ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 20 discussion

Actual exam question from Microsoft's SC-100
Question #: 20
Topic #: 1
[All SC-100 Questions]

HOTSPOT -

For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA).

You need to protect against the following external threats of an attack chain:

• An attacker attempts to exfiltrate data to external websites.
• An attacker attempts lateral movement across domain-joined computers.

What should you include in the recommendation for each threat? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by AMDf at Jan. 8, 2023, 4:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sam_Gutterson
Highly Voted 2 years, 3 months ago
Exfiltration of data - Defender for Cloud Apps Data across domains - Defender for Identity Reference: MCRA Slide 15
upvoted 83 times
plantbased
5 months, 4 weeks ago
Correct. https://learn.microsoft.com/en-us/compliance/assurance/assurance-data-exfiltration-access-controls
upvoted 1 times
...
SFAY
1 year, 2 months ago
Correct, however MCRA(2023) slide number is 67
upvoted 6 times
...
...
cyber_sa
Highly Voted 1 year, 6 months ago
got this in exam 6oct23. passed with 896 marks. I answered MD FOR CLOUD APPS MD FOR IDENTITY
upvoted 16 times
allinict_111
1 year, 3 months ago
that's not mean that's the answer, we must know if that's the answer to this question if not please say nothing then.
upvoted 2 times
Ramye
1 year, 3 months ago
Be thankful that s/he’s sharing this and the fact s/he’s got high score, most likely this is correct.
upvoted 8 times
...
...
...
Ali96
Most Recent 2 months, 1 week ago
An attacker attempts to exfiltrate data to external websites: Microsoft Defender for Cloud Apps An attacker attempts lateral movement across domain-joined computers: Microsoft Defender for Identity
upvoted 3 times
...
Pinpin42
6 months ago
https://learn.microsoft.com/en-us/training/modules/case-study-design-solutions-security-best-practices-priorities/3-case-study-answers To prevent a ransomware attacker from copying files outside of the Microsoft 365 tenant, customers can use Microsoft Purview Data Loss Prevention (DLP) policies, which detect, warn, and block risky, inadvertent, or inappropriate sharing of data containing personal data and confidential organization information based on sensitivity labels. This can be supplemented by Microsoft Defender for Cloud Apps, which supports session monitoring as part of Conditional Access App Control. The monitoring applies to the flow of data between users and managed applications and can be used to block transfers of business sensitive content.
upvoted 1 times
...
Pinpin42
6 months ago
Exfiltration of data - Defender for Cloud Apps Data across domains - Defender for Identity Reference: MCRA Slide 67 and https://learn.microsoft.com/en-us/training/modules/design-resiliency-strategy-common-cyberthreats-like-ransomware/1-common-cyberthreats-attack-patterns
upvoted 1 times
...
Ruttoh
7 months ago
To protect against the specified external threats in a Microsoft cloud environment based on the Microsoft Cybersecurity Reference Architectures (MCRA), you should include the following recommendations: For an attacker attempting to exfiltrate data to external websites: Microsoft Defender for Cloud Apps: This solution provides comprehensive visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your cloud services1. For an attacker attempting lateral movement across domain-joined computers: Microsoft Defender for Identity: This tool helps detect and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization https://learn.microsoft.com/en-us/security/adoption/mcra
upvoted 1 times
...
b9e98e8
11 months ago
I dont know correct answer but here is though: MDO - Email forwarding rule Defender For Cloud - Suspicious Network behavior + user anomaly behavior + Suspicious File Activity Alert MDCA - Cloud Anomaly detection ( supply chain attack) , This policy will be depreciated Sentinel - UBEA , custom KQL based alerts ( for data weight based transaction , number of transaction) + Single browser session + DNS sinkhole alerts from custom Firewall Data sources ALL of above are indicators of Data Exfiltration.
upvoted 1 times
...
Navya6784
11 months, 1 week ago
Exfiltration of data - MS Defender for Cloud Apps Data across domains - Defender for Identity
upvoted 1 times
...
TamZei
1 year ago
Preventing Data Exfiltration is by Microsoft Defender for Cloud Apps https://learn.microsoft.com/en-us/compliance/assurance/assurance-data-exfiltration-access-controls#:~:text=against%20replay%20attacks.-,Microsoft%20Defender%20for%20Cloud%20Apps,-Actions%20that%20would
upvoted 1 times
...
Murtuza
1 year, 3 months ago
Actions that would compromise the security of customer data must be detected and prevented. For example, employees may be using an unapproved cloud application for storing sensitive corporate data or downloading a vast number of sensitive files for exfiltration. These actions can be prevented by Microsoft Defender for Cloud Apps.
upvoted 3 times
...
UberTech_1888
1 year, 9 months ago
the keyword is "Attacker" = "Identity"
upvoted 1 times
...
zellck
1 year, 11 months ago
1. Microsoft Defender for Cloud Apps 2. Microsoft Defender for Identity https://learn.microsoft.com/en-us/defender-for-identity/what-is Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
upvoted 3 times
...
Fal991l
2 years, 1 month ago
An attacker attempts to exfiltrate data to external websites: Microsoft Defender for Office 365 An attacker attempts lateral movement across domain-joined computers: Microsoft Defender for Identity
upvoted 3 times
Fal991l
2 years, 1 month ago
To protect against an attacker attempting to exfiltrate data to external websites, the best solution would be to use Microsoft Defender for Office 365, which can help detect and prevent data exfiltration attempts. It provides data loss prevention (DLP) policies that can identify and protect sensitive information, and advanced threat protection (ATP) that can detect and block suspicious activities. To protect against an attacker attempting lateral movement across domain-joined computers, the best solution would be to use Microsoft Defender for Identity. It provides continuous monitoring of user activities, behavior analytics, and machine learning-based detection capabilities to identify and block suspicious activities. It can also help identify and remediate weak passwords, and enforce multi-factor authentication (MFA) policies to prevent unauthorized access. Microsoft Defender for Identity can also integrate with other security solutions, such as Azure Sentinel, to provide a comprehensive security solution.
upvoted 1 times
Fal991l
2 years, 1 month ago
While Microsoft Defender for Cloud Apps can help protect against data exfiltration attempts, it is primarily focused on protecting against threats to cloud applications, such as Microsoft 365, Dynamics 365, and more. It can monitor user activity, detect suspicious behavior, and help enforce policies to prevent data exfiltration. However, if an attacker is attempting to exfiltrate data from a device or a network that is not connected to a cloud application, Microsoft Defender for Cloud Apps may not be effective. In this case, Microsoft Defender for Office 365, which provides advanced threat protection and data loss prevention policies, would be a better solution. So, for protecting against an attacker attempting to exfiltrate data to external websites, the best solution would be to use Microsoft Defender for Office 365, which is specifically designed for this purpose.
upvoted 1 times
Holii
1 year, 10 months ago
Defender for O365 is designed for SharePoint, Exchange and phishing/spam attempts for data transferred via email. It is not designed to handle data being exfiltrated to websites. Also, I am not even sure if Microsoft Defender for O365 can do DLP anymore, I believe that functionality has been shifted to Microsoft Purview. MDCA is designed for data exfiltration/tracking for websites, and CAN still perform DLP through its action portal (it has separate functionality from Purview) on a variety of policy-types.
upvoted 3 times
...
...
...
...
OCHT
2 years, 1 month ago
For Box 1: The recommendation should be MS Defender for Cloud Apps as it can protect the cloud application and its data from unauthorized access, and it has the capability to detect and prevent data exfiltration attempts. For Box 2: The recommendation should be MS Defender for Identity, as it can protect against lateral movement by detecting and blocking suspicious activities across domain-joined computers. It can also identify and remediate misconfigurations and vulnerabilities in the identity infrastructure that attackers could exploit to move laterally.
upvoted 7 times
...
AJ2021
2 years, 1 month ago
First answer incorrect. Should be: MDCA MDI
upvoted 1 times
...
Gurulee
2 years, 2 months ago
"Employees may be using an unapproved cloud application for storing sensitive corporate data or downloading a vast number of sensitive files for exfiltration. These actions can be prevented by Microsoft Defender for Cloud Apps."
upvoted 3 times
...
buguinha
2 years, 2 months ago
Defender Cloud Apps to the first and MDI to the second
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago