exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam

Exam SC-100 topic 4 question 33 discussion

Actual exam question from Microsoft's SC-100
Question #: 33
Topic #: 4
[All SC-100 Questions]

You have an Azure subscription.

You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.

Developers use Azure DevOps to deploy web apps to App Service Environments. When a new app is deployed, a CNAME record for the app is registered in contoso.com.

You need to recommend a solution to secure the DNS record for each web app. The solution must meet the following requirements:

• Ensure that when an app is deleted, the CNAME record for the app is removed also.
• Minimize administrative effort.

What should you include in the recommendation?

  • A. Microsoft Defender for Cloud Apps
  • B. Microsoft Defender for DevOps
  • C. Microsoft Defender for App Service
  • D. Microsoft Defender for DNS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Ramye
Highly Voted 1 year, 7 months ago
Mind-boggling how many Defender Services MS has - lol
upvoted 18 times
Onimole
11 months, 3 weeks ago
its just tiring and annoying tbh
upvoted 1 times
...
...
kanag1
Highly Voted 2 years ago
Selected Answer: C
Defender for App Service identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction#dangling-dns-detection Microsoft Defender for DNS provides an additional layer of protection for resources that use Azure DNS's Azure-provided name resolution capability. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction#dangling-dns-detection
upvoted 6 times
...
Luweho
Most Recent 1 month ago
Selected Answer: C
"Ensure that when an app is deleted, the CNAME record for the app is removed also" .. actually Defender does not "ensure" anything, it just generates alerts. But yes, C would be the closest answer because it generates alerts when an app is deleted but the DNS record still exists. "Minimize administrative effort" probably refers to not having to move the DNS zone to Azure DNS (which would remove the operational, not administrative, effort).
upvoted 1 times
...
SMHcalicut
4 months, 3 weeks ago
Selected Answer: B
if need to remove the CNMAE record automatically need to use defender for DevOps
upvoted 1 times
...
manognavenkat
6 months ago
Selected Answer: C
Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries.
upvoted 1 times
...
Noexperience
11 months, 3 weeks ago
Selected Answer: B
Microsoft Defender for App Service includes a built-in capability to detect and alert you about dangling DNS entries. Here's how it works: Monitoring Deprovisioning: Defender for App Service monitors when an App Service web app is decommissioned or deleted. DNS Record Check: It then checks if there are any custom domains (CNAME records) still pointing to that now-nonexistent web app. Security Alert: If it finds such a dangling DNS entry, it generates a security alert to notify you of the potential subdomain takeover risk.
upvoted 1 times
TomRoute66
10 months, 3 weeks ago
I guess you chose C as the right answer, Not B
upvoted 2 times
...
...
MiesExam
2 years ago
This answer is correct C: Microsoft Defender for App Service https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction#dangling-dns-detection
upvoted 4 times
...
ca777
2 years ago
Answer is : Microsoft Defender for DNS https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction
upvoted 1 times
mohamed1999
1 year, 8 months ago
This is wrong, because it doens't scan the DNS entries for web apps. Also the DNS is not hosted in azure.
upvoted 1 times
mohamed1999
1 year, 8 months ago
Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a non-existent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for existing dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
upvoted 5 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...