ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 4 question 33 discussion

Actual exam question from Microsoft's SC-100
Question #: 33
Topic #: 4
[All SC-100 Questions]

You have an Azure subscription.

You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.

Developers use Azure DevOps to deploy web apps to App Service Environments. When a new app is deployed, a CNAME record for the app is registered in contoso.com.

You need to recommend a solution to secure the DNS record for each web app. The solution must meet the following requirements:

• Ensure that when an app is deleted, the CNAME record for the app is removed also.
• Minimize administrative effort.

What should you include in the recommendation?

  • A. Microsoft Defender for Cloud Apps
  • B. Microsoft Defender for DevOps
  • C. Microsoft Defender for App Service
  • D. Microsoft Defender for DNS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ca777 at Aug. 6, 2023, 3:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ramye
Highly Voted 1 year, 5 months ago
Mind-boggling how many Defender Services MS has - lol
upvoted 17 times
Onimole
10 months ago
its just tiring and annoying tbh
upvoted 1 times
...
...
kanag1
Highly Voted 1 year, 10 months ago
Selected Answer: C
Defender for App Service identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction#dangling-dns-detection Microsoft Defender for DNS provides an additional layer of protection for resources that use Azure DNS's Azure-provided name resolution capability. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction#dangling-dns-detection
upvoted 6 times
...
SMHcalicut
Most Recent 3 months ago
Selected Answer: B
if need to remove the CNMAE record automatically need to use defender for DevOps
upvoted 1 times
...
manognavenkat
4 months, 1 week ago
Selected Answer: C
Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries.
upvoted 1 times
...
Noexperience
10 months ago
Selected Answer: B
Microsoft Defender for App Service includes a built-in capability to detect and alert you about dangling DNS entries. Here's how it works: Monitoring Deprovisioning: Defender for App Service monitors when an App Service web app is decommissioned or deleted. DNS Record Check: It then checks if there are any custom domains (CNAME records) still pointing to that now-nonexistent web app. Security Alert: If it finds such a dangling DNS entry, it generates a security alert to notify you of the potential subdomain takeover risk.
upvoted 1 times
TomRoute66
9 months ago
I guess you chose C as the right answer, Not B
upvoted 2 times
...
...
MiesExam
1 year, 10 months ago
This answer is correct C: Microsoft Defender for App Service https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction#dangling-dns-detection
upvoted 4 times
...
ca777
1 year, 10 months ago
Answer is : Microsoft Defender for DNS https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction
upvoted 1 times
mohamed1999
1 year, 6 months ago
This is wrong, because it doens't scan the DNS entries for web apps. Also the DNS is not hosted in azure.
upvoted 1 times
mohamed1999
1 year, 6 months ago
Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a non-existent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for existing dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
upvoted 5 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel