SC-100 Design security for infrastructure • Complete Question Bank
Complete SC-100 Design security for infrastructure question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```json
{
"properties": {
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk",
"exists": "true"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.storageAccountType",
"notEquals": "Premium_LRS"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.diskSizeGB",
"greater": 1023
}
]
}
]
},
"then": {
"effect": "audit"
}
}
}
}
```Refer to the exhibit.
```
$ kubectl get pods -n production
NAME READY STATUS RESTARTS AGE
webapp-7d5b6c8b9-abc 1/1 Running 0 2d
webapp-7d5b6c8b9-def 1/1 Running 0 2d
$ kubectl get networkpolicy -n production
NAME POD-SELECTOR AGE
allow-egress-dns {} 1d
$ kubectl describe networkpolicy allow-egress-dns -n production
...
Spec:
PodSelector: <none>
Egress:
To:
- NamespaceSelector: {}
PodSelector:
MatchLabels:
k8s-app: kube-dns
Ports:
- Port: 53
Protocol: UDP
PolicyTypes:
- Egress
```Refer to the exhibit.
{
"properties": {
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.storageAccountType",
"in": [
"Standard_LRS",
"StandardSSD_LRS"
]
}
]
},
"then": {
"effect": "deny"
}
}
}
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Stateful packet filtering at subnet or NIC
Managed, cloud-native firewall with threat intelligence
Protects web apps from common exploits
Always-on traffic monitoring and mitigation
Access PaaS services over private endpoint
Drag a concept onto its matching description — or click a concept then click the description.
Security information and event management
Extended detection and response (XDR)
Cloud security posture management
Identity risk detection and remediation
Data governance and compliance