Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-100 Exam - Topic 4 Question 49 Discussion

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deploymentWhat should you include during the application design phase?
D) software decomposition by using Microsoft Visual Studio Enterprise
A) static application security testing (SAST) by using SonarQube
B) dynamic application security testing (DAST) by using Veracode
C) threat modeling by using the Microsoft Threat Modeling Tool

Microsoft SC-100 Exam - Topic 4 Question 49 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 49
Topic #: 4
[All SC-100 Questions]

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).

You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment

What should you include during the application design phase?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Leana at Aug 23, 2024, 05:05 PM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Shad
6 months ago
I disagree, software decomposition should be prioritized.
upvoted 0 times
...
Edison
6 months ago
Surprised that threat modeling isn't more widely used!
upvoted 0 times
...
Kerry
7 months ago
DAST is great, but not for design phase.
upvoted 0 times
...
Laticia
7 months ago
I think SAST is more important for early stages.
upvoted 0 times
...
Wayne
7 months ago
Definitely threat modeling is key!
upvoted 0 times
...
Amber
7 months ago
I feel like software decomposition could be important too, but I don't remember it being specifically tied to the design phase in our studies.
upvoted 0 times
...
Annett
8 months ago
I think threat modeling is definitely the right answer. We practiced a similar question where identifying potential threats early was emphasized.
upvoted 0 times
...
Phillip
8 months ago
I'm a bit unsure if SAST or DAST would be more relevant here. I think SAST is more for code analysis, but I can't recall if it fits in the design phase.
upvoted 0 times
...
Tish
8 months ago
I remember we discussed threat modeling as a key part of the design phase, especially using the Microsoft Threat Modeling Tool. It seems like a solid choice.
upvoted 0 times
...
Hoa
8 months ago
This is a tricky one. I'm leaning towards the threat modeling option, but I'm not 100% sure. I might need to review the SDL recommendations again to make sure I'm choosing the right security standard for the design phase.
upvoted 0 times
...
Ellen
8 months ago
Okay, I've got a strategy for this. Since the question is asking about the design phase, I think the best approach would be to recommend something that helps identify and address security risks upfront, before the application is built. The Microsoft Threat Modeling Tool seems like a good fit for that.
upvoted 0 times
...
Gary
8 months ago
This looks like a pretty straightforward question about security standards for Azure application onboarding. I think the key is to focus on the design phase and the recommendations that would be most relevant there.
upvoted 0 times
...
Levi
8 months ago
Hmm, I'm a bit unsure about this one. There are a few different security testing and modeling options mentioned, and I'm not sure which one would be the best fit for the application design phase specifically. I'll need to think this through carefully.
upvoted 0 times
...
Maddie
8 months ago
Hmm, I'm a bit unsure about this one. There are a few options that seem relevant, but I want to make sure I choose the two most critical ones.
upvoted 0 times
...
Amalia
8 months ago
I thought “all embedded/referred except” was a common configuration for exceptions, but I can't remember how it fits in with the others.
upvoted 0 times
...
Sage
1 year ago
Threat modeling? More like 'threat modeling, my friend!' *laughs and high-fives the room*
upvoted 0 times
Gerry
1 year ago
C) threat modeling by using the Microsoft Threat Modeling Tool
upvoted 0 times
...
Dorthy
1 year ago
B) dynamic application security testing (DAST) by using Veracode
upvoted 0 times
...
Ahmed
1 year ago
A) static application security testing (SAST) by using SonarQube
upvoted 0 times
...
...
Johnna
1 year ago
Hold up, software decomposition in Visual Studio Enterprise? That's more for architecture, not security. Threat modeling is the way to go here, my dudes.
upvoted 0 times
Loren
12 months ago
C) threat modeling by using the Microsoft Threat Modeling Tool
upvoted 0 times
...
German
1 year ago
B) dynamic application security testing (DAST) by using Veracode
upvoted 0 times
...
Queenie
1 year ago
A) static application security testing (SAST) by using SonarQube
upvoted 0 times
...
...
Aretha
1 year ago
SonarQube for SAST? Nah, that's for the coding phase. Threat modeling is where it's at for the design phase. *winks*
upvoted 0 times
Altha
12 months ago
C) threat modeling by using the Microsoft Threat Modeling Tool
upvoted 0 times
...
German
1 year ago
SonarQube is great for code analysis, but threat modeling is crucial for designing secure applications.
upvoted 0 times
...
Nelida
1 year ago
C) threat modeling by using the Microsoft Threat Modeling Tool
upvoted 0 times
...
Edna
1 year ago
A) static application security testing (SAST) by using SonarQube
upvoted 0 times
...
...
Detra
1 year ago
I agree, threat modeling is crucial for secure application design. It's a comprehensive way to assess potential threats and mitigate them proactively.
upvoted 0 times
...
Rory
1 year ago
I think software decomposition with Microsoft Visual Studio Enterprise should also be included for a comprehensive security standard.
upvoted 0 times
...
Flo
1 year ago
Threat modeling using the Microsoft Threat Modeling Tool seems like the right choice here. It helps identify potential security vulnerabilities early in the design phase.
upvoted 0 times
Desiree
1 year ago
User 4: I think threat modeling is more comprehensive in identifying security risks.
upvoted 0 times
...
Felice
1 year ago
User 3: What about static application security testing (SAST) by using SonarQube?
upvoted 0 times
...
Leonora
1 year ago
User 2: I agree, it helps identify potential security vulnerabilities early on.
upvoted 0 times
...
Herschel
1 year ago
User 1: I think we should include threat modeling using the Microsoft Threat Modeling Tool during the application design phase.
upvoted 0 times
...
...
Erick
1 year ago
I agree with Samira, threat modeling with the Microsoft Threat Modeling Tool is crucial for security.
upvoted 0 times
...
Samira
1 year ago
I think we should include threat modeling during the application design phase.
upvoted 0 times
...

Save Cancel