2024年04月29日合格確定ガイド準備SC-100試験知能問題集
無料最新Microsoft Certified: Cybersecurity Architect Expert SC-100リアル試験問題と回答2024年更新
Microsoft SC-100試験は、Microsoft Cybersecurity Architect認定としても知られており、サイバーセキュリティ専門家の知識とスキルを評価することに焦点を当てた専門的な試験です。この認定は、サイバーセキュリティ分野でキャリアを進めたいと考えている個人や、この分野での専門知識を証明したいと考えている個人を対象としています。
マイクロソフトSC-100試験を受けることの利点の1つは、世界中の雇用主や組織に認められていることです。この試験は、サイバーセキュリティの専門家のためのグローバルに認知された認定である「Microsoft Certified: Security, Compliance, and Identity Fundamentals」の一部であり、マイクロソフトSC-100試験に合格することで、個人はサイバーセキュリティアーキテクチャの専門知識を示し、この分野での雇用の可能性を高めることができます。
質問 # 54
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?
- A. No
- B. Yes
正解:B
解説:
Explanation
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-privileged-access#pa-2-avoid-st
質問 # 55
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
正解:
解説:
Explanation
質問 # 56
You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?
- A. Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.
- B. Obtain Azure Active Directory Premium Plan 2 licenses.
- C. Enable the Defender plan for all resource types in Microsoft Defender for Cloud.
- D. Add Microsoft Sentinel data connectors.
正解:D
解説:
Topic 2, Fabrikam, Inc
Overview
Fabrikam, Inc. is an insurance company that has a main office in New York and a branch office in Paris.
On-premises Environment
The on-premises network contains a single Active Directory Domain Services (AD DS) domain named corp.fabrikam.com.
Azure Environment
Fabrikam has the following Azure resources:
* An Azure Active Directory (Azure AD) tenant named fabrikam.onmicrosoft.com that syncs with corp.fabnkam.com
* A single Azure subscription named Sub1
* A virtual network named Vnet1 in the East US Azure region
* A virtual network named Vnet2 in the West Europe Azure region
* An instance of Azure Front Door named FD1 that has Azure Web Application Firewall (WAR enabled
* A Microsoft Sentinel workspace
* An Azure SQL database named ClaimsDB that contains a table named ClaimDetails
* 20 virtual machines that are configured as application servers and are NOT onboarded to Microsoft Defender for Cloud
* A resource group named TestRG that is used for testing purposes only
* An Azure Virtual Desktop host pool that contains personal assigned session hosts All the resources in Sub1 are in either the East US or the West Europe region.
Partners
Fabrikam has contracted a company named Contoso, Ltd. to develop applications. Contoso has the following infrastructure-.
* An Azure AD tenant named contoso.onmicrosoft.com
* An Amazon Web Services (AWS) implementation named ContosoAWS1 that contains AWS EC2 instances used to host test workloads for the applications of Fabrikam Developers at Contoso will connect to the resources of Fabrikam to test or update applications. The developers will be added to a security Group named Contoso Developers in fabrikam.onmicrosoft.com that will be assigned to roles in Sub1.
The ContosoDevelopers group is assigned the db.owner role for the ClaimsDB database.
Compliance Event
Fabrikam deploys the following compliance environment:
* Defender for Cloud is configured to assess all the resources in Sub1 for compliance to the HIPAA HITRUST standard.
* Currently, resources that are noncompliant with the HIPAA HITRUST standard are remediated manually.
* Qualys is used as the standard vulnerability assessment tool for servers.
Problem Statements
The secure score in Defender for Cloud shows that all the virtual machines generate the following recommendation-. Machines should have a vulnerability assessment solution.
All the virtual machines must be compliant in Defender for Cloud.
ClaimApp Deployment
Fabrikam plans to implement an internet-accessible application named ClaimsApp that will have the following specification
* ClaimsApp will be deployed to Azure App Service instances that connect to Vnetl and Vnet2.
* Users will connect to ClaimsApp by using a URL of https://claims.fabrikam.com.
* ClaimsApp will access data in ClaimsDB.
* ClaimsDB must be accessible only from Azure virtual networks.
* The app services permission for ClaimsApp must be assigned to ClaimsDB.
Application Development Requirements
Fabrikam identifies the following requirements for application development:
* Azure DevTest labs will be used by developers for testing.
* All the application code must be stored in GitHub Enterprise.
* Azure Pipelines will be used to manage application deployments.
* All application code changes must be scanned for security vulnerabilities, including application code or configuration files that contain secrets in clear text. Scanning must be done at the time the code is pushed to a repository.
Security Requirement
Fabrikam identifies the following security requirements:
* Internet-accessible applications must prevent connections that originate in North Korea.
