최신 SC-500 무료덤프 - Microsoft Implementing End-to-End Security Controls for Cloud and AI Workloads
You are configuring a new Microsoft Sentinel workspace named Workspace1.
You have an external IT Service Management (ITSM) system that is NOT supported by any Microsoft Sentinel solutions in Azure Marketplace.
You need to ensure that Workspace1 creates service tickets in the ITSM system for all new security incidents.
What should you create?
You have an external IT Service Management (ITSM) system that is NOT supported by any Microsoft Sentinel solutions in Azure Marketplace.
You need to ensure that Workspace1 creates service tickets in the ITSM system for all new security incidents.
What should you create?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
You have an Azure subscription that contains the following resources:
- An Azure SQL Database logical server named Server1 that contains a database named DB1
- An Azure SQL Managed Instance named Instance1 that contains a database named DB2
You need to configure database auditing. The solution must meet the following requirements:
- Ensure that audit data is centrally available in a location that supports for KQL queries.
- Minimize ongoing administrative effort as additional databases are added.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the following resources:
- An Azure SQL Database logical server named Server1 that contains a database named DB1
- An Azure SQL Managed Instance named Instance1 that contains a database named DB2
You need to configure database auditing. The solution must meet the following requirements:
- Ensure that audit data is centrally available in a location that supports for KQL queries.
- Minimize ongoing administrative effort as additional databases are added.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create a hunting query.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create a hunting query.
Does this meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Case Study 2 - Fabrikam, Inc.
Overview
Fabrikam, Inc. is a consulting company. The company has a main office in New York City and branch offices in Amsterdam and Singapore.
Existing Environment. Network environment
The on-premises network contains a datacenter in each office.
Existing Environment. Cloud environment
Fabrikam has two Azure subscriptions named Sub1 and Sub2 and a Microsoft 365 subscription that includes Microsoft 365 E5 licenses.
All the subscriptions are linked to a Microsoft Entra tenant named fabrikam.com that contains the identities shown in the following table.
The tenant contains the groups shown in the following table.
All devices are enrolled in Microsoft Intune.
Existing Environment. Sub1 Resources
Sub1 contains a resource group named RG1 that contains the resources shown in the following table.
SQLServer1 uses Microsoft SQL Server authentication.
Sub1 has an Azure Web Application Firewall (WAF) named WAF1 that has the following types of rule sets:
- Bot Manager 1.1
- Azure-managed Default Rule Set (DRS)
Sub1 has the following compliance standards assigned in Microsoft Defender for Cloud:
- NIST SP 800-53 Rev. 4
- Microsoft cloud security benchmark (MCSB)
- System and Organization Controls (SOC) 2 Type 2
Existing Environment. Sub2 Resources
Sub2 contains a resource group named RG2.
Planned Changes and Requirements. Planned Changes
Fabrikam plans to implement the following changes:
- Deploy the following key vaults to RG1:
* AKV2 in the West Europe Azure region
* AKV3 in the Central US Azure region
* AKV4 in the East US Azure region
- Deploy the following key vaults to RG2:
* AKV5 in the East US region
- Configure VM1 to read data from storage1.
- Create function apps that have the following hosting plans:
* Fa1: Flex Consumption hosting plan
* Fa2: Consumption hosting plan
* Fa3: Dedicated hosting plan
- For WAF1, implement rate limiting rules based on the request
location.
- Enable the NIST SP 800-53 Rev. 5 compliance standard in Defender for
Cloud.
- Create a new storage account named storage2 that supports Azure Table storage.
- Enforce multifactor authentication (MFA) when database administrators access SQLdb1.
- Implement ExpressRoute circuits to the on-premises network as shown
in the following table.
- For RG1, create a new Privileged Identity Management (PIM) eligible role assignment that assigns the Contributor role to supported groups.
Planned Changes and Requirements. Technical Requirements
Fabrikam has the following technical requirements:
- If VM1 is deleted, the permissions for VM1 must be removed
automatically.
- The AKS1 managed identity must only be able to pull images from
Registry1.
- The ID1 managed identity must be able to push images to and pull
images from Registry1.
- All the data in the storage accounts must be encrypted by using
Fabrikam-managed keys.
- All outbound traffic from the function apps to the on-premises
network must use ExpressRoute circuits.
- ExpressRoute connectivity between the on-premises network and the
Azure environment must be encrypted by using Layer 2 or Layer 3
encryption.
You need to delegate a user to implement the planned change for Defender for Cloud. The solution must follow the principle of least privilege. Which user should you choose?
Overview
Fabrikam, Inc. is a consulting company. The company has a main office in New York City and branch offices in Amsterdam and Singapore.
Existing Environment. Network environment
The on-premises network contains a datacenter in each office.
Existing Environment. Cloud environment
Fabrikam has two Azure subscriptions named Sub1 and Sub2 and a Microsoft 365 subscription that includes Microsoft 365 E5 licenses.
All the subscriptions are linked to a Microsoft Entra tenant named fabrikam.com that contains the identities shown in the following table.
The tenant contains the groups shown in the following table.
All devices are enrolled in Microsoft Intune.
Existing Environment. Sub1 Resources
Sub1 contains a resource group named RG1 that contains the resources shown in the following table.
SQLServer1 uses Microsoft SQL Server authentication.
Sub1 has an Azure Web Application Firewall (WAF) named WAF1 that has the following types of rule sets:
- Bot Manager 1.1
- Azure-managed Default Rule Set (DRS)
Sub1 has the following compliance standards assigned in Microsoft Defender for Cloud:
- NIST SP 800-53 Rev. 4
- Microsoft cloud security benchmark (MCSB)
- System and Organization Controls (SOC) 2 Type 2
Existing Environment. Sub2 Resources
Sub2 contains a resource group named RG2.
Planned Changes and Requirements. Planned Changes
Fabrikam plans to implement the following changes:
- Deploy the following key vaults to RG1:
* AKV2 in the West Europe Azure region
* AKV3 in the Central US Azure region
* AKV4 in the East US Azure region
- Deploy the following key vaults to RG2:
* AKV5 in the East US region
- Configure VM1 to read data from storage1.
- Create function apps that have the following hosting plans:
* Fa1: Flex Consumption hosting plan
* Fa2: Consumption hosting plan
* Fa3: Dedicated hosting plan
- For WAF1, implement rate limiting rules based on the request
location.
- Enable the NIST SP 800-53 Rev. 5 compliance standard in Defender for
Cloud.
- Create a new storage account named storage2 that supports Azure Table storage.
- Enforce multifactor authentication (MFA) when database administrators access SQLdb1.
- Implement ExpressRoute circuits to the on-premises network as shown
in the following table.
- For RG1, create a new Privileged Identity Management (PIM) eligible role assignment that assigns the Contributor role to supported groups.
Planned Changes and Requirements. Technical Requirements
Fabrikam has the following technical requirements:
- If VM1 is deleted, the permissions for VM1 must be removed
automatically.
- The AKS1 managed identity must only be able to pull images from
Registry1.
- The ID1 managed identity must be able to push images to and pull
images from Registry1.
- All the data in the storage accounts must be encrypted by using
Fabrikam-managed keys.
- All outbound traffic from the function apps to the on-premises
network must use ExpressRoute circuits.
- ExpressRoute connectivity between the on-premises network and the
Azure environment must be encrypted by using Layer 2 or Layer 3
encryption.
You need to delegate a user to implement the planned change for Defender for Cloud. The solution must follow the principle of least privilege. Which user should you choose?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft Sentinel workspace named Workspace1.
You have 100 on-premises servers that run Linux and have the Azure Monitor Agent installed.
You need to collect Syslog events from the Linux servers. The solution must meet the following requirements:
- Ensure that filtering occurs before data is written to Workspace1.
