SC-100 試験問題を無料オンラインアクセス

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance.
What should you do first?

• A.From Azure Policy, assign a built-in policy definition that has a scope of the subscription.
• B.From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
• C.From Defender for Cloud, add a regulatory compliance standard.
• D.From Defender for Cloud, review the Azure security baseline for audit report.

You have a Microsoft 365 E5 subscription and an Azure subscription.
You need to recommend a solution to enforce the Zero Trust principle of explicit verification for the subscriptions. The solution must be based on Zero Trust guidance in the Microsoft Cybersecurity Reference Architectures (MCRA).
What should you include in the recommendation?

• A.Microsoft Entra ID Identity Governance
• B.Conditional Access
• C.Microsoft Defender for Cloud
• D.Microsoft Defender for Identity

Your company has on-premises Microsoft SQL Server databases.
The company plans to move the databases to Azure.
You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking.
The solution must minimize costs.
What should you include in the recommendation?

• A.Azure SQL Database
• B.SQL Server on Azure Virtual Machines
• C.Azure SQL Managed Instance
• D.Azure Synapse Analytics dedicated SQL pools

You have an Azure subscription.
Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.
What should you recommend using to enforce the governance requirement?

• A.Azure Policy assignments
• B.regulatory compliance standards in Microsoft Defender for Cloud
• C.custom Azure roles
• D.Azure management groups

Drag and Drop Question
You have an Azure subscription that contains a resources group named RG1. RG1 contains multiple Azure Files shares.
You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:
- Prevent the deletion of backups and the vault used to store the
backups.
- Prevent privilege escalation attacks against the backup solution.
- Prevent the modification of the backup retention period.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解：

Explanation:
Step 1: Create a Recovery Services vault.
Immutable vault for Azure Backup
Immutable vault can help you protect your backup data by blocking any operations that could lead to loss of recovery points. Further, you can lock the Immutable vault setting to make it irreversible to prevent any malicious actors from disabling immutability and deleting backups.
Step 2: Enable vault immutability
Step 3: Lock immutability for the vault
Making immutability irreversible
The immutability of a vault is a reversible setting that allows you to disable the immutability (which would allow deletion of backup data) if needed. However, we recommend you, after being satisfied with the impact of immutability, lock the vault to make the Immutable vault settings irreversible, so that any bad actors can't disable it. Therefore, the Immutable vault settings accept following three states.
Reference:
https://learn.microsoft.com/en-us/azure/backup/backup-azure-immutable-vault-concept