* Only members of a group named InfraSec must be allowed to configure network security groups (NSGs} and instances of Azure Firewall, VJM. And Front Door in Sub1.
* Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image.
AWS Requirements
Fabrikam identifies the following security requirements for the data hosted in ContosoAWSV.
* Notify security administrators at Fabrikam if any AWS EC2 instances are noncompliant with secure score recommendations.
* Ensure that the security administrators can query AWS service logs directly from the Azure environment.
Contoso Developer Requirements
Fabrikam identifies the following requirements for the Contoso developers;
* Every month, the membership of the ContosoDevelopers group must be verified.
* The Contoso developers must use their existing contoso.onmicrosoft.com credentials to access the resources in Sub1.
* The Comoro developers must be prevented from viewing the data in a column named MedicalHistory in the ClaimDetails table.
Compliance Requirement
Fabrikam wants to automatically remediate the virtual machines in Sub1 to be compliant with the HIPPA HITRUST standard. The virtual machines in TestRG must be excluded from the compliance assessment.
質問 # 57
You need to recommend a solution to meet the compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 58
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE Each correct selection is worth one point.
正解:
解説:
質問 # 59
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C.
The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. Azure AD workbooks to monitor risk detections
- B. smart account lockout in Azure AD B2C
- C. Azure AD Conditional Access integration with user flows and custom policies
- D. custom resource owner password credentials (ROPC) flows in Azure AD B2C
- E. access packages in Identity Governance
正解:A、B
質問 # 60
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions that allow traffic from the Front Door service tags.
Does this meet the goal?
- A. No
- B. Yes
正解:B
解説:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#restrict-access-to-a-specific-azure-front-door-instance
質問 # 61
You need to recommend a solution to meet the AWS requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 62
You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.
What should you include in the recommendation?
- A. data classification
- B. Always Encrypted
- C. dynamic data masking
- D. row-level security (RLS)
- E. Transparent Data Encryption (TDE)
正解:C
解説:
https://docs.microsoft.com/en-us/learn/modules/protect-data-transit-rest/4-explain-object-encryption-secure-encl
質問 # 63
You have a Microsoft 365 E5 subscription.
You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.
You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared.
Which two components should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. data loss prevention (DLP) policies
- B. eDiscovery cases
- C. sensitivity label policies
- D. retention label policies
正解:A、C
解説:
Explanation
Data loss prevention in Office 365. Data loss prevention (DLP) helps you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.
Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data without hindering the productivity of users and their ability to collaborate.Plan for integration into a broader information protection scheme. On top of coexistence with OME, sensitivity labels can be used along-side capabilities likeMicrosoft Purview Data Loss Prevention (DLP) and Microsoft Defender for Cloud Apps.
https://motionwave.com.au/keeping-your-confidential-data-secure-with-microsoft-office-365/
https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-protect-information?vie
質問 # 64
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.
You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
正解:C
解説:
Explanation
https://docs.microsoft.com/en-us/azure/bastion/vnet-peering
https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure-bastion
質問 # 65
What should you create in Azure AD to meet the Contoso developer requirements?
正解:
解説:
質問 # 66
A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.
You need to design an identity strategy for the app. The solution must meet the following requirements:
* Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.
* Be managed separately from the identity store of the customer.
* Support fully customizable branding for each app.
Which service should you recommend to complete the design?
- A. Azure Active Directory (Azure AD) B2B
- B. Azure Active Directory Domain Services (Azure AD DS)
- C. Azure Active Directory (Azure AD) B2C
- D. Azure AD Connect
正解:C
解説:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-facebook?pivots=b2c-user-flow
https://docs.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-user-flow
質問 # 67
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
- A. From Defender for Cloud, review the Azure security baseline for audit report.
- B. From Azure Policy, assign a built-in initiative that has a scope of the subscription.
- C. From Defender for Cloud, review the secure score recommendations.
- D. From Defender for Cloud, enable Defender for Cloud plans.
正解:B
解説:
Explanation
https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regulat
質問 # 68
You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.
What should you include in the recommendation?
- A. Always Encrypted
- B. data classification
- C. dynamic data masking
- D. row-level security (RLS)
- E. Transparent Data Encryption (TDE)
正解:A
解説:
https://docs.microsoft.com/en-us/learn/modules/protect-data-transit-rest/4-explain-object-encryption-secure-enclaves
質問 # 69
......
Microsoft SC-100認定を獲得するには、候補者は40〜60の複数選択の質問で構成される単一の試験に合格する必要があります。試験はコンピューターベースであり、任意の承認されたテストセンターで撮影できます。試験の期間は120分で、合格スコアは1000のうち700です。
究極な準備用ガイドSC-100認定試験Microsoft Certified: Cybersecurity Architect Expert:https://www.jpntest.com/shiken/SC-100-mondaishu