Question 1mediummultiple choice
Read the full Design solutions that align with security best practices and priorities explanation →SC-100 Design solutions that align with security best practices and priorities • Complete Question Bank
Complete SC-100 Design solutions that align with security best practices and priorities question bank — all 0 questions with answers and detailed explanations.
{
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk",
"exists": "true"
}
]
},
"then": {
"effect": "auditIfNotExists",
"details": {
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Azure.Security"
}
}
}
}
}Microsoft Defender for Cloud | Regulatory Compliance Controls: - CIS Controls v8: 16/20 passed - ISO 27001: 42/48 passed - NIST SP 800-53 Rev5: 85/100 passed - PCI DSS v3.2.1: 12/15 passed - SOC 2 Type II: 20/25 passed Top recommendations by severity: 1. Critical: VMs should be migrated from classic to ARM (3 resources) 2. Critical: Vulnerability assessment should be enabled on SQL databases (5 resources) 3. High: MFA should be enabled on accounts with owner permissions (2 resources) 4. Medium: Diagnostic logs in Key Vault should be enabled (10 resources)
{
"properties": {
"templateLink": null,
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-02-01",
"name": "[parameters('storageName')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"minimumTlsVersion": "TLS1_0",
"supportsHttpsTrafficOnly": false
}
}
]
}
}
}{
"policy": {
"if": {
"field": "Microsoft.Security/customAssessment.name",
"equals": "Ensure web app redirects HTTP to HTTPS"
},
"then": {
"effect": "auditIfNotExists",
"details": {
"type": "Microsoft.Security/assessments",
"name": "web-app-http-redirect",
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"equals": "Healthy"
}
}
}
}
}SecurityAlert | where AlertName == "Malware detected" | summarize Count = count() by Computer, bin(TimeGenerated, 1d) | where Count > 2
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2020-06-01",
"name": "nsg-web",
"properties": {
"securityRules": [
{
"name": "AllowHTTP",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "DenyAll",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 200,
"direction": "Inbound"
}
}
]
}
}
]
}Refer to the exhibit.
{
"properties": {
"displayName": "Require MFA for admins",
"state": "enabled",
"conditions": {
"applications": {
"includeApplications": ["All"]
},
"users": {
"includeRoles": ["Global Administrator"]
}
},
"grantControls": {
"builtInControls": ["mfa"]
}
}
}Refer to the exhibit. $storageAccount = Get-AzStorageAccount -ResourceGroupName "RG-Security" -Name "stgsecdata" $container = Get-AzStorageContainer -Context $storageAccount.Context -Name "logs" $containerName = $container.Name $blob = Get-AzStorageBlob -Container $containerName -Context $storageAccount.Context -Blob "access.log" $blob.ICloudBlob.Properties.IsAccessTimeTrackingEnabled
Refer to the exhibit. SecurityEvent | where TimeGenerated > ago(7d) | where EventID == 4625 | summarize FailedLogons = count() by Account, IpAddress | where FailedLogons > 10
{
"properties": {
"displayName": "Block high-risk sign-ins",
"conditions": {
"userRiskLevels": ["high"],
"signInRiskLevels": [],
"clientAppTypes": ["all"],
"applications": {
"includeApplications": ["All"]
},
"users": {
"includeUsers": ["All"]
}
},
"grantControls": {
"builtInControls": ["block"]
}
}
}SecurityAlert | where AlertName == "Malware detected" | extend DeviceName = tostring(CompromisedEntity) | join kind=inner ( DeviceInfo | where Timestamp > ago(7d) | project DeviceName, OSVersion, IsManaged ) on DeviceName | where IsManaged == false
resourceGroup: myResourceGroup
parameters:
- name: location
type: string
defaultValue: eastus
resources:
- type: Microsoft.Storage/storageAccounts
name: mystorageaccount
properties:
supportsHttpsTrafficOnly: true
minimumTlsVersion: TLS1_2
networkAcls:
defaultAction: Deny
ipRules: []
virtualNetworkRules: []Refer to the exhibit.
```json
{
"properties": {
"displayName": "Require MFA for admins",
"state": "enabled",
"conditions": {
"users": {
"includeRoles": ["Global Administrator", "Security Administrator"]
},
"applications": {
"includeApplications": ["All"]
}
},
"grantControls": {
"builtInControls": ["mfa"],
"operator": "OR"
}
}
}
```Refer to the exhibit. ```kusto SecurityAlert | where TimeGenerated > ago(7d) | where AlertName contains "Mimikatz" | extend UserName = tostring(parse_json(Entities)[0].AccountName) | summarize Count = count() by UserName | top 10 by Count desc ```
Refer to the exhibit.
```json
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2021-04-01",
"name": "[parameters('storageAccountName')]/default/[parameters('containerName')]",
"properties": {
"publicAccess": "None"
}
}
```