Harshu10

Venture Capital Field Explored

I'm really thrilled to have had the opportunity to speak to two very influential minds in the venture capital sphere - Mike Devlin & Bob Crants from Pharos Funds. Not only are Mike & Bob smart guys with some fascinating stories, they're also my kind of people - their fund seeks out companies that others overlook: 5e drow names

A notable element about Pharos is that we focus intently on markets that have been traditionally under served. This can include companies in states that my friends on both coasts call "fly over country" that have less VC competition or entrepreneurs who have traditionally been overlooked by institutional VC investors (minorities and women led companies).

That's a great way to get on my good side. In addition, they've contributed some very fine ideas and real life experience about how the VC field operates and what we can see from this next round of investment in web technology:

I agree with the maxim: back a strong management team with a weak business plan over a weak management team with a strong business plan (unless of course you have a controlling interest and can oust the management team). We have seen many good managers create value in a crowded space, weather difficult times with strategic refocus and continually make decisive decisions at the right time.

One weakness we see often is that while management may have a good sense of their overall strategy, they don't wed that with a bullet proof understanding of their financial model. It's a good indica
tion that some portion of the invested capital will be misallocated or misspent.
Go read the whole thing - it's worth the 10 minutes. Many thanks to Bob & Mike, who were very generous with the little time they have available.
UPDATE: Mike has a blog & Bob has a blog; both with some nifty information.



Visit This: getloadedinthepark
Harshu10
0 Likes
0 Shares
Comment
Suggested
Recent
Cards you may also be interested in
[October-2021]New Braindump2go DAS-C01 PDF and VCE Dumps[Q122-Q132]
QUESTION 122 A company has a marketing department and a finance department. The departments are storing data in Amazon S3 in their own AWS accounts in AWS Organizations. Both departments use AWS Lake Formation to catalog and secure their data. The departments have some databases and tables that share common names. The marketing department needs to securely access some tables from the finance department. Which two steps are required for this process? (Choose two.) A.The finance department grants Lake Formation permissions for the tables to the external account for the marketing department. B.The finance department creates cross-account IAM permissions to the table for the marketing department role. C.The marketing department creates an IAM role that has permissions to the Lake Formation tables. Answer: AB QUESTION 123 A human resources company maintains a 10-node Amazon Redshift cluster to run analytics queries on the company's data. The Amazon Redshift cluster contains a product table and a transactions table, and both tables have a product_sku column. The tables are over 100 GB in size. The majority of queries run on both tables. Which distribution style should the company use for the two tables to achieve optimal query performance? A.An EVEN distribution style for both tables B.A KEY distribution style for both tables C.An ALL distribution style for the product table and an EVEN distribution style for the transactions table D.An EVEN distribution style for the product table and an KEY distribution style for the transactions table Answer: B QUESTION 124 A company receives data from its vendor in JSON format with a timestamp in the file name. The vendor uploads the data to an Amazon S3 bucket, and the data is registered into the company's data lake for analysis and reporting. The company has configured an S3 Lifecycle policy to archive all files to S3 Glacier after 5 days. The company wants to ensure that its AWS Glue crawler catalogs data only from S3 Standard storage and ignores the archived files. A data analytics specialist must implement a solution to achieve this goal without changing the current S3 bucket configuration. Which solution meets these requirements? A.Use the exclude patterns feature of AWS Glue to identify the S3 Glacier files for the crawler to exclude. B.Schedule an automation job that uses AWS Lambda to move files from the original S3 bucket to a new S3 bucket for S3 Glacier storage. C.Use the excludeStorageClasses property in the AWS Glue Data Catalog table to exclude files on S3 Glacier storage. D.Use the include patterns feature of AWS Glue to identify the S3 Standard files for the crawler to include. Answer: A QUESTION 125 A company analyzes historical data and needs to query data that is stored in Amazon S3. New data is generated daily as .csv files that are stored in Amazon S3. The company's analysts are using Amazon Athena to perform SQL queries against a recent subset of the overall data. The amount of data that is ingested into Amazon S3 has increased substantially over time, and the query latency also has increased. Which solutions could the company implement to improve query performance? (Choose two.) A.Use MySQL Workbench on an Amazon EC2 instance, and connect to Athena by using a JDBC or ODBC connector. Run the query from MySQL Workbench instead of Athena directly. B.Use Athena to extract the data and store it in Apache Parquet format on a daily basis. Query the extracted data. C.Run a daily AWS Glue ETL job to convert the data files to Apache Parquet and to partition the converted files. Create a periodic AWS Glue crawler to automatically crawl the partitioned data on a daily basis. D.Run a daily AWS Glue ETL job to compress the data files by using the .gzip format. Query the compressed data. E.Run a daily AWS Glue ETL job to compress the data files by using the .lzo format. Query the compressed data. Answer: BC QUESTION 126 A company is sending historical datasets to Amazon S3 for storage. A data engineer at the company wants to make these datasets available for analysis using Amazon Athena. The engineer also wants to encrypt the Athena query results in an S3 results location by using AWS solutions for encryption. The requirements for encrypting the query results are as follows: - Use custom keys for encryption of the primary dataset query results. - Use generic encryption for all other query results. - Provide an audit trail for the primary dataset queries that shows when the keys were used and by whom. Which solution meets these requirements? A.Use server-side encryption with S3 managed encryption keys (SSE-S3) for the primary dataset. Use SSE-S3 for the other datasets. B.Use server-side encryption with customer-provided encryption keys (SSE-C) for the primary dataset. Use server-side encryption with S3 managed encryption keys (SSE-S3) for the other datasets. C.Use server-side encryption with AWS KMS managed customer master keys (SSE-KMS CMKs) for the primary dataset. Use server-side encryption with S3 managed encryption keys (SSE-S3) for the other datasets. D.Use client-side encryption with AWS Key Management Service (AWS KMS) customer managed keys for the primary dataset. Use S3 client-side encryption with client-side keys for the other datasets. Answer: A QUESTION 127 A large telecommunications company is planning to set up a data catalog and metadata management for multiple data sources running on AWS. The catalog will be used to maintain the metadata of all the objects stored in the data stores. The data stores are composed of structured sources like Amazon RDS and Amazon Redshift, and semistructured sources like JSON and XML files stored in Amazon S3. The catalog must be updated on a regular basis, be able to detect the changes to object metadata, and require the least possible administration. Which solution meets these requirements? A.Use Amazon Aurora as the data catalog. Create AWS Lambda functions that will connect and gather the metadata information from multiple sources and update the data catalog in Aurora. Schedule the Lambda functions periodically. B.Use the AWS Glue Data Catalog as the central metadata repository. Use AWS Glue crawlers to connect to multiple data stores and update the Data Catalog with metadata changes. Schedule the crawlers periodically to update the metadata catalog. C.Use Amazon DynamoDB as the data catalog. Create AWS Lambda functions that will connect and gather the metadata information from multiple sources and update the DynamoDB catalog. Schedule the Lambda functions periodically. D.Use the AWS Glue Data Catalog as the central metadata repository. Extract the schema for RDS and Amazon Redshift sources and build the Data Catalog. Use AWS crawlers for data stored in Amazon S3 to infer the schema and automatically update the Data Catalog. Answer: D QUESTION 128 An ecommerce company is migrating its business intelligence environment from on premises to the AWS Cloud. The company will use Amazon Redshift in a public subnet and Amazon QuickSight. The tables already are loaded into Amazon Redshift and can be accessed by a SQL tool. The company starts QuickSight for the first time. During the creation of the data source, a data analytics specialist enters all the information and tries to validate the connection. An error with the following message occurs: "Creating a connection to your data source timed out." How should the data analytics specialist resolve this error? A.Grant the SELECT permission on Amazon Redshift tables. B.Add the QuickSight IP address range into the Amazon Redshift security group. C.Create an IAM role for QuickSight to access Amazon Redshift. D.Use a QuickSight admin user for creating the dataset. Answer: A QUESTION 129 A power utility company is deploying thousands of smart meters to obtain real-time updates about power consumption. The company is using Amazon Kinesis Data Streams to collect the data streams from smart meters. The consumer application uses the Kinesis Client Library (KCL) to retrieve the stream data. The company has only one consumer application. The company observes an average of 1 second of latency from the moment that a record is written to the stream until the record is read by a consumer application. The company must reduce this latency to 500 milliseconds. Which solution meets these requirements? A.Use enhanced fan-out in Kinesis Data Streams. B.Increase the number of shards for the Kinesis data stream. C.Reduce the propagation delay by overriding the KCL default settings. D.Develop consumers by using Amazon Kinesis Data Firehose. Answer: C QUESTION 130 A company needs to collect streaming data from several sources and store the data in the AWS Cloud. The dataset is heavily structured, but analysts need to perform several complex SQL queries and need consistent performance. Some of the data is queried more frequently than the rest. The company wants a solution that meets its performance requirements in a cost-effective manner. Which solution meets these requirements? A.Use Amazon Managed Streaming for Apache Kafka to ingest the data to save it to Amazon S3. Use Amazon Athena to perform SQL queries over the ingested data. B.Use Amazon Managed Streaming for Apache Kafka to ingest the data to save it to Amazon Redshift. Enable Amazon Redshift workload management (WLM) to prioritize workloads. C.Use Amazon Kinesis Data Firehose to ingest the data to save it to Amazon Redshift. Enable Amazon Redshift workload management (WLM) to prioritize workloads. D.Use Amazon Kinesis Data Firehose to ingest the data to save it to Amazon S3. Load frequently queried data to Amazon Redshift using the COPY command. Use Amazon Redshift Spectrum for less frequently queried data. Answer: B QUESTION 131 A manufacturing company uses Amazon Connect to manage its contact center and Salesforce to manage its customer relationship management (CRM) data. The data engineering team must build a pipeline to ingest data from the contact center and CRM system into a data lake that is built on Amazon S3. What is the MOST efficient way to collect data in the data lake with the LEAST operational overhead? A.Use Amazon Kinesis Data Streams to ingest Amazon Connect data and Amazon AppFlow to ingest Salesforce data. B.Use Amazon Kinesis Data Firehose to ingest Amazon Connect data and Amazon Kinesis Data Streams to ingest Salesforce data. C.Use Amazon Kinesis Data Firehose to ingest Amazon Connect data and Amazon AppFlow to ingest Salesforce data. D.Use Amazon AppFlow to ingest Amazon Connect data and Amazon Kinesis Data Firehose to ingest Salesforce data. Answer: B QUESTION 132 A manufacturing company wants to create an operational analytics dashboard to visualize metrics from equipment in near-real time. The company uses Amazon Kinesis Data Streams to stream the data to other applications. The dashboard must automatically refresh every 5 seconds. A data analytics specialist must design a solution that requires the least possible implementation effort. Which solution meets these requirements? A.Use Amazon Kinesis Data Firehose to store the data in Amazon S3. Use Amazon QuickSight to build the dashboard. B.Use Apache Spark Streaming on Amazon EMR to read the data in near-real time. Develop a custom application for the dashboard by using D3.js. C.Use Amazon Kinesis Data Firehose to push the data into an Amazon Elasticsearch Service (Amazon ES) cluster. Visualize the data by using a Kibana dashboard. D.Use AWS Glue streaming ETL to store the data in Amazon S3. Use Amazon QuickSight to build the dashboard. Answer: B 2021 Latest Braindump2go DAS-C01 PDF and DAS-C01 VCE Dumps Free Share: https://drive.google.com/drive/folders/1WbSRm3ZlrRzjwyqX7auaqgEhLLzmD-2w?usp=sharing
[October-2021]New Braindump2go CLF-C01 PDF and VCE Dumps[Q25-Q45]
QUESTION 25 A large organization has a single AWS account. What are the advantages of reconfiguring the single account into multiple AWS accounts? (Choose two.) A.It allows for administrative isolation between different workloads. B.Discounts can be applied on a quarterly basis by submitting cases in the AWS Management Console. C.Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS accounts will be less expensive. D.Having multiple accounts reduces the risks associated with malicious activity targeted at a single account. E.Amazon QuickSight offers access to a cost tool that provides application-specific recommendations for environments running in multiple accounts. Answer: AC QUESTION 26 An online retail company recently deployed a production web application. The system administrator needs to block common attack patterns such as SQL injection and cross-site scripting. Which AWS service should the administrator use to address these concerns? A.AWS WAF B.Amazon VPC C.Amazon GuardDuty D.Amazon CloudWatch Answer: A QUESTION 27 What does Amazon CloudFront provide? A.Automatic scaling for all resources to power an application from a single unified interface B.Secure delivery of data, videos, applications, and APIs to users globally with low latency C.Ability to directly manage traffic globally through a variety of routing types, including latency-based routing, geo DNS, geoproximity, and weighted round robin D.Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and AWS Lambda functions Answer: B QUESTION 28 Which phase describes agility as a benefit of building in the AWS Cloud? A.The ability to pay only when computing resources are consumed, based on the volume of resources that are consumed B.The ability to eliminate guessing about infrastructure capacity needs C. The ability to support innovation through a reduction in the time that is required to make IT resources available to developers D. The ability to deploy an application in multiple AWS Regions around the world in minutes Answer: QUESTION 29 A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports. Which AWS service or group can provide these documents? A.AWS Abuse team B.AWS Artifact C.AWS Support D.AWS Config Answer: B QUESTION 30 Which AWS Trusted Advisor checks are available to users with AWS Basic Support? (Choose two.) A.Service limits B.High utilization Amazon EC2 instances C.Security groups ?specific ports unrestricted D.Load balancer optimization E.Large number of rules in an EC2 security groups Answer: AC QUESTION 31 A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario? A.Create an Amazon S3 bucket for each users. Mount each bucket by using an S3 file system mounting utility. B.Configure and deploy an AWS Storage Gateway file gateway. Connect each user's workstation to the file gateway. C.Move each user's working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user. D.Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users. Answer: B QUESTION 32 Which network security features are supported by Amazon VPC? (Choose two.) A.Network ACLs B.Internet gateways C.VPC peering D.Security groups E.Firewall rules Answer: AD QUESTION 33 A company wants to build a new architecture with AWS services. The company needs to compare service costs at various scales. Which AWS service, tool, or feature should the company use to meet this requirement? A.AWS Compute Optimizer B.AWS Pricing Calculator C.AWS Trusted Advisor D.Cost Explorer rightsizing recommendations Answer: B QUESTION 34 An Elastic Load Balancer allows the distribution of web traffic across multiple: A.AWS Regions. B.Availability Zones. C.Dedicated Hosts. D.Amazon S3 buckets. Answer: B QUESTION 35 Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity? A.Agility B.Elasticity C.Reliability D.Durability Answer: B QUESTION 36 Which AWS services make use of global edge locations? (Choose two.) A.AWS Fargate B.Amazon CloudFront C.AWS Global Accelerator D.AWS Wavelength E.Amazon VPC Answer: BC QUESTION 37 Which of the following are economic benefits of using AWS Cloud? (Choose two.) A.Consumption-based pricing B.Perpetual licenses C.Economies of scale D.AWS Enterprise Support at no additional cost E.Bring-your-own-hardware model Answer: AC QUESTION 38 A company is using Amazon EC2 Auto Scaling to scale its Amazon EC2 instances. Which benefit of the AWS Cloud does this example illustrate? A.High availability B.Elasticity C.Reliability D.Global reach Answer: B QUESTION 39 A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants to alternate to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements? A.AWS Lambda B.Amazon RDS C.AWS Fargate D.Amazon Athena Answer: C QUESTION 40 A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB. What is the MOST operationally efficient solution to delegate permissions? A.Create an IAM role with the required permissions. Attach the role to the EC2 instance. B.Create an IAM user and use its access key and secret access key in the application. C.Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance D.Create an IAM role with the required permissions. Attach the role to the administrative IAM user. Answer: A QUESTION 41 Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model? A.IAM access and secret keys are static, so there is no need to rotate them. B.The customer is responsible for rotating keys. C.AWS will rotate the keys whenever required. D.The AWS Support team will rotate keys when requested by the customer. Answer: B QUESTION 42 A company is running a Microsoft SQL Server instance on premises and is migrating its application to AWS. The company lacks the resources need to refactor the application, but management wants to reduce operational overhead as part of the migration. Which database service would MOST effectively support these requirements? A.Amazon DynamoDB B.Amazon Redshift C.Microsoft SQL Server on Amazon EC2 D.Amazon RDS for SQL Server Answer: D QUESTION 43 A company wants to increase its ability to recover its infrastructure in the case of a natural disaster. Which pillar of the AWS Well-Architected Framework does this ability represent? A.Cost optimization B.Performance efficiency C.Reliability D.Security Answer: C QUESTION 44 Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications? A.AWS Cloud9 B.AWS CodeStar C.AWS Cloud Map D.AWS X-Ray Answer: D QUESTION 45 Which tasks require use of the AWS account root user? (Choose two.) A.Changing an AWS Support plan B.Modifying an Amazon EC2 instance type C.Grouping resources in AWS Systems Manager D.Running applications in Amazon Elastic Kubernetes Service (Amazon EKS) E.Closing an AWS account Answer: AE 2021 Latest Braindump2go CLF-C01 PDF and CLF-C01 VCE Dumps Free Share: https://drive.google.com/drive/folders/1krJU57a_UPVWcWZmf7UYjIepWf04kaJg?usp=sharing
[October-2021]New Braindump2go DOP-C01 PDF and VCE Dumps[Q552-Q557]
QUESTION 552 A company manages an application that stores logs in Amazon CloudWatch Logs. The company wants to archive the logs in Amazon S3. Logs are rarely accessed after 90 days and must be retained for 10 years. Which combination of steps should a DevOps engineer take to meet these requirements? (Choose two.) A.Configure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs to an S3 bucket. B.Configure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehose to stream all logs to an S3 bucket. C.Configure a CloudWatch Logs subscription filter to stream all logs to an S3 bucket. D.Configure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days and to expire logs after 3.650 days. E.Configure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days. Answer: BC QUESTION 553 A company gives its employees limited rights to AWS. DevOps engineers have the ability to assume an administrator role. For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed. How should this be accomplished? A.Configure AWS Config to publish logs to an Amazon S3 bucket. Use Amazon Athena to query the logs and send a notification to the security team when the administrator role is assumed. B.Configure Amazon GuardDuty to monitor when the administrator role is assumed and send a notification to the security team. C.Create an Amazon EventBridge (Amazon CloudWatch Events) event rule using an AWS Management Console sign-in events event pattern that publishes a message to an Amazon SNS topic if the administrator role is assumed. D.Create an Amazon EventBridge (Amazon CloudWatch Events) events rule using an AWS API call that uses an AWS CloudTrail event pattern to trigger an AWS Lambda function that publishes a message to an Amazon SNS topic if the administrator role is assumed. Answer: C QUESTION 554 A development team manages website deployments using AWS CodeDeploy blue/green deployments. The application is running on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. When deploying a new revision, the team notices the deployment eventually fails, but it takes a long time to fail. After further inspection, the team discovers the AllowTraffic lifecycle event ran for an hour and eventually failed without providing any other information. The team wants to ensure failure notices are delivered more quickly while maintaining application availability even upon failure. Which combination of actions should be taken to meet these requirements? (Choose two.) A.Change the deployment configuration to CodeDeployDefault.AllAtOnce to speed up the deployment process by deploying to all of the instances at the same time. B.Create a CodeDeploy trigger for the deployment failure event and make the deployment fail as soon as a single health check failure is detected. C.Reduce the HealthCheckIntervalSeconds and UnhealthyThresholdCount values within the target group health checks to decrease the amount of time it takes for the application to be considered unhealthy. D.Use the appspec.yml file to run a script on the AllowTraffic hook to perform lighter health checks on the application instead of making CodeDeploy wait for the target group health checks to pass. E.Use the appspec,yml file to run a script on the BeforeAllowTraffic hook to perform hearth checks on the application and fail the deployment if the health checks performed by the script are not successful. Answer: AC QUESTION 555 A company is running a number of internet-facing APIs that use an AWS Lambda authorizer to control access. A security team wants to be alerted when a large number of requests are failing authorization, as this may indicate API abuse. Given the magnitude of API requests, the team wants to be alerted only if the number of HTTP 403 Forbidden responses goes above 2% of overall API calls. Which solution will accomplish this? A.Use the default Amazon API Gateway 403Error and Count metrics sent to Amazon CloudWatch, and use metric math to create a CloudWatch alarm. Use the (403Error/Count)*100 mathematical expression when defining the alarm. Set the alarm threshold to be greater than 2. B.Write a Lambda function that fetches the default Amazon API Gateway 403Error and Count metrics sent to Amazon CloudWatch, calculate the percentage of errors, then push a custom metric to CloudWatch named Custorn403Percent. Create a CloudWatch alarm based on this custom metric. Set the alarm threshold to be greater than 2. C.Configure Amazon API Gateway to send custom access logs to Amazon CloudWatch Logs. Create a log filter to produce a custom metric for the HTTP 403 response code named Custom403Error. Use this custom metric and the default API Gateway Count metric sent to CloudWatch, and use metric match to create a CloudWatch alarm. Use the (Custom403Error/Count)*100 mathematical expression when defining the alarm. Set the alarm threshold to be greater than 2. D.Configure Amazon API Gateway to enable custom Amazon CloudWatch metrics, enable the ALL_STATUS_CODE option, and define an APICustom prefix. Use CloudWatch metric math to create a CloudWatch alarm. Use the (APICustom403Error/Count)*100 mathematical expression when defining the alarm. Set the alarm threshold to be greater than 2. Answer: C QUESTION 556 A company uses AWS Organizations to manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present. With solution will accomplish this? A.Create an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled. Save the template to an Amazon S3 bucket that has been shared with all accounts within the company. Update the account creation script pointing to the CloudFormation template in Amazon S3. B.Create an AWS Config organizational rule to check whether EBS encryption is enabled and deploy the rule using the AWS CLI. Create and apply an SCP to prohibit stopping and deleting AWS Config across the organization. C.Create an SCP in Organizations. Set the policy to prevent the launch of Amazon EC2 instances without encryption on the EBS volumes using a conditional expression. Apply the SCP to all AWS accounts. Use Amazon Athena to analyze the AWS CloudTrail output, looking for events that deny an ec2:RunInstances action. D.Deploy an IAM role to all accounts from a single trusted account. Build a pipeline with AWS CodePipeline with a stage in AWS Lambda to assume the IAM role, and list all EBS volumes in the account. Publish a report to Amazon S3. Answer: A QUESTION 557 A company's application is running on Amazon EC2 instances in an Auto Scaling group. A DevOps engineer needs to ensure there are at least four application servers running at all times. Whenever an update has to be made to the application, the engineer creates a new AMI with the updated configuration and updates the AWS CloudFormation template with the new AMI ID. After the stack finishes, the engineer manually terminates the old instances one by one, verifying that the new instance is operational before proceeding. The engineer needs to automate this process. Which action will allow for the LEAST number of manual steps moving forward? A.Update the CloudFormation template to include the UpdatePolicy attribute with the AutoScalingRollingUpdate policy. B.Update the CloudFormation template to include the UpdatePolicy attribute with the AutoScalingReplacingUpdate policy. C.Use an Auto Scaling lifecycle hook to verify that the previous instance is operational before allowing the DevOps engineer's selected instance to terminate. D.Use an Auto Scaling lifecycle hook to confirm there are at least four running instances before allowing the DevOps engineer's selected instance to terminate. Answer: B 2021 Latest Braindump2go DOP-C01 PDF and DOP-C01 VCE Dumps Free Share: https://drive.google.com/drive/folders/1hd6oWmIDwjJEZd1HiDEA_vw9HTVc_nAH?usp=sharing
[October-2021]New Braindump2go SCS-C01 PDF and VCE Dumps[Q503-Q535]
QUESTION 503 A company needs to migrate several applications to AWS. This will require storing more than 5,000 credentials. To meet compliance requirements, the company will use its existing password management system for key rotation, auditing, and integration with third-party secrets containers. The company has a limited budget and is seeking the most cost-effective solution that is still secure. How should the company accomplish this at the LOWEST cost? A.Configure the company's key management solution to integrate with AWS Systems Manager Parameter Store. B.Configure the company's key management solution to integrate with AWS Secrets Manager. C.Use an Amazon S3 encrypted bucket to store the secrets and configure the applications with the appropriate roles to access the secrets. D.Configure the company's key management solution to integrate with AWS CloudHSM. Answer: D QUESTION 504 A company has a web-based application using Amazon CloudFront and running on Amazon Elastic Container Service (Amazon ECS) behind an Application Load Balancer (ALB). The ALB is terminating TLS and balancing load across ECS service tasks. A security engineer needs to design a solution to ensure that application content is accessible only through CloudFront and that it is never accessible directly. How should the security engineer build the MOST secure solution? A.Add an origin custom header. Set the viewer protocol policy to HTTP and HTTPS. Set the origin protocol policy to HTTPS only. Update the application to validate the CloudFront custom header. B.Add an origin custom header. Set the viewer protocol policy to HTTPS only. Set the origin protocol policy to match viewer. Update the application to validate the CloudFront custom header. C.Add an origin custom header. Set the viewer protocol policy to redirect HTTP to HTTPS. Set the origin protocol policy to HTTP only. Update the application to validate the CloudFront custom header. D.Add an origin custom header. Set the viewer protocol policy to redirect HTTP to HTTPS. Set the origin protocol policy to HTTPS only. Update the application to validate the CloudFront custom header. Answer: C QUESTION 505 A large government organization is moving to the cloud and has specific encryption requirements. The first workload to move requires that a customer's data be immediately destroyed when the customer makes that request. Management has asked the security team to provide a solution that will securely store the data, allow only authorized applications to perform encryption and decryption, and allow for immediate destruction of the data. Which solution will meet these requirements? A.Use AWS Secrets Manager and an AWS SDK to create a unique secret for the customer-specific data. B.Use AWS Key Management Service (AWS KMS) and the AWS Encryption SDK to generate and store a data encryption key for each customer. C.Use AWS Key Management Service (AWS KMS) with service-managed keys to generate and store customer-specific data encryption keys. D.Use AWS Key Management Service (AWS KMS) and create an AWS CloudHSM custom key store. Use CloudHSM to generate and store a new CMK for each customer. Answer: A QUESTION 506 A security engineer is defining the controls required to protect the AWS account root user credentials in an AWS Organizations hierarchy. The controls should also limit the impact in case these credentials have been compromised. Which combination of controls should the security engineer propose? (Choose three.) A.Apply the following SCP: B.Apply the following SCP: C.Enable multi-factor authentication (MFA) for the root user. D.Set a strong randomized password and store it in a secure location. E.Create an access key ID and secret access key, and store them in a secure location. F.Apply the following permissions boundary to the root user: Answer: ADF QUESTION 507 A VPC endpoint for Amazon CloudWatch Logs was recently added to a company's VPC. The company's system administrator has verified that private DNS is enabled and that the appropriate route tables and security groups have been updated. The role attached to the Amazon EC2 instance is: The CloudWatch Logs agent is running and attempting to write to a CloudWatch Logs stream in the same AWS account. However, no logs are being updated in CloudWatch Logs. What is the likely cause of this issue? A.The EC2 instance role is not allowing the appropriate Put actions. B.The EC2 instance role policy is incorrect and should be changed to: C.The CloudWatch Logs endpoint policy is not allowing the appropriate Put actions. D.The CloudWatch Logs resource policy is not allowing the appropriate List actions. Answer: C QUESTION 508 Amazon GuardDuty has detected communications to a known command and control endpoint from a company's Amazon EC2 instance. The instance was found to be running a vulnerable version of a common web framework. The company's security operations team wants to quickly identify other compute resources with the specific version of that framework installed. Which approach should the team take to accomplish this task? A.Scan all the EC2 instances for noncompliance with AWS Config. Use Amazon Athena to query AWS CloudTrail logs for the framework installation. B.Scan all the EC2 instances with the Amazon Inspector Network Reachability rules package to identify instances running a web server with RecognizedPortWithListener findings. C.Scan all the EC2 instances with AWS Systems Manager to identify the vulnerable version of the web framework. D.Scan all the EC2 instances with AWS Resource Access Manager to identify the vulnerable version of the web framework. Answer: B QUESTION 509 A security engineer has noticed an unusually high amount of traffic coming from a single IP address. This was discovered by analyzing the Application Load Balancer's access logs. How can the security engineer limit the number of requests from a specific IP address without blocking the IP address? A.Add a rule to the Application Load Balancer to route the traffic originating from the IP address in QUESTION 5and show a static webpage. B.Implement a rate-based rule with AWS WAF. C.Use AWS Shield to limit the originating traffic hit rate. D.Implement the GeoLocation feature in Amazon Route 53. Answer: B QUESTION 510 Unapproved changes were previously made to a company's Amazon S3 bucket. A security engineer configured AWS Config to record configuration changes made to the company's S3 buckets. The engineer discovers there are S3 configuration changes being made, but no Amazon SNS notifications are being sent. The engineer has already checked the configuration of the SNS topic and has confirmed the configuration is valid. Which combination of steps should the security engineer take to resolve the issue? (Choose two.) A.Configure the S3 bucket ACLs to allow AWS Config to record changes to the buckets. B.Configure policies attached to S3 buckets to allow AWS Config to record changes to the buckets. C.Attach the AmazonS3ReadOnlyAccess managed policy to IAM User. D.Verify the security engineer's IAM user has an attached policy that allows all AWS Config actions. E.Assign the AWSConfigRole managed policy to the AWS Config role. Answer: AD QUESTION 511 A security engineer must develop an encryption tool for a company. The company requires a cryptographic solution that supports the ability to perform cryptographic erasure on all resources protected by the key material in 15 minutes or less. Which Aws Key Management Service (AWS KMS) key solution will allow the security engineer to meet these requirements? A.Use imported key material with CMK. B.Use an AWS KMS CMK. C.Use an AWS managed CMK. D.Use an AWS KMS customer managed CMK. Answer: A QUESTION 512 A company deployed an Amazon EC2 instance to a VPC on AWS. A recent alert indicates that the EC2 instance is receiving a suspicious number of requests over an open TCP port from an external source. The TCP port remains open for long periods of time. The company's security team needs to stop all activity to this port from the external source to ensure that the EC2 instance is not being compromised. The application must remain available to other users. Which solution will meet these requirements? A.Update the network ACL that is attached to the subnet that is associated with the EC2 instance. Add a Deny statement for the port and the source IP addresses. B.Update the elastic network interface security group that is attached to the EC2 instance to remove the port from the inbound rule list. C.Update the elastic network interface security group that is attached to the EC2 instance by adding a Deny entry in the inbound list for the port and the source IP addresses. D.Create a new network ACL for the subnet. Deny all traffic from the EC2 instance to prevent data from being removed. Answer: D QUESTION 513 After a recent security audit involving Amazon S3, a company has asked for assistance reviewing its S3 buckets to determine whether the data is properly secured. The first S3 bucket on the list has the following bucket policy: In this bucket policy sufficient to ensure that the data is not publicly accessible? A.Yes, the bucket policy makes the whole bucket publicly accessible despite how the S3 bucket ACL or object ACLs are configured. B.Yes, none of the data in the bucket is publicly accessible, regardless of how the S3 bucket ACL or object ACLs are configured. C.No, the IAM user policy would need to be examined first to determine whether any data is publicly accessible. D.No, the S3 bucket ACL and object ACLs need to be examined first to determine whether any data is publicly accessible. Answer: A QUESTION 514 A security engineer needs to build a solution to turn AWS CloudTrail back on in multiple AWS Regions in case it is ever turned off. What is the MOST efficient way to implement this solution? A.Use AWS Config with a managed rule to trigger the AWS-EnableCloudTrail remediation. B.Create an Amazon EventBridge (Amazon CloudWatch Events) event with a cloudtrail.amazonaws.com event source and a StartLogging event name to trigger an AWS Lambda function to call the StartLogging API. C.Create an Amazon CloudWatch alarm with a cloudtrail.amazonaws.com event source and a StopLogging event name to trigger an AWS Lambda function to call the StartLogging API. D.Monitor AWS Trusted Advisor to ensure CloudTrail logging is enabled. Answer: C QUESTION 515 A company needs to encrypt all of its data stored in Amazon S3. The company wants to use AWS Key Management Service (AWS KMS) to create and manage its encryption keys. The company's security policies require the ability to import the company's own key material for the keys, set an expiration date on the keys, and delete keys immediately, if needed. How should a security engineer set up AWS KMS to meet these requirements? A.Configure AWS KMS and use a custom key store. Create a customer managed CMK with no key material. Import the company's keys and key material into the CMK. B.Configure AWS KMS and use the default key store. Create an AWS managed CMK with no key material. Import the company's keys and key material into the CMK. C.Configure AWS KMS and use the default key store. Create a customer managed CMK with no key material. Import the company's keys and key material into the CMK. D.Configure AWS KMS and use a custom key store. Create an AWS managed CMK with no key material. Import the company's keys and key material into the CMK. Answer: A QUESTION 516 A company has an application that uses an Amazon RDS PostgreSQL database. The company is developing an application feature that will store sensitive information for an individual in the database. During a security review of the environment, the company discovers that the RDS DB instance is not encrypting data at rest. The company needs a solution that will provide encryption at rest for all the existing data and for any new data that is entered for an individual. Which combination of options can the company use to meet these requirements? (Choose two.) A.Create a snapshot of the DB instance. Copy the snapshot to a new snapshot, and enable encryption for the copy process. Use the new snapshot to restore the DB instance. B.Modify the configuration of the DB instance by enabling encryption. Create a snapshot of the DB instance. Use the snapshot to restore the DB instance. C.Use AWS Key Management Service (AWS KMS) to create a new default AWS managed aws/rds key. Select this key as the encryption key for operations with Amazon RDS. D.Use AWS Key Management Service (AWS KMS) to create a new CMK. Select this key as the encryption key for operations with Amazon RDS. E.Create a snapshot of the DB instance. Enable encryption on the snapshot. Use the snapshot to restore the DB instance. Answer: AD QUESTION 517 A security engineer needs to create an Amazon S3 bucket policy to grant least privilege read access to IAM user accounts that are named User1, User2 and User3. These IAM user accounts are members of the AuthorizedPeople IAM group. The security engineer drafts the following S3 bucket policy: When the security engineer tries to add the policy to the S3 bucket, the following message appears: "Missing required field Principal." The security engineer is adding a Principal element to the policy. The addition must provide read access to only User1, User2 and User3. Which solution meets these requirements? A. B. C. D. Answer: B QUESTION 518 A company is hosting a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application has become the target of a DoS attack. Application logging shows that requests are coming from small number of client IP addresses, but the addresses change regularly. The company needs to block the malicious traffic with a solution that requires the least amount of ongoing effort. Which solution meets these requirements? A.Create an AWS WAF rate-based rule, and attach it to the ALB. B.Update the security group that is attached to the ALB to block the attacking IP addresses. C.Update the ALB subnet's network ACL to block the attacking client IP addresses. D.Create a AWS WAF rate-based rule, and attach it to the security group of the EC2 instances. Answer: A QUESTION 519 A public subnet contains two Amazon EC2 instances. The subnet has a custom network ACL. A security engineer is designing a solution to improve the subnet security. The solution must allow outbound traffic to an internet service that uses TLS through port 443. The solution also must deny inbound traffic that is destined for MySQL port 3306. Which network ACL rule set meets these requirements? A.Use inbound rule 100 to allow traffic on TCP port 443. Use inbound rule 200 to deny traffic on TCP port 3306. Use outbound rule 100 to allow traffic on TCP port 443. B.Use inbound rule 100 to deny traffic on TCP port 3306. Use inbound rule 200 to allow traffic on TCP port range 1024-65535. Use outbound rule 100 to allow traffic on TCP port 443. C.Use inbound rule 100 to allow traffic on TCP port range 1024-65535. Use inbound rule 200 to deny traffic on TCP port 3306. Use outbound rule 100 to allow traffic on TCP port 443. D.Use inbound rule 100 to deny traffic on TCP port 3306. Use inbound rule 200 to allow traffic on TCP port 443. Use outbound rule 100 to allow traffic on TCP port 443. Answer: A QUESTION 520 A company has developed a new Amazon RDS database application. The company must secure the RDS database credentials for encryption in transit and encryption at rest. The company also must rotate the credentials automatically on a regular basis. Which solution meets these requirements? A.Use AWS Systems Manager Parameter Store to store the database credentials. Configure automatic rotation of the credentials. B.Use AWS Secrets Manager to store the database credentials. Configure automatic rotation of the credentials. C.Store the database credentials in an Amazon S3 bucket that is configured with server-side encryption with S3 managed encryption keys (SSE-S3). Rotate the credentials with IAM database authentication. D.Store the database credentials in Amazon S3 Glacier, and use S3 Glacier Vault Lock. Configure an AWS Lambda function to rotate credentials on a scheduled basis. Answer: C QUESTION 521 A company's development team is designing an application using AWS Lambda and Amazon Elastic Container Service (Amazon ECS). The development team needs to create IAM roles to support these systems. The company's security team wants to allow the developers to build IAM roles directly, but the security team wants to retain control over the permissions the developers can delegate to those roles. The development team needs access to more permissions than those required for application's AWS services. The solution must minimize management overhead. How should the security team prevent privilege escalation for both teams? A.Enable AWS CloudTrail. Create a Lambda function that monitors the event history for privilege escalation events and notifies the security team. B.Create a managed IAM policy for the permissions required. Reference the IAM policy as a permissions boundary within the development team's IAM role. C.Enable AWS Organizations. Create an SCP that allows the iam:CreateUser action but that has a condition that prevents API calls other than those required by the development team. D.Create an IAM policy with a deny on the iam:CreateUser action and assign the policy to the development team. Use a ticket system to allow the developers to request new IAM roles for their applications. The IAM roles will then be created by the security team. Answer: C QUESTION 522 A security engineer has enabled AWS Security Hub in their AWS account, and has enabled the Center for Internet Security (CIS) AWS Foundations compliance standard. No evaluation results on compliance are returned in the Security Hub console after several hours. The engineer wants to ensure that Security Hub can evaluate their resources for CIS AWS Foundations compliance. Which steps should the security engineer take to meet these requirements? A.Add full Amazon Inspector IAM permissions to the Security Hub service role to allow it to perform the CIS compliance evaluation. B.Ensure that AWS Trusted Advisor is enabled in the account, and that the Security Hub service role has permissions to retrieve the Trusted Advisor security-related recommended actions. C.Ensure that AWS Config is enabled in the account, and that the required AWS Config rules have been created for the CIS compliance evaluation. D.Ensure that the correct trail in AWS CloudTrail has been configured for monitoring by Security Hub, and that the Security Hub service role has permissions to perform the GetObject operation on CloudTrail's Amazon S3 bucket. Answer: B QUESTION 523 A company has two AWS accounts: Account A and Account B. Account A has an IAM role that IAM users in Account B assume when they need to upload sensitive documents to Amazon S3 buckets in Account A. A new requirement mandates that users can assume the role only if they are authenticated with multi-factor authentication (MFA). A security engineer must recommend a solution that meets this requirement with minimum risk and effort. Which solution should the security engineer recommend? A.Add an aws:MultiFactorAuthPresent condition to the role's permissions policy. B.Add an aws:MultiFactorAuthPresent condition to the role's trust policy. C.Add an aws:MultiFactorAuthPresent condition to the session policy. D.Add an aws:MultiFactorAuthPresent condition to the S3 bucket policies. Answer: D QUESTION 524 A company is developing an ecommerce application. The application uses Amazon EC2 instances and an Amazon RDS MySQL database. For compliance reasons, data must be secured in transit and at rest. The company needs a solution that minimizes operational overhead and minimizes cost. Which solution meets these requirements? A.Use TLS certificates from AWS Certificate Manager (ACM) with an Application Load Balancer. Deploy self-signed certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Enable encryption of the RDS DB instance. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that support the EC2 instances. B.Use TLS certificates from a third-party vendor with an Application Load Balancer. Install the same certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Secrets Manager for client-side encryption of application data. C.Use AWS CloudHSM to generate TLS certificates for the EC2 instances. Install the TLS certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use the encryption keys form CloudHSM for client-side encryption of application data. D.Use Amazon CloudFront with AWS WAF. Send HTTP connections to the origin EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Key Management Service (AWS KMS) for client-side encryption of application data before the data is stored in the RDS database. Answer: A QUESTION 525 A company is undergoing a layer 3 and layer 4 DDoS attack on its web servers running on AWS. Which combination of AWS services and features will provide protection in this scenario? (Choose three.) A.Amazon Route 53 B.AWS Certificate Manager (ACM) C.Amazon S3 D.AWS Shield E.Elastic Load Balancer F.Amazon GuardDuty Answer: ACD QUESTION 526 A user in account 111122223333 is receiving an access denied error message while calling the AWS Key Management Service (AWS KMS) GenerateDataKey API operation. The key policy contains the following statement: Account 111122223333 is not using AWS Organizations SCPs. Which combination of steps should a security engineer take to ensure that KMSUser can perform the action on the key? (Choose two.) A.Modify the key policy to include the key's key ID in the Resource field. B.Verify that KMSUser has no explicit denies for the GenerateDataKey action in its attached IAM policies. C.Verify that KMSUser is allowed to perform the GenerateDataKey action in its attached IAM policies for the encryption context. D.Ensure that KMSUser is including the encryption context key-value pair in its GenerateDataKey. E.Revoke any KMS grants on the key that are denying the GenerateDataKey action for KMSUser. Answer: AC QUESTION 527 A company is building an application on AWS that will store sensitive information. The company has a support team with access to the IT infrastructure, including databases. The company's security engineer must introduce measures to protect the sensitive data against any data breach while minimizing management overhead. The credentials must be regularly rotated. What should the security engineer recommend? A.Enable Amazon RDS encryption to encrypt the database and snapshots. Enable Amazon Elastic Block Store (Amazon EBS) encryption on Amazon EC2 instances. Include the database credential in the EC2 user data field. Use an AWS Lambda function to rotate database credentials. Set up TLS for the connection to the database. B.Install a database on an Amazon EC2 instance. Enable third-party disk encryption to encrypt Amazon Elastic Block Store (Amazon EBS) volume. Store the database credentials in AWS CloudHSM with automatic rotation. Set up TLS for the connection to the database. C.Enable Amazon RDS encryption to encrypt the database and snapshots. Enable Amazon Elastic Block Store (Amazon EBS) encryption on Amazon EC2 instances. Store the database credentials in AWS Secrets Manager with automatic rotation. Set up TLS for the connection to the RDS hosted database. D.Set up an AWS CloudHSM cluster with AWS Key Management Service (AWS KMS) to store KMS keys. Set up Amazon RDS encryption using AWS KSM to encrypt the database. Store the database credentials in AWS Systems Manager Parameter Store with automatic rotation. Set up TLS for the connection to the RDS hosted database. Answer: D QUESTION 528 A company is developing a mobile shopping web app. The company needs an environment that is configured to encrypt all resources in transit and at rest. A security engineer must develop a solution that will encrypt traffic in transit to the company's Application Load Balancer and Amazon API Gateway resources. The solution also must encrypt traffic at rest for Amazon S3 storage. What should the security engineer do to meet these requirements? A.Use AWS Certificate Manager (ACM) for encryption in transit. Use AWS Key Management Service for encryption at rest. B.Use AWS Certificate Manager (ACM) for encryption in transit and encryption at rest. C.Use AWS Key Management Service for encryption in transit. Use AWS Certificate Manager (ACM) for encryption at rest. D.Use AWS Key Management Service for encryption in transit and encryption at rest. Answer: A QUESTION 529 A security team is implementing a centralized logging solution to meet requirements for auditing. The solution must be able to aggregate logs from Amazon CloudWatch and AWS CloudTrail to an account that is controlled by the security team. This approach must be usable across the entire organization in AWS Organizations. Which solution meets these requirements in the MOST operationally efficient manner? A.In each AWS account, create an Amazon Kinesis Data Firehose delivery stream that has a destination of Amazon S3 in the security team's account. Create a subscription for each Amazon CloudWatch Logs log group in each AWS account to the Kinesis Data Firehose delivery stream in the same account. For the organization, create a CloudTrail trail that has a destination of Amazon S3. B.In the security team's account, create an Amazon Kinesis Data Firehose delivery stream that has a destination of Amazon S3 in the same account. Create a subscription for each Amazon CloudWatch Logs log group in each AWS account to the Kinesis Data Firehose delivery stream in the security team's account. For each AWS account, create a CloudTrail trail that has a destination of Amazon S3. C.In each AWS account, create an Amazon Kinesis data stream that has a destination of Amazon S3 in the security team's account. Create a subscription for each Amazon CloudWatch Logs log group in each AWS account to the Kinesis data stream in the same account. For the organization, create a CloudTrail trail that has a destination of Amazon S3. D.In the security team's account, create an Amazon Kinesis data stream that has a destination of Amazon S3 in the same account. Create a subscription for each Amazon CloudWatch Logs log group in each AWS account to the Kinesis data stream in the security team's account. For each AWS account, create a CloudTrail trail that has a destination of Amazon S3. Answer: A QUESTION 530 A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times. During a security incident, EBS snapshots of suspicious instances are shared to a forensics account for analysis. A security engineer attempting to share a suspicious EBS snapshot to the forensics account receives the following error: "Unable to share snapshot. An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared" Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Choose three.) A.Create a customer managed CMK. Copy the EBS snapshot encrypting the destination snapshot using the new CMK. B.Allow forensics accounting principals to use the CMK by modifying its policy. C.Create an Amazon EC2 instance. Attach the encrypted and suspicious EBS volume. Copy data from the suspicious volume to an unencrypted volume. Snapshot the unencrypted volume. D.Copy the EBS snapshot to the new decrypted snapshot. E.Restore a volume from the suspicious EBS snapshot. Create an unencrypted EBS volume of the same size. F.Share the target EBS snapshot with the forensics account. Answer: CDE QUESTION 531 A company is hosting multiple applications within a single VPC in its AWS account. The applications are running behind an Application Load Balancer that is associated with an AWS WAF web ACL. The company's security team has identified that multiple port scans are originating from a specific range of IP addresses on the internet. A security engineer needs to deny access from the offending IP addresses. Which solution will meet these requirements? A.Modify the AWS WAF web ACL with an IP set match rule statement to deny incoming requests from the IP address range. B.Add a rule to all security groups to deny the incoming requests from the IP address range. C.Modify the AWS WAF web ACL with a rate-based rule statement to deny incoming requests from the IP address range. D.Configure the AWS WAF web ACL with regex match conditions. Specify a pattern set to deny the incoming requests based on the match condition. Answer: D QUESTION 532 A company plans to create individual child accounts within an existing organization in AWS Organizations for each of its DevOps teams. AWS CloudTrail has been enabled and configured on all accounts to write audit logs to an Amazon S3 bucket in a centralized AWS account. A security engineer needs to ensure that DevOps team members are unable to modify or disable this configuration. How can the security engineers meet these requirements? A.Create an IAM policy that prohibits changes to the specific CloudTrail trail and apply the policy to the AWS account root user. B.Create an S3 bucket policy in the specified destination account for the CloudTrail trail that prohibits configuration changes from the AWS account root user in the source account. C.Create an SCP that prohibits changes to the specific CloudTrail trail and apply the SCP to the appropriate organizational unit or account in Organizations. D.Create an IAM policy that prohibits changes to the specific CloudTrail trail and apply to a new IAM group. Have team members use individual IAM accounts that are members of the new IAM group. Answer: D QUESTION 533 A company has an IAM group. All of the IAM users in the group have been assigned a multi-factor authentication (MFA) device and have full access to Amazon S3. The company needs to ensure that users in the group can perform S3 actions only after the users authenticate with MFA. A security engineer must design a solution that accomplishes this goal with the least maintenance overhead. Which combination of actions will meet these requirements? (Choose two.) A.Add a customer managed Deny policy to users in the group for s3:*actions. B.Add a customer managed Deny policy to the group for s3:*actions. C.Add a customer managed Allow policy to the group for s3:*actions. D.Add a condition to the policy: "Condition" : { "BoolIfExists" : { "aws:MultiFactorAuthPresent" : false } } E.Add a condition to the policy: "Condition" : { "Bool" : { "aws:MultiFactorAuthPresent" : false } } Answer: CE QUESTION 534 A company uses Amazon RDS for MySQL as a database engine for its applications. A recent security audit revealed an RDS instance that is not compliant with company policy for encrypting data at rest. A security engineer at the company needs to ensure that all existing RDS databases are encrypted using server-side encryption and that any future deviations from the policy are detected. Which combination of steps should the security engineer take to accomplish this? (Choose two.) A.Create an AWS Config rule to detect the creation of encrypted RDS databases. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger on the AWS Config rules compliance state change and use Amazon Simple Notification Service (Amazon SNS) to notify the security operations team. B.Use AWS System Manager State Manager to detect RDS database encryption configuration drift. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to track state changes and use Amazon Simple Notification Service (Amazon SNS) to notify the security operations team. C.Create a read replica for the existing unencrypted RDS database and enable replica encryption in the process. Once the replica becomes active, promote it into a standalone database instance and terminate the unencrypted database instance. D.Take a snapshot of the unencrypted RDS database. Copy the snapshot and enable snapshot encryption in the process. Restore the database instance from the newly created encrypted snapshot. Terminate the unencrypted database instance. E.Enable encryption for the identified unencrypted RDS instance by changing the configurations of the existing database. Answer: DE QUESTION 535 A security engineer has been tasked with implementing a solution that allows the company's development team to have interactive command line access to Amazon EC2 Linux instances using the AWS Management Console. Which steps should the security engineer take to satisfy this requirement maintaining least privilege? A.Enable AWS Systems Manager in the AWS Management Console and configure for access to EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM user policies to allow development team access to the Systems Manager Session Manager and attach to the team's IAM users. B.Enable console SSH access in the EC2 console. Configure IAM user policies to allow development team access to the AWS Systems Manager Session Manager and attach to the development team's IAM users. C.Enable AWS Systems Manager in the AWS Management Console and configure to access EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure a security group that allows SSH port 22 from all published IP addresses. Configure IAM user policies to allow development team access to the AWS Systems Manager Session Manager and attach to the team's IAM users. D.Enable AWS Systems Manager in the AWS Management Console and configure to access EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM user policies to allow development team access to the EC2 console and attach to the team's IAM users. Answer: D 2021 Latest Braindump2go SCS-C01 PDF and SCS-C01 VCE Dumps Free Share: https://drive.google.com/drive/folders/1AXkpMCMJWLJojvs373AvARrn12Yf6UKC?usp=sharing
[October-2021]New Braindump2go AZ-400 PDF and VCE Dumps[Q214-Q223]
QUESTION 214 You have an Azure DevOps organization that contains a project named Project1. You need to create a published wiki in Project1. What should you do first? A.Modify the Storage settings of Project1. B.In Project1, create an Azure DevOps pipeline. C.In Project1, create an Azure DevOps repository. D.Modify the Team configuration settings of Project1. Answer: C QUESTION 215 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1 is used to build a web app named App1 and deploy App1 to VMSS1. You need to ensure that an email alert is generated whenever VMSS1 scales in or out. Solution: From Azure DevOps, configure the Service hooks settings for Project1. Does this meet the goal? A.Yes B.No Answer: B QUESTION 216 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1 is used to build a web app named App1 and deploy App1 to VMSS1. Solution: From Azure Monitor, configure the autoscale settings. Does this meet the goal? A.Yes B.No Answer: B QUESTION 217 You have an Azure solution that contains a build pipeline in Azure Pipelines. You experience intermittent delays before the build pipeline starts. You need to reduce the time it takes to start the build pipeline. What should you do? A.Split the build pipeline into multiple stages. B.Purchase an additional parallel job. C.Create a new agent pool. D.Enable self-hosted build agents. Answer: C QUESTION 218 You are evaluating the use of code review assignments in GitHub. Which two requirements can be met by using code review assignments' Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point A.Automatically choose and assign reviewers based on a list of available personnel B.Automatically choose and assign reviewers based on who has the most completed review requests. C.Ensure that each team member reviews an equal number of pull requests during any 30-day period. D.Automatically choose and assign reviewers based on who received the least recent review requests. Answer: AC QUESTION 219 You haw an Azure subscription that contains multiple Azure services. You need to send an SMS alert when scheduled maintenance is planned for the Azure services. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A.Create an Azure Service Health alert. B.Enable Azure Security Center. C.Create and configure an action group D.Create and configure an Azure Monitor alert rule Answer: AD QUESTION 220 You have a project m Azure DevOps that has a release pipeline. You need to integrate work item tracking and an Agile project management system to meet the following requirements: - Ensure that developers can track whether their commits are deployed to production. - Report the deployment status. - Minimize integration effort. Which system should you use? A.Trello B.Jira C.Basecamp D.Asana Answer: B QUESTION 221 You have several Azure Active Directory (Azure AD) accounts. You need to ensure that users use multi-factor authentication (MFA) to access Azure apps from untrusted networks. What should you configure in Azure AD? A.access reviews B.managed identities C.entitlement management D.conditional access Answer: D QUESTION 222 You configure Azure Application Insights and the shared service plan tier for a web app. You enable Smart Detection. You confirm that standard metrics are visible in the logs, but when you test a failure, you do not receive a Smart Detection notification What prevents the Smart Detection notification from being sent? A.You must restart the web app before Smart Detection is enabled. B.Smart Detection uses the first 24 hours to establish the normal behavior of the web app. C.You must enable the Snapshot Debugger for the web app. D.The web app is configured to use the shared service plan tier. Answer: B QUESTION 223 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1 is used to build a web app named App1 and deploy App1 to VMSS1. You need to ensure that an email alert is generated whenever VMSS1 scales in or out. Solution: From Azure DevOps, configure the Notifications settings for Project1. Does this meet the goal? A.Yes B.No Answer: B 2021 Latest Braindump2go AZ-400 PDF and AZ-400 VCE Dumps Free Share: https://drive.google.com/drive/folders/1kLhX5N_Pt_noAKZD50xUpnSEA5Tt62TZ?usp=sharing
[October-2021]New Braindump2go SC-400 PDF and VCE Dumps[Q85-Q99]
QUESTION 85 You have a data loss prevention (DLP) policy that applies to the Devices location. The policy protects documents that contain States passport numbers. Users reports that they cannot upload documents to a travel management website because of the policy. You need to ensure that the users can upload the documents to the travel management website. The solution must prevent the protected content from being uploaded to other locations. Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure? A.Unallowed apps B.File path exclusions C.Service domains D.Unallowed browsers Answer: C QUESTION 86 You create a data loss prevention (DLP) policy. The Advanced DLP rules page is shown in the Rules exhibit. The Review your settings page is shown in the review exhibit. You need to review the potential impact of enabling the policy without applying the actions. What should you do? A.Edit the policy, remove all the actions in DLP rule 1, and select I'd like to test it out first. B.Edit the policy, remove the Restrict access to the content and Send incident report to Administrator actions, and then select Yes, turn it on right away. C.Edit the policy, remove all the actions in DLP rule 1, and select Yes, turn it on right away. D.Edit the policy, and then select I'd like to test it out first. Answer: D QUESTION 87 You are planning a data loss prevention (DLP) solution that will apply to computers that run Windows 10. You need to ensure that when users attempt to copy a file that contains sensitive information to a USB storage device, the following requirements are met: - If the users are members of a group named Group1, the users must be allowed to copy the file, and an event must be recorded in the audit log. - All other users must be blocked from copying the file. What should you create? A.one DLP policy that contains one DLP rule B.two DLP policies that each contains on DLP rule C.one DLP policy that contains two DLP rules Answer: B QUESTION 88 You have a data loss prevention (DLP) policy configured for endpoints as shown in the following exhibit. From a computer named Computer1, 3 user can sometimes upload files to cloud services and sometimes cannot. Other users experience the same issue. What are two possible causes of the issue? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A.The Access by unallowed apps action is set to Audit only. B.The computers are NOT onboarded to the Microsoft 365 compliance center. C.The Copy to clipboard action is set to Audit only. D.There are file path exclusions in the Microsoft 365 Endpoint data loss prevention (Endpoint DIP) settings. E.The unallowed browsers in the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings are NOT configured. Answer: AD QUESTION 89 You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company. What should you do? A.From the Microsoft 365 compliance center, create a data loss prevention (DLP) policy. B.From the Azure portal, create an Azure Active Directory (Azure Al)) Identity Protection policy. C.From the Microsoft 36h compliance? center, create an insider risk policy. D.From the Microsoft 365 compliance center, start a data investigation. Answer: A QUESTION 90 Your company manufactures parts that are each assigned a unique 12-character alphanumeric serial number. Emails between the company and its customers refer in the serial number. You need to ensure that ail Microsoft Exchange Online emails containing the serial numbers are retained for five years. Which three objects should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A.a trainable classifier B.a sensitive info type C.a retention polity D.a data loss prevention (DLP) policy E.an auto-labeling policy F.a retention label G.a sensitivity label Answer: BEF QUESTION 91 You receive an email that contains a list of words that will be used few a sensitive information type. You need to create a file that can be used as the source of a keyword dictionary. In which format should you save the list? A.an XLSX file that contains one word in each cell of the first row B.a ISV file that contains words separated by tabs C.a JSON file that that an element tor each word D.a text file that has one word on each line Answer: A QUESTION 92 You plan to implement sensitivity labels for Microsoft Teams. You need to ensure that you can view and apply sensitivity labels to new Microsoft Teams sites. What should you do first? A.Run the Set-sposite cmdlet. B.Configure the EnableMTPLabels Azure Active Directory (Azure AD) setting. C.Create a new sensitivity label scoped to Groups & sites. D.Run the Execute-AzureAdLabelSync cmdtet. Answer: C QUESTION 93 Your company has a Microsoft 365 tenant that uses a domain named contoso. The company uses Microsoft Office 365 Message Encryption (OMI ) to encrypt email sent to users in fabrikam.com. A user named User1 erroneously sends an email to user2@fabrikam. You need to disable user2@fabrikam.com from accessing the email. What should you do? A.Run the New-ComplianceSearchAction cmdlet. B.Instruct User1 to delete the email from her Sent Items folder from Microsoft Outlook. C.Run the Get-MessageTrace Cmdlet. D.Run the Set-OMEMessageRevocation Cmdlet. E.instruct User1 to select Remove external access from Microsoft Outlook on the web. Answer: C QUESTION 94 Your company has a Microsoft 365 tenant. The company performs annual employee assessments. The assessment results are recorded in a document named Assessment I cmplatc.docx that is created by using Microsoft Word template. Copies of the employee assessments are sent to employees and their managers. The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive for Business folders. A copy of each assessment is also stored in a SharePoint Online folder named Assessments. You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users. You will use a document fingerprint to identify the assessment documents. What should you include in the solution? A.Create a fingerprint of AssessmentTemplate.docx. B.Create a sensitive info type that uses Exact Data Match (EDM). C.Create a fingerprint of TOO sample documents in the Assessments folder. D.Import TOO sample documents from the Assessments folder to a seed folder. Answer: D QUESTION 95 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant that uses the following sensitivity labels: * Confidential * Internal * External The labels are published by using a label policy named Policy1. Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally. You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps. Solution: You modify the publishing settings of Policy1. Does the meet the goal? A.Yes B.No Answer: B QUESTION 96 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant that uses the following sensitivity labels: * Confidential * Internal * External The labels are published by using a label policy named Policy1. Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally. You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps. Solution: You modify the scope of the Confidential label. Does this meet the goal? A.Yes B.No Answer: B QUESTION 97 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant that uses the following sensitivity labels: * Confidential * Internal * External The labels are published by using a label policy named Policy1. Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally. You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps. Solution: You run the Execute-AzureAdLabelSync cmdlet. Does this meet the goal? A.Yes B.No Answer: A QUESTION 98 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP). You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD). You need to ensure that Endpoint DLP policies can protect content on the computers. Solution: You onboard the computers to Microsoft Defender fur Endpoint. Does this meet the goal? A.Yes B.No Answer: A QUESTION 99 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP). You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD). You need to ensure that Endpoint DLP policies can protect content on the computers. Solution: You enroll the computers in Microsoft intune. Does this meet the goal? A.Yes B.No Answer: B 2021 Latest Braindump2go SC-400 PDF and SC-400 VCE Dumps Free Share: https://drive.google.com/drive/folders/1TNUsggolzUGOjp9tqvmMQRofUYZjYJ9z?usp=sharing
[October-2021]New Braindump2go AI-900 PDF and VCE Dumps[Q96-Q120]
QUESTION 96 You have a webchat bot that provides responses from a QnA Maker knowledge base. You need to ensure that the bot uses user feedback to improve the relevance of the responses over time. What should you use? A.key phrase extraction B.sentiment analysis C.business logic D.active learning Answer: D QUESTION 97 You are developing a conversational AI solution that will communicate with users through multiple channels including email, Microsoft Teams, and webchat. Which service should you use? A.Text Analytics B.Azure Bot Service C.Translator D.Form Recognizer Answer: B QUESTION 98 In which scenario should you use key phrase extraction? A.translating a set of documents from English to German B.generating captions for a video based on the audio track C.identifying whether reviews of a restaurant are positive or negative D.identifying which documents provide information about the same topics Answer: C QUESTION 99 You have insurance claim reports that are stored as text. You need to extract key terms from the reports to generate summaries. Which type of Al workload should you use? A.conversational Al B.anomaly detection C.natural language processing D.computer vision Answer: C QUESTION 100 To complete the sentence, select the appropriate option in the answer area. Computer vision capabilities can be Deployed to___________ A.See the below in explanation Answer: A Explanation: Integrate a facial recognition feature into an app. QUESTION 101 You need to track multiple versions of a model that was trained by using Azure Machine Learning. What should you do? A.Provision an inference duster. B.Explain the model. C.Register the model. D.Register the training data. Answer: C QUESTION 102 You need to develop a chatbot for a website. The chatbot must answer users questions based on the information m the following documents: - A product troubleshooting guide m a Microsoft Word document - A frequently asked questions (FAQ) list on a webpage Which service should you use to process the documents? A.Language Undemanding B.Text Analytics C.Azure Bot Service D.QnA Maker Answer: D QUESTION 103 You are building a knowledge base by using QnA Maker. Which file format can you use to populate the knowledge base? A.PDF B.PPTX C.XML D.ZIP Answer: A QUESTION 104 You use Azure Machine Learning designer to build a model pipeline. What should you create before you can run the pipeline? A.a Jupyter notebook B.a registered model C.a compute resource Answer: C QUESTION 105 You need to build an image tagging solution for social media that tags images of your friends automatically. Which Azure Cognitive Services service should you use? A.Computer Vision B.Face C.Text Analytics D.Form Recognizer Answer: B QUESTION 106 You use drones to identify where weeds grow between rows of crops to send an Instruction for the removal of the weeds. This is an example of which type of computer vision? A.scene segmentation B.optical character recognition (OCR) C.object detection Answer: A QUESTION 107 To complete the sentence, select the appropriate option in the answer area. Using Recency, Frequency, and Monetary (RFM) values to identify segments of a customer base is an example of___________ A.See the below in explanation Answer: A Explanation: QUESTION 108 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 109 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 110 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 111 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 112 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 113 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 114 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 115 Drag and Drop Question Match the services to the appropriate descriptions. To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point Answer: QUESTION 116 Drag and Drop Question Match the principles of responsible AI to the appropriate descriptions. To answer, drag the appropriate principle from the column on the left to its description on the right. Each principle may be used once, more than once, or not at all. NOTE: Each correct match is worth one point. Answer: QUESTION 117 Hotspot Question For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 118 You plan to develop a bot that will enable users to query a knowledge base by using natural language processing. Which two services should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A.QnA Maker B.Azure Bot Service C.Form Recognizer D.Anomaly Detector Answer: AB QUESTION 119 In which two scenarios can you use a speech synthesis solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A.an automated voice that reads back a credit card number entered into a telephone by using a numeric keypad B.generating live captions for a news broadcast C.extracting key phrases from the audio recording of a meeting D.an AI character in a computer game that speaks audibly to a player Answer: AD QUESTION 120 Drag and Drop Question You need to scan the news for articles about your customers and alert employees when there is a negative article. Positive articles must be added to a press book. Which natural language processing tasks should you use to complete the process? To answer, drag the appropriate tasks to the correct locations. Each task may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer: 2021 Latest Braindump2go AI-900 PDF and AI-900 VCE Dumps Free Share: https://drive.google.com/drive/folders/1VMADE4rTtp2SjgbY_rnCokxgjUS7cH28?usp=sharing
[October-2021]New Braindump2go MS-500 PDF and VCE Dumps[Q211-Q238]