- Reduce ingestion costs by excluding low-value Syslog messages.
What should you include in the solution?
You have 100 on-premises servers that run Linux and have the Azure Monitor Agent installed.
You need to collect Syslog events from the Linux servers. The solution must meet the following requirements:
- Ensure that filtering occurs before data is written to Workspace1.
- Reduce ingestion costs by excluding low-value Syslog messages.
What should you include in the solution?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create an automation rule.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create an automation rule.
Does this meet the goal?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Drag and Drop Question
You have an Azure virtual network named VNet1 that contains an AzureBastionSubnet. VNet1 contains a subnet named Subnet1. Subnet1 contains multiple virtual machines.
You plan to deploy Azure Bastion to provide secure RDP access to the virtual machines on Subnet1. You associate a network security group (NSG) named NSG1 to AzureBastionSubnet.
You need to configure rules for NSG1. The solution must meet the following requirements:
- Allow required inbound access to Azure Bastion from the internet.
- Allow user access to the virtual machines by using Azure Bastion.
Which TCP ports should you allow for the NSG1 rules? To answer, drag the appropriate ports to the correct rules. Each port may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named VNet1 that contains an AzureBastionSubnet. VNet1 contains a subnet named Subnet1. Subnet1 contains multiple virtual machines.
You plan to deploy Azure Bastion to provide secure RDP access to the virtual machines on Subnet1. You associate a network security group (NSG) named NSG1 to AzureBastionSubnet.
You need to configure rules for NSG1. The solution must meet the following requirements:
- Allow required inbound access to Azure Bastion from the internet.
- Allow user access to the virtual machines by using Azure Bastion.
Which TCP ports should you allow for the NSG1 rules? To answer, drag the appropriate ports to the correct rules. Each port may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create an analytics rule.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create an analytics rule.
Does this meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Case Study 2 - Fabrikam, Inc.
Overview
Fabrikam, Inc. is a consulting company. The company has a main office in New York City and branch offices in Amsterdam and Singapore.
Existing Environment. Network environment
The on-premises network contains a datacenter in each office.
Existing Environment. Cloud environment
Fabrikam has two Azure subscriptions named Sub1 and Sub2 and a Microsoft 365 subscription that includes Microsoft 365 E5 licenses.
All the subscriptions are linked to a Microsoft Entra tenant named fabrikam.com that contains the identities shown in the following table.
The tenant contains the groups shown in the following table.
All devices are enrolled in Microsoft Intune.
Existing Environment. Sub1 Resources
Sub1 contains a resource group named RG1 that contains the resources shown in the following table.
SQLServer1 uses Microsoft SQL Server authentication.
Sub1 has an Azure Web Application Firewall (WAF) named WAF1 that has the following types of rule sets:
- Bot Manager 1.1
- Azure-managed Default Rule Set (DRS)
Sub1 has the following compliance standards assigned in Microsoft Defender for Cloud:
- NIST SP 800-53 Rev. 4
- Microsoft cloud security benchmark (MCSB)
- System and Organization Controls (SOC) 2 Type 2
Existing Environment. Sub2 Resources
Sub2 contains a resource group named RG2.
Planned Changes and Requirements. Planned Changes
Fabrikam plans to implement the following changes:
- Deploy the following key vaults to RG1:
* AKV2 in the West Europe Azure region
* AKV3 in the Central US Azure region
* AKV4 in the East US Azure region
- Deploy the following key vaults to RG2:
* AKV5 in the East US region
- Configure VM1 to read data from storage1.
- Create function apps that have the following hosting plans:
* Fa1: Flex Consumption hosting plan
* Fa2: Consumption hosting plan
* Fa3: Dedicated hosting plan
- For WAF1, implement rate limiting rules based on the request
location.
- Enable the NIST SP 800-53 Rev. 5 compliance standard in Defender for
Cloud.
- Create a new storage account named storage2 that supports Azure Table storage.
- Enforce multifactor authentication (MFA) when database administrators access SQLdb1.
