최신 SC-100 무료덤프 - Microsoft Cybersecurity Architect
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions that allow traffic from the Front Door service tags.
Does this meet the goal?
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions that allow traffic from the Front Door service tags.
Does this meet the goal?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)
정답: C,D
설명: (DumpTOP 회원만 볼 수 있음)
Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1.
Your perimeter network contains a server named Server1 that runs Windows Server.
You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.
You plan to implement a security solution that will include the following configurations:
* Manage access to App1 by using Microsoft Entra Private Access.
* Deploy a Microsoft Entra application proxy connector to Server1.
* Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.
* For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:
o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.
o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.
o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.
o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.
You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.
Which rule should you remove?
Your perimeter network contains a server named Server1 that runs Windows Server.
You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.
You plan to implement a security solution that will include the following configurations:
* Manage access to App1 by using Microsoft Entra Private Access.
* Deploy a Microsoft Entra application proxy connector to Server1.
* Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.
* For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:
o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.
o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.
o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.
o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.
You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.
Which rule should you remove?
정답: D
You have an on-premises network and a Microsoft 365 subscription.
You are designing a Zero Trust security strategy.
Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution.
NOTE: Each correct answer is worth one point.
You are designing a Zero Trust security strategy.
Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution.
NOTE: Each correct answer is worth one point.
정답: B,C
You have an Azure subscription.
Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.
What should you recommend using to enforce the governance requirement?
Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.
What should you recommend using to enforce the governance requirement?
정답: C
You have three Microsoft Entra tenants named Tenant 1. Tenant2. and Tenant3.
You have three Azure subscriptions named Sub1, Sub2, and Sub3. Each tenant is associated with multiple Azure subscriptions.
Each subscription contains a single Microsoft Sentinel workspace as shown in the following table.
You need to recommend a solution that meets the following requirements:
* Ensures that the users in Tenant1 can manage the resources in Sub2 and Sub3 without having to switch subscriptions or sign in to a different tenant
* Implements multiple workspace view for Sentinel2 and Sentinel3
What should you use to delegate permissions, and which Microsoft Sentinel feature will users be able to manage in multiple workspace view? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have three Azure subscriptions named Sub1, Sub2, and Sub3. Each tenant is associated with multiple Azure subscriptions.
Each subscription contains a single Microsoft Sentinel workspace as shown in the following table.
You need to recommend a solution that meets the following requirements:
* Ensures that the users in Tenant1 can manage the resources in Sub2 and Sub3 without having to switch subscriptions or sign in to a different tenant
* Implements multiple workspace view for Sentinel2 and Sentinel3
What should you use to delegate permissions, and which Microsoft Sentinel feature will users be able to manage in multiple workspace view? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Your company has devices that run either Windows 10, Windows 11, or Windows Server.
You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?
You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
정답:
Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)
Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?
Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You design cloud-based software as a service (SaaS) solutions.
You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend doing first?
You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend doing first?
정답: A