QUESTION 211 You have a Microsoft 365 tenant. From the Azure Active Directory admin center, you review the Risky sign-ins report as shown in the following exhibit. You need to ensure that you can see additional details including the risk level and the risk detection type. What should you do? A.Purchase Microsoft 365 Enterprise E5 licenses. B.Activate an instance of Microsoft Defender for Identity. C.Configure Diagnostic settings in Azure Active Directory (Azure AD). D.Deploy Azure Sentinel and add a Microsoft Office 365 connector. Answer: A QUESTION 212 You have a Microsoft 365 E5 subscription. You plan to create a conditional access policy named Policy1. You need to be able to use the sign-in risk level condition in Policy1. What should you do first? A.Connect Microsoft Endpoint Manager and Microsoft Defender for Endpoint. B.From the Azure Active Directory admin center, configure the Diagnostics settings. C.From the Endpoint Management admin center, create a device compliance policy. D.Onboard Azure Active Directory (Azure AD) Identity Protection. Answer: D QUESTION 213 You have a hybrid Microsoft 365 deployment that contains the Windows 10 devices shown in the following table. You assign a Microsoft Endpoint Manager disk encryption policy that automatically and silently enables BitLocker Drive Encryption (BitLocker) on all the devices. Which devices will have BitLocker enabled? A.Device 1, Device2, and Device3 B.Device2 only C.Device1 and Device2 only D.Device2 and Device3 only Answer: B QUESTION 214 You have a Microsoft 165 E5 subscription. You need to enable support for sensitivity labels in Microsoft SharePoint Online. What should you use? A.the SharePoint admin center B.the Microsoft J65 admin center C.the Microsoft 365 compliance center D.the Azure Active Directory admin Answer: D QUESTION 215 You have a Microsoft 165 ES subscription that contains users named User 1 and User2. You have the audit log retention requirements shown in the following table. You need to create audit retention policies to meet the requirements. The solution must minimize cost and the number of policies. What is the minimum number of audit retention policies that you should create? A.1 B.2 C.3 D.4 Answer: C QUESTION 216 You have a Microsoft 365 subscription named contofco.com. You need to configure Microsoft OneDrive for Business external sharing to meet the following requirements: - Enable flic sharing for users that rave a Microsoft account - Block file sharing for anonymous users. What should you do? A.From Advanced settings tor external sharing, select Allow or Nock sharing with people on specific domains and add contoso.com. B.From the External sharing settings for OneDrive, select Existing external users. C.From the External sharing settings for OneDrive, select New and existing external users. D.From the External sharing settings for OneDrive, select Only people in your organization. Answer: B QUESTION 217 You have Microsoft 365subscription. You need to be notified by email whenever an administrator starts an ediscovery search. What should you do from the Security & Compliance admin center? A.Prom Alerts, create an alert policy. B.From Search & investigation, create a guided search. C.From ediscovery orate an eDiscovery case D.From Reports, create a managed schedule Answer: A QUESTION 218 You have a Microsoft 365 subscription. You receive a General Data Protection Regulation (GDPR) request for the custom dictionary of a user. From the Compliance admin center you need to create a content search. How should you configure the content search1? A.Condition: Type Operator Equals any of Value Documents B.Condition: Type Operator Equals any of Value Office Roaming Service C.Condition: Title Operator Equals any of Value. Normal. dot D.Condition: file type Operator Equals any of Value: die Answer: D QUESTION 219 You haw a Microsoft 365 subscription. You receive a General Data Protection Regulation (GOPR) request for the custom dictionary of a user. From The Compliance admin center you need to create a content search, should you configure the content search? A.Condition: Type Operator Equals any of Value Documents B..Condition; Type Operator Equals any of Value Office Roaming Service C.Condition: Title Operator Equals any of Value Normal. dot D.Condition: We type Operator Equals any of Value dic Answer: A QUESTION 220 You have a Microsoft 365 alert named Alert? as shown in the following exhibit. You need to manage the status of Alert. To which status can you change Alert2? A.The status cannot be changed. B.investigating only C.Active or investigating only D.Investigating, Active, or Dismissed E.Dismissed only Answer: E QUESTION 221 You have a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant that contains a user named User1. You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege. Which rote should you assign to User1? A.the View-Only Audit Logs role m the Security & Compliance admin B.the Security reader role in the Azure Active Directory admin center C.the View-Only Audit Logs role in the Exchange admin center D.the Compliance Management role in the Exchange admin center Answer: B QUESTION 222 You have a Microsoft 365 tenant that uses Azure Information Protection to encrypt sensitive content. You plan to implement Microsoft Cloud App Security to inspect protected files that are uploaded to Microsoft OneDrive for Business. You need to ensure that at Azure Information Protection-protected files can be scanned by using Cloud App Security Which two actions should you perform7 Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A.From the Cloud App Security admin center, enable file monitoring of software as a service (SaaS) apps. B.From the Cloud App Security admin center, create an OAuth app policy for apps that have the Have full access to user files permission C.From the Microsoft 365 compliance admin center create a data loss prevention (EXP) policy that contains an exception for content that contains a sensitive information type. D.From the Azure Active Directory admin center, grant Cloud App Security permission to read all the protected content of the tenant Answer: BD QUESTION 223 You have an Azure Acme Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You discover several security alerts are visible from the Microsoft Defender for Identity portal. You need to identify which users m contoso.com can dose the security Alerts. Which users should you identify7 A.User1 only B.User1 and User3 only C.User1 and User2 only D.User4onfy E.User3 and User4 only Answer: E QUESTION 224 You have an Azure Active Directory (Azure AD) tenant that has a Microsoft 365 subscription. You recently configured the tenant to require multi factor authentication (MFA) for risky sign ins. You need to review the users who required MFA. What should you do? A.From the Microsoft 365 admin center, review a Security & Compliance report. B.From the Azure Active Directory admin center, download the sign-ms to a CSV file C.From the Microsoft 365 Compliance admin center, run an audit log search and download the results to a CSV file D.From the Azure Active Directory admin center, review the Authentication methods activities. Answer: D QUESTION 225 You haw a Microsoft 365 subscription that contains the users shown in the following table. You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4. Solution: You enable SSPR for Group1. Does this meet the goal? A.Yes B.No Answer: B QUESTION 226 You have a Microsoft 365 subscription that contains the users shown in the following table. You need to ensure that User1, User2 , and User3 can use self-service password reset (SSPR). The solution must not affect User 4. Solution: You create a conditional access policy for User1, User2, and User3. Does this meet the goal? A.Yes B.No Answer: B QUESTION 227 You have a hybrid Azure Active Directory (Azure AD) tenant that has pass-through authentication enabled. You plan to implement Azure AD identity Protection and enable the user risk policy. You need to configure the environment to support the user risk policy. A.Enable password hash synchronization. B.Configure a conditional access policy. C.Enforce the multi-factor authentication (MFA) registration policy. D.Enable the sign-in risk policy. Answer: C QUESTION 228 You have a Microsoft 365 E5 subscription and an Sentinel workspace named Sentinel1. You need to launch the Guided investigation ?Process Alerts notebooks= in Sentinel. What should you create first? A.a Log Analytic workspace B.a Kusto query C.an Azure Machine learning workspace D.an Azure logic app Answer: B QUESTION 229 You have a Microsoft 365 E5 subscription You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi factor authentication (MFA) to request the permissions. What should you use to achieve the goal? A.Microsoft 365 user management B.Microsoft Azure AD group management C.Security & Compliance permissions D.Microsoft Azure Active Directory (Azure AD) Privileged Identity Management Answer: D QUESTION 230 You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Endpoint Manager. You need to enable Microsoft Defender Exploit Guard (Microsoft Defender EG) on the devices. Which type of device configuration profile should you use? A.Endpoint protection B.Device restrictions C.Microsoft Defender for Endpoint D.identity protection Answer: A QUESTION 231 You haw a Microsoft 365 subscription. You have a Microsoft SharePoint Online site named Site1. You have a Data Subject Request X>SR1 case named Case' that searches Site1. You create a new sensitive information type. You need to ensure that Case1 returns all the documents that contain the new sensitive information type. What should you do? A.From the Compliance admin center, create a new Content search. B.From Site1. modify the search dictionary. C.From Site1. initiate a re-indexing of Site1. D.From the Compliance admin center, create a new Search by ID List. Answer: C QUESTION 232 You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identities User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level. Solution: You configure the user risk policy to block access when the user risk level is high. Does this meet the goal? A.Yes B.No Answer: A QUESTION 233 You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1. you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level. Solution: You configure the user risk policy to block access when the user risk level is medium and higher. Does this meet the goal? A.Yes B.No Answer: B QUESTION 234 You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a tower risk level. Solution: From the Access settings, you select Block access for User1. Does this meet the goal? A.Yes B.No Answer: B QUESTION 235 You have a Microsoft 365 E5 subscription You need to use Microsoft Cloud App Security to identify documents stored in Microsoft SharePomt Online that contain proprietary information. What should you create in Cloud App Security? A.a data source and a file policy B.a data source and an app discovery policy C.an app connector and an app discovery policy D.an app connector and a We policy Answer: B QUESTION 236 Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table. You plan to implement Microsoft Defender for Identity for the domain. You install a Microsoft Defender for Identity standalone sensor on Server 1. You need to monitor the domain by using Microsoft Defender for Identity. What should you do? A.Configure port mirroring for DO. B.Install the Microsoft Monitoring Agent on DC1. C.Configure port mirroring for Server1. D.Install the Microsoft Monitoring Agent on Server 1. Answer: B QUESTION 237 Hotspot Question You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You assign an enterprise application named App1 to Group1 and User2. You configure an Azure AD access review of App1. The review has the following settings: Review name: Review1 Start date: 01­15­2020 Frequency: One time End date: 02­14­2020 Users to review: Assigned to an application Scope: Everyone Applications: App1 Reviewers: Members (self) Auto apply results to resource: Enable Should reviewer not respond: Take recommendations On February 15, 2020, you review the access review report and see the entries shown in the following table: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer: QUESTION 238 Hotspot Question You have an Azure Sentinel workspace. You configure a rule to generate Azure Sentinel alerts when Azure Active Directory (Azure AD) Identity Protection detects risky sign-ins. You develop an Azure Logic Apps solution to contact users and verify whether reported risky sign-ins are legitimate. You need to configure the workspace to meet the following requirements: - Call the Azure logic app when an alert is triggered for a risky sign-in. - To the Azure Sentinel portal, add a custom dashboard that displays statistics for risky sign-ins that are detected and resolved. What should you configure in Azure Sentinel to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: 2021 Latest Braindump2go MS-500 PDF and MS-500 VCE Dumps Free Share: https://drive.google.com/drive/folders/1aNtqQf5Y6RVkvLYKmpHNAsdmud4rO3gj?usp=sharing