SC-100 Microsoft Cybersecurity Architect Questions and Answers

You have a Microsoft 365 tenant that uses Microsoft SharePoint Online and Microsoft Purview. Microsoft Purview has a sensitivity label named Label1 that is applied to the files stored on SharePoint Online sites.

You need to recommend a Microsoft Purview Data Loss Prevention (DLP) policy that meets the following requirements:

• Prevents users from uploading the files to third-party external websites

• Allows users to upload the files to Microsoft OneDrive for Business

To which location should you apply the DLP policy?

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.

You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.

What should you include in the recommendation?

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server! that runs Windows Server.

You have an Azure subscription that is linked to a hybrid Microsoft Entra tenant and contains a user named User1. User1 works remotely.

You need to ensure that User1 can establish RDP connections to Server1 via the internet. The solution must ensure that User1 authenticates by using multifactor authentication (MFA).

What should you include in the solution?

You have a Microsoft 365 subscription that contains 1,000 users and a group named Group1. All the users have Windows 11 devices. The users sign in to their devices by using their Microsoft Entra account. The users do NOT have administrative rights to their devices.

The members of Group1 remotely assist the users by taking control of user sessions. The remote control sessions run in the security context of the users they are assisting.

You need to recommend a solution that will enable the Group1 members to run apps that require administrative rights to the users ' devices. The solution must ensure that the apps are run in the context of each signed-in standard user.

What should you include in the recommendation?

You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.

You need to enhance security on the virtual machines. The solution must meet the following requirements:

• Ensure that only apps on an allowlist can be run.

• Require administrators to confirm each app added to the allowlist.

• Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.

• Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.

What should you include in the solution?

Your company has offices in 10 countries.

You have a Microsoft 365 subscription that contains 1,000 users. Each user is assigned a Microsoft 365 E5 license.

You plan to deploy a compliance assessment solution. The solution must meet the following requirements:

• Ensure that compliance is assessed based on the regulations of the country of each office.

• Provide improvement action guidance to ensure compliance of the subscription.

You need to recommend the service that should be used to perform the assessments, and identify additional costs that will be incurred. What should you recommend and what should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

What should you create in Azure AD to meet the Contoso developer requirements?

You have a Microsoft Entra tenant. The tenant contains 500 Windows devices that have the Global Secure Access client deployed.

You have a third-party software as a service (SaaS) app named App1.

You plan to implement Global Secure Access to manage access to App1.

You need to recommend a solution to manage connections to App1. The solution must ensure that users authenticate by using their Microsoft Entra credentials before they can connect to App1.

What should you include the recommendation?

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices.

You need to implement a solution that meets the following requirements:

• Allows user access to SaaS apps that Microsoft has identified as low risk.

• Blocks user access to Saas apps that Microsoft has identified as high risk.

Solution: From Microsoft Defender for Cloud Apps, you configure a cloud discovery policy and unsanction risky apps.

Does this meet the goal?

You have an Azure subscription that contains multiple Azure Data Lake Storage accounts.

You need to recommend a solution to encrypt the content of the accounts by using service-side encryption and customer-managed keys. The solution must ensure that individual encryption keys are applied at the most granular level.

At which level should you recommend the encryption be applied?

Your company is moving a big data solution to Azure.

The company plans to use the following storage workloads:

• Azure Storage blob containers

• Azure Data Lake Storage Gen2

• Azure Storage file shares

• Azure Disk Storage

Which two storage workloads support authentication by using Azure Active Directory (Azure AD)?

Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

You have an Azure subscription that contains an Azure Synapse Analytics workspace named workspace1. workspace1 contains a built-in serverless SQL pool and a dedicated SQL pool named Pool1.

You need to recommend a second layer of data encryption for workspace1.

What should you include in the recommendation for each pool? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).

You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices.

What is the first step in the recovery plan?

You have an Azure subscription.

You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protected by using Microsoft Defender for Servers Plan 1.

You have a Microsoft 365 subscription.

You need to recommend a solution to identify which servers have outdated hardware drivers or firmware.

What should you include in the recommendation?

Your company has a main office and 10 branch offices. Each branