SC-100 Online Practice Questions and Answers

Correct Answer:

Box 1: GitHub Enterprise

A GitHub Advanced Security license provides the following additional features:

Code scanning - Search for potential security vulnerabilities and coding errors in your code.

Secret scanning - Detect secrets, for example keys and tokens, that have been checked into the repository. If push protection is enabled, also detects secrets when they are pushed to your repository.

Etc.

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub Enterprise Cloud.

Box 2: Azure Pipelines

Building Containers with Azure DevOps using DevTest Pattern with Azure Pipelines

The pattern enabled as to build container for development, testing and releasing the container for further reuse (production ready).

Azure Pipelines integrates metadata tracing into your container images, including commit hashes and issue numbers from Azure Boards, so that you can inspect your applications with confidence.

Incorrect:

*

Not Azure Boards: Azure Boards provides software development teams with the interactive and customizable tools they need to manage their software projects. It provides a rich set of capabilities including native support for Agile, Scrum,

and Kanban processes, calendar views, configurable dashboards, and integrated reporting.

*

Not Microsoft Defender for Cloud

Microsoft Defender for Containers is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications.

You cannot use Microsoft Defender for Cloud to scan code, it scans images.

Reference:

https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security

https://microsoft.github.io/code-with-engineering-playbook/automated-testing/tech-specific-samples/azdo-container-dev-test-release/

Correct Answer:

Box 1: Specialized security

Securing devices as part of the privileged access story Box 2: Enterprise security

Box 3: Privileged security

Reference: https://learn.microsoft.com/en-us/security/compass/privileged-access-devices

Correct Answer: B

After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what's happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook.

Reference: https://docs.microsoft.com/en-us/azure/sentinel/get-visibility

Correct Answer: AE

Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses.

Provision the service directly in your local or peered virtual network to get support for all the VMs within it.

Connect to your virtual machines in your local and peered virtual networks over SSL, port 443, directly in the Azure portal.

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don't have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it

can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host.

Architecture

When VNet peering is configured, Azure Bastion can be deployed in hub-and-spoke or full-mesh topologies.

Reference:

https://learn.microsoft.com/en-us/azure/bastion/vnet-peering

https://azure.microsoft.com/en-us/products/azure-bastion/#features

Correct Answer: D

Add a regulatory standard to your dashboard

The following steps explain how to add a package to monitor your compliance with one of the supported regulatory standards.

Add a standard to your Azure resources

1.

From Defender for Cloud's menu, select Regulatory compliance to open the regulatory compliance dashboard. Here you can see the compliance standards currently assigned to the currently selected subscriptions.

2.

From the top of the page, select Manage compliance policies. The Policy Management page appears.

3.

Select the subscription or management group for which you want to manage the regulatory compliance posture.

4.

To add the standards relevant to your organization, expand the Industry and regulatory standards section and select Add more standards.

5.

From the Add regulatory compliance standards page, you can search for any of the available standards:

6.

Select Add and enter all the necessary details for the specific initiative such as scope, parameters, and remediation.

7.

From Defender for Cloud's menu, select Regulatory compliance again to go back to the regulatory compliance dashboard.

Your new standard appears in your list of Industry and regulatory standards.

Note: Customize the set of standards in your regulatory compliance dashboard.

Microsoft Defender for Cloud continually compares the configuration of your resources with requirements in industry standards, regulations, and benchmarks. The regulatory compliance dashboard provides insights into your compliance posture based on how you're meeting specific compliance requirements. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages

Correct Answer: D

Microsoft Sentinel is a scalable, cloud-native solution that provides:

Security information and event management (SIEM)

Security orchestration, automation, and response (SOAR)

Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Microsoft Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.

Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.

Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.

Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.

Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Microsoft Sentinel natively incorporates proven Azure services, like Log Analytics and Logic Apps. Microsoft Sentinel enriches your investigation and detection with AI. It provides Microsoft's threat intelligence stream and enables you to bring

your own threat intelligence.

Reference: https://docs.microsoft.com/en-us/azure/sentinel/overview

Correct Answer: ACE

RaMP initiatives for Zero Trust

To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives.

Critical security modernization initiatives:

(C) User access and productivity

1. Explicitly validate trust for all access requests Identities Endpoints (devices) Apps Network

(A) Data, compliance, and governance

2.

Ransomware recovery readiness

3.

Data

(E) Modernize security operations

4.

Streamline response

5.

Unify visibility

6.

reduce manual effort

Incorrect:

As needed

Additional initiatives based on Operational Technology (OT) or IoT usage, on-premises and cloud adoption, and security for in-house app development:

*

(not D) OT and Industrial IoT Discover Protect Monitor

*

Datacenter and DevOps Security Security Hygiene Reduce Legacy Risk DevOps Integration Microsegmentation

Reference: https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview

Correct Answer: AE

Continuous access evaluation

Key benefits

User termination or password change/reset: User session revocation will be enforced in near real time.

Network location change: Conditional Access location policies will be enforced in near real time.

Token export to a machine outside of a trusted network can be prevented with Conditional Access location policies.

Scenarios

There are two scenarios that make up continuous access evaluation, critical event evaluation and Conditional Access policy evaluation.

*

Critical event evaluation Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical Azure AD events. Those events can then be evaluated and enforced near real time. Critical event evaluation doesn't rely on Conditional Access policies so it's available in any tenant. The following events are currently evaluated:

User Account is deleted or disabled Password for a user is changed or reset Multi-factor authentication is enabled for the user Administrator explicitly revokes all refresh tokens for a user High user risk detected by Azure AD Identity Protection

*

Conditional Access policy evaluation

Exchange Online, SharePoint Online, Teams, and MS Graph can synchronize key Conditional Access policies for evaluation within the service itself.

This process enables the scenario where users lose access to organizational files, email, calendar, or tasks from Microsoft 365 client apps or SharePoint Online immediately after network location changes.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation

Correct Answer: AB

This question is to increase secure score. Here is a long reference page from Microsoft of security recommendations that can increase your secure score. Sentinel and PIM are not on it. The explanation makes a great point about alerts not being preventive, which is a key aspect of the required solution.

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

Correct Answer: C

Explanation:

Azure Policy helps to enforce organizational standards and to assess compliance at-scale.

Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure

environment as built-ins to help you get started.

Specifically, some useful governance actions you can enforce with Azure Policy include:

Ensuring your team deploys Azure resources only to allowed regions

Enforcing the consistent application of taxonomic tags

Requiring resources to send diagnostic logs to a Log Analytics workspace

Note: Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources. The

assignment applies to all resources within the Resource Manager scope of that assignment.

Reference:

https://learn.microsoft.com/en-us/azure/governance/policy/overview