検証済みのSC-100問題集と解答で合格保証もしくは全額返金 [2023年12月]
SC-100のPDF問題集で2023年12月28日最近更新された問題
Microsoft SC-100 認定を取得することで、サイバーセキュリティ分野で多くのキャリア機会が開けます。認定を取得したプロフェッショナルは、サイバーセキュリティアーキテクト、コンサルタント、アナリスト、またはエンジニアとして働くことができます。政府機関、金融機関、医療機関、テクノロジー企業など、さまざまな組織でも働くことができます。サイバーセキュリティプロフェッショナルの需要が高まる中、Microsoft SC-100 認定を持っていることは、競争力を高め、就職市場で目立つことを助けます。
質問 # 79
You have an Azure subscription.
You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.
Developers use Azure DevOps to deploy web apps to App Service Environments- When a new app is deployed, a CNAME record for the app is registered in contoso.com.
You need to recommend a solution to secure the DNS record tor each web app. The solution must meet the following requirements:
* Ensure that when an app is deleted, the CNAME record for the app is removed also
* Minimize administrative effort.
What should you include in the recommendation?
- A. Microsoft Defender for Cloud Apps
- B. Microsoft Defender foe App Service
- C. Microsoft Defender for DNS
- D. Microsoft Defender for DevOps
正解:C
質問 # 80
Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States.
You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attach surface.
What should you include in the recommendation?
- A. Azure Application Gateway Web Application Firewall (WAF)
- B. Azure Traffic Manager and application security groups
- C. network security groups (NSGs)
- D. Azure Firewall Premium
正解:B
質問 # 81
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 82
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
- A. Azure Event Hubs
- B. a Microsoft Sentinel workbook
- C. Azure Data Factor
- D. a Microsoft Sentinel data connector
正解:D
解説:
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-side-by-side-with-splunk-via-eventhub/ba-p/2307029
質問 # 83
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling the VMAccess extension on all virtual machines.
Does this meet the goal?
- A. Yes
- B. No
正解:B
解説:
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-privileged-access#pa-2-avoid-standing-access-for-user-accounts-and-permissions Adaptive Network Hardening: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-7-simplify-network-security-configuration
質問 # 84
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 85
You are designing the encryption standards for data at rest for an Azure resource
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).
Does this meet the goal?
- A. No
- B. Yes
正解:B
質問 # 86
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 87
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
正解:
解説:
質問 # 88
Your company wants to optimize using Azure to protect its resources from ransomware.
You need to recommend which capabilities of Azure Backup and Azure Storage provide the strongest protection against ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 89
You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.
What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 90
You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.
- A. Assign a blueprint to each subscription.
- B. Assign an initiative to each subscription.
- C. Assign a policy to a management group.
- D. Assign a policy to each subscription.
- E. Assign an initiative to a management group.
- F. Assign a blueprint to a management group.
正解:E、F
解説:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
質問 # 91
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the end point.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Microsoft Intune reports the endpoints as compliant.
- B. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
- C. The client access tokens are refreshed.
- D. Microsoft Defender for Endpoint reports the endpoints as compliant.
正解:B、C
質問 # 92
What should you create in Azure AD to meet the Contoso developer requirements?
正解:
解説:
Explanation
Box 1: A synced user account -
Need to use a synched user account.
Box 2: An access review
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
質問 # 93
Your company wants to optimize ransomware incident investigations.
You need to recommend a plan to investigate ransomware incidents based on the Microsoft Detection and Response Team (DART) approach.
Which three actions should you recommend performing in sequence in the plan? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
1 - Assess teh current situation and identity the scope.
2 - Identity which line-of-business (LOB) apps are unavailable due to ransomware incident.
3 - Identity the compromise recovery process.
質問 # 94
You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD) The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
- A. role-based authorization
- B. Azure AD Privileged Identity Management (PIM)
- C. resource-based authorization
- D. Azure AD Multi-Factor Authentication
正解:D
解説:
(https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure)
https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing?rtc=1
質問 # 95
You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
正解:
解説:
質問 # 96
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
* User accounts that were potentially compromised
* Users performing bulk file downloads from Microsoft SharePoint Online
What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.
正解:
解説:
質問 # 97
You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CO) workflows.
You need to recommend best practices to secure the stages of the CI/CD workflows based on the Microsoft Cloud Adoption Framework for Azure.
What should you include in the recommendation for each stage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 98
You have Microsoft Defender for Cloud assigned to Azure management groups.
You have a Microsoft Sentinel deployment.
During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. threat intelligence reports in Defender for Cloud
- B. Microsoft Sentinel notebooks
- C. Microsoft Sentinel threat intelligence workbooks
- D. workload protections in Defender for Cloud
正解:A、C
解説:
https://docs.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports https://docs.microsoft.com/en-us/azure/sentinel/notebooks
質問 # 99
Your company has an office in Seattle.
The company has two Azure virtual machine scale sets hosted on different virtual networks.
The company plans to contract developers in India.
You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:
* Prevent exposing the public IP addresses of the virtual machines.
* Provide the ability to connect without using a VPN.
* Minimize costs.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Deploy Azure Bastion to one virtual network.
- B. Create NAT rules and network rules in Azure Firewall.
- C. Deploy Azure Bastion to each virtual network.
- D. Create a hub and spoke network by using virtual network peering.
- E. Enable just-in-time VM access on the virtual machines.
正解:A、D
解説:
Explanation
https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure-bastion
質問 # 100
......
Microsoft SC-100試験は、候補者の知識とスキルを評価する複数選択問題から構成されています。この試験はオンラインで実施され、世界のどこからでも受験することができます。この試験に合格すると、Microsoft Certified: Security, Compliance, and Identity Fundamentalsの認定を受けることができます。
SC-100試験問題有効なSC-100問題集PDF:https://jp.fast2test.com/SC-100-premium-file.html
SC-100練習テスト問題解答には更新された167問があります:https://drive.google.com/open?id=1LIso0OLVqFWYBkLZLKGeMvxfQ9G_jgMX