policies to Microsoft 365 groups based on custom Microsoft Exchange Online attributes.
– Minimize the number of compliance policies.
– Minimize administrative effort.
What should you include in the solution?
A. adaptive scopes
B. Microsoft 365 Defender user tags
C. administrative units
D. Microsoft Purview sensitivity labels
Answer: A
Explanation:
When you create a communication compliance policy or a policy for retention, you can create or add an adaptive scope for your policy. A single policy can have one or many adaptive scopes. An adaptive scope uses a query that you specify, so you can define the membership of users or groups included in that query. These dynamic queries run daily against the attributes or properties that you specify for the selected scope. You can use one or more adaptive scopes with a single policy.
https://learn.microsoft.com/en-us/purview/purview-adaptive-scopes
NEW QUESTION 272
You have a Microsoft 365 subscription that uses Microsoft Defender XDR and Microsoft Purview. On a Microsoft SharePoint Online site, you have a file named File1 that has a sensitivity label applied. You need to recommend a solution that will reevaluate Conditional Access policies when a user downloads Filel from the SharePoint site. What should you include in the recommendation?
A. Microsoft Defender for Cloud Apps
B. Microsoft Defender for Cloud
C. Microsoft Defender for Office 365
D. Microsoft Entra Application Proxy
Answer: A
Explanation:
Conditional Access app control uses access policies and session policies to monitor and control user app access and sessions in real time, across your organization. Each policy has conditions to define who (which user or group of users), what (which cloud apps), and where (which locations and networks) the policy is applied to. After you determine the conditions, route your users first to Defender for Cloud Apps. There, you can apply the access and session controls to help protect your data.
https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad
NEW QUESTION 273
You have a multicloud environment that contains an Azure subscription, an Amazon Web Services (AWS) subscription, and a Google Cloud Platform (GCP) subscription. You plan to assess data security and compliance. You need to design a Compliance Manager solution that meets the following requirements:
– Provides recommended improvement actions that include detailed implementation guidance.
– Automatically monitors regulatory compliance.
– Minimizes administrative effort.
What should you include in the solution?
A. Microsoft Defender for Cloud
B. Compliance Manager Connectors
C. Microsoft Defender for Cloud Apps
D. Microsoft Sentinel
Answer: A
Explanation:
Compliance Manager integrates with Microsoft Defender for Cloud to provide multicloud support. Organizations must have at least one subscription within Microsoft Azure and then enable Defender for Cloud so that Compliance Manager can receive the necessary signals to monitor your cloud services. Once you have Defender for Cloud, you need to assign the relevant industry and regulatory standards to your subscriptions.
https://learn.microsoft.com/en-us/purview/compliance-manager-cloud-settings
NEW QUESTION 274
You have two Azure subscriptions named Sub1 and Sub2 that contain the vaults shown in the following table:
You need to design a multi-user authorization (MUA) solution for security operations on the vaults. The solution must meet the following requirements:
– RSVault1 and RSVault2 must require MUA for disabling soft delete, removing MUA protection, and disabling immutability.
– BackupVault1 and BackupVault2 must require MUA for disabling soft delete and removing MUA protection.
What is the minimum number of Resource Guard resources required?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/backup/multi-user-authorization
NEW QUESTION 275
HotSpot
You have an Azure subscription. The subscription contains an Azure SQL database named DB1 that stores customer data. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online, OneDrive, and Teams. Users frequently create Microsoft Office documents that contain data from DB1. You need to recommend a Microsoft Purview solution that meets the following requirements:
– Identifies Office documents that contain customer addresses and phone numbers sourced from DB1.
– Generates an alert if a user downloads an above average number of files that contain data from DB1.
– Minimizes the number of false positives.
What should you include in the solution for each requirement? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/purview/sit-document-fingerprinting
https://learn.microsoft.com/en-us/purview/insider-risk-management-settings-intelligent-detections
NEW QUESTION 276
HotSpot
You have an Azure DevOps organization that is used to manage the development and deployment of internal apps to multiple Azure subscriptions. You need to implement a DevSecOps strategy based on Microsoft Cloud Adoption Framework for Azure principles. The solution must meet the following requirements:
– All pull requests must be enforced.
– All deployments to production must be approved.
What should you include in the solution for each requirement? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/automation
NEW QUESTION 277
HotSpot
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit:
You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements:
– Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
– Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview
NEW QUESTION 278
HotSpot
You have a multicloud environment that contains an Azure subscription and an Amazon Web Services (AWS) subscription. You need to design a solution that meets the following requirements:
– Dynamically discovers the permissions granted to and used by each user.
– Generates an aggregated metric that evaluates the level of risk associated with the number of unused or excessive permissions.
– Automatically revokes permissions that have been unused for 90 days.
– Supports granting on-demand permissions for limited periods of time.
– Minimizes administrative effort.
Which cloud service should you use for each subscription? (To answer, select the options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure
https://learn.microsoft.com/en-us/entra/permissions-management/
NEW QUESTION 279
HotSpot
You have an Azure subscription. You have a Microsoft 365 subscription. You need to assess regulatory compliance of the subscriptions. The solution must meet the following requirements:
– Identify whether data stored in Azure and Microsoft 365 complies with General Data Protection Regulation (GDPR) regulations.
– Identify whether Azure resources comply with National Institute of Standards and Technology (NIST) standards.
– Provide recommendations on controls to improve compliance.
What should you use? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/announcing-the-microsoft-sentinel-nist-sp-800-53-solution/3381485
https://techcommunity.microsoft.com/blog/healthcareandlifesciencesblog/microsoft-purview—compliance-score-part-5—gdpr/3639469
NEW QUESTION 280
HotSpot
You have a Microsoft 365 E5 subscription. You plan to implement Microsoft Priva Subject Rights Requests for Microsoft 365 data. You need to streamline the creation and processing of subject rights requests. The solution must minimize development effort. What should you include in the solution? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
Box 1: The Microsoft Graph API. You can integrate Priva Subject Rights Requests for data within Microsoft 365 with your existing business processes and tools by using the Microsoft Graph Subject Rights Request API.
Box 2: Microsoft Power Automate. You can also extend the automation capabilities of Subject Rights Requests by using built-in Power Automate flows for tasks such as setting calendar reminders and creating cases in ServiceNow.
https://learn.microsoft.com/en-us/privacy/priva/subject-rights-requests-automate
NEW QUESTION 281
HotSpot
You have a Microsoft 365 subscription. The subscription contains Windows 11 devices that are protected by using Microsoft Defender XDR. You need to block access to file sharing sites from the devices. The solution must meet the following requirements:
– Identify file sharing sites to which users have connected during the last 90 days.
– Prevent the users from connecting to the identified file sharing sites.
– Minimize administrative effort.
What should you use to identify the file sharing sites, and which Microsoft Defender service should you use to prevent the users from connecting to the sites? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
Box 1: Microsoft Defender for Endpoint. Identify file sharing sites to which users have connected during the last 90 days.
Box 2: Microsoft Defender for Endpoint. Prevent the users from connecting to the identified file sharing sites.
https://learn.microsoft.com/en-us/defender-endpoint/threat-protection-reports
https://learn.microsoft.com/en-us/defender-endpoint/web-content-filtering
NEW QUESTION 282
……
Get the newest PassLeader SC-100 VCE dumps here: https://www.passleader.com/sc-100.html (286 Q&As Dumps)
And, DOWNLOAD the newest PassLeader SC-100 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1ByJyHdB_NYyHMI7Z_J24E5fgwr4Egv2X