- Implement ExpressRoute circuits to the on-premises network as shown
in the following table.
- For RG1, create a new Privileged Identity Management (PIM) eligible role assignment that assigns the Contributor role to supported groups.
Planned Changes and Requirements. Technical Requirements
Fabrikam has the following technical requirements:
- If VM1 is deleted, the permissions for VM1 must be removed
automatically.
- The AKS1 managed identity must only be able to pull images from
Registry1.
- The ID1 managed identity must be able to push images to and pull
images from Registry1.
- All the data in the storage accounts must be encrypted by using
Fabrikam-managed keys.
- All outbound traffic from the function apps to the on-premises
network must use ExpressRoute circuits.
- ExpressRoute connectivity between the on-premises network and the
Azure environment must be encrypted by using Layer 2 or Layer 3
encryption.
You need to implement the function apps to meet the technical requirements. Which apps should you include in the implementation?
Overview
Fabrikam, Inc. is a consulting company. The company has a main office in New York City and branch offices in Amsterdam and Singapore.
Existing Environment. Network environment
The on-premises network contains a datacenter in each office.
Existing Environment. Cloud environment
Fabrikam has two Azure subscriptions named Sub1 and Sub2 and a Microsoft 365 subscription that includes Microsoft 365 E5 licenses.
All the subscriptions are linked to a Microsoft Entra tenant named fabrikam.com that contains the identities shown in the following table.
The tenant contains the groups shown in the following table.
All devices are enrolled in Microsoft Intune.
Existing Environment. Sub1 Resources
Sub1 contains a resource group named RG1 that contains the resources shown in the following table.
SQLServer1 uses Microsoft SQL Server authentication.
Sub1 has an Azure Web Application Firewall (WAF) named WAF1 that has the following types of rule sets:
- Bot Manager 1.1
- Azure-managed Default Rule Set (DRS)
Sub1 has the following compliance standards assigned in Microsoft Defender for Cloud:
- NIST SP 800-53 Rev. 4
- Microsoft cloud security benchmark (MCSB)
- System and Organization Controls (SOC) 2 Type 2
Existing Environment. Sub2 Resources
Sub2 contains a resource group named RG2.
Planned Changes and Requirements. Planned Changes
Fabrikam plans to implement the following changes:
- Deploy the following key vaults to RG1:
* AKV2 in the West Europe Azure region
* AKV3 in the Central US Azure region
* AKV4 in the East US Azure region
- Deploy the following key vaults to RG2:
* AKV5 in the East US region
- Configure VM1 to read data from storage1.
- Create function apps that have the following hosting plans:
* Fa1: Flex Consumption hosting plan
* Fa2: Consumption hosting plan
* Fa3: Dedicated hosting plan
- For WAF1, implement rate limiting rules based on the request
location.
- Enable the NIST SP 800-53 Rev. 5 compliance standard in Defender for
Cloud.
- Create a new storage account named storage2 that supports Azure Table storage.
- Enforce multifactor authentication (MFA) when database administrators access SQLdb1.
- Implement ExpressRoute circuits to the on-premises network as shown
in the following table.
- For RG1, create a new Privileged Identity Management (PIM) eligible role assignment that assigns the Contributor role to supported groups.
Planned Changes and Requirements. Technical Requirements
Fabrikam has the following technical requirements:
- If VM1 is deleted, the permissions for VM1 must be removed
automatically.
- The AKS1 managed identity must only be able to pull images from
Registry1.
- The ID1 managed identity must be able to push images to and pull
images from Registry1.
- All the data in the storage accounts must be encrypted by using
Fabrikam-managed keys.
- All outbound traffic from the function apps to the on-premises
network must use ExpressRoute circuits.
- ExpressRoute connectivity between the on-premises network and the
Azure environment must be encrypted by using Layer 2 or Layer 3
encryption.
You need to implement the function apps to meet the technical requirements. Which apps should you include in the implementation?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)