ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 40 discussion

Actual exam question from Microsoft's SC-100
Question #: 40
Topic #: 2
[All SC-100 Questions]

HOTSPOT
-

You are designing the security architecture for a cloud-only environment.

You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA).

You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements:

• Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal.
• Detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting.

What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Victory007 at Aug. 5, 2023, 3:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Victory007
Highly Voted 1 year, 8 months ago
1. Purview- For the requirement to enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal, you should include Microsoft Purview in your recommendation. https://learn.microsoft.com/en-us/microsoft-365/security/defender/dlp-investigate-alerts-defender?view=o365-worldwide 2. MS Defender for Identity. Microsoft Defender for Cloud Apps provides user entity behavioral analytics (UEBA) in the cloud. This can be extended to your on-premises environment by integrating with Microsoft Defender for Identity. After you integrate with Defender for Identity, you’ll also gain context around user identity from its native integration with Active Directory. https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-ueba
upvoted 19 times
...
hovlund
Highly Voted 1 year, 6 months ago
It is NOT Defender for Identity because its a cloud only environment..., i agree with ServerBrian: Purview and Identity Protection
upvoted 14 times
RoboCock
2 weeks, 6 days ago
agreed! need to read carefully, for cloud-only MDI does not help. same time EIDP integration with XDR portal is not perfect, but it's the best choice to go with identity protection.
upvoted 1 times
...
Azerty1313
1 year, 4 months ago
Agree. Azure ID protect is a better fit as it is Azure only. https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-investigation-priority-built-on-user-and-entity/ba-p/360853#:~:text=UEBA%20for%20Azure%20ATP%2C%20MCAS%2C%20and%20Azure%20AD%20Identity%20Protection&text=Activities%20and%20events%20from%20these,organization%2C%20should%20they%20be%20compromised.
upvoted 1 times
...
...
Socgen1
Most Recent 9 months, 2 weeks ago
DLP - Purview UEBA - Identity Protection as it is cloud only environment - because Microsoft Defender for Identity (formerly Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. To detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting using Defender for Identity
upvoted 2 times
...
emartiy
10 months, 1 week ago
As other mentioned.. DLP > Microsoft Purview other options do not fulfill requirement UEBA > for cloud based checks Azure AD Identity protection when you refer to question and given environment... Don't miss point.
upvoted 3 times
...
macka2005
10 months, 1 week ago
1. Purview 2. Microsoft Defender for Identity - "Defender for Identity is fully integrated with Microsoft Defender XDR, and leverages signals from both on-premises Active Directory and cloud identities to help you better identify, detect, and investigate advanced threats directed at your organization." https://learn.microsoft.com/en-us/defender-for-identity/what-is
upvoted 1 times
...
ubiquituz
1 year, 1 month ago
Microsoft Defender for Identity To help you focus on user identity, Microsoft Defender for Cloud Apps provides user entity behavioral analytics (UEBA) in the cloud. This can be extended to your on-premises environment by integrating with Microsoft Defender for Identity. After you integrate with Defender for Identity, you'll also gain context around user identity from its native integration with Active Directory.
upvoted 2 times
...
ayadmawla
1 year, 3 months ago
Just remember that "MS Defender for Identity" is for on premise AD identity protection and not the Cloud Identity as the case in this question. see: https://learn.microsoft.com/en-us/defender-for-identity/what-is#detect-threats-across-modern-identity-environments Defender for Identity uses data from across your environment, including domain controllers, Active Directory Federation Services (AD FS), and Active Directory Certificate services (AD CS), to provide you with a complete view of your identity environment. Defender for Identity sensors monitor domain controller traffic by default. For AD FS / AD CS servers, make sure to install the relevant sensor type for complete identity monitoring.
upvoted 2 times
...
cybrtrk
1 year, 3 months ago
Purview is correct No active directory in this question, so UEBA should be Azure AD Identity Protection.
upvoted 3 times
...
summut
1 year, 4 months ago
1 = Purview 2 = Identity Protection (MDI is a Hybrid solution mainly for monitoring and protecting on-prem identities)
upvoted 3 times
...
Arjanussie
1 year, 4 months ago
It is a design of a cloud only environment and Yes, Azure AD Identity Protection provides User and Entity Behavior Analytics (UEBA) functionality . UEBA uses artificial intelligence and machine learning to model how users and devices typically behave. It then compares future behavior against the baseline to create a risk score. This allows you to analyze large data sets and elevate the highest-priority alerts
upvoted 3 times
...
smanzana
1 year, 6 months ago
Microsoft Purview and Microsoft Defender for Identity
upvoted 1 times
...
KrissB
1 year, 8 months ago
Purview and Microsoft Defender for Identity. MDI is a pre-requisite UEBA across various security workloads.
upvoted 6 times
...
ServerBrain
1 year, 8 months ago
Purview and Identity Protection https://learn.microsoft.com/en-us/azure/security/fundamentals/threat-detection
upvoted 2 times
...
sbnpj
1 year, 8 months ago
Purview and Defender for Identity https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-suspicious-activity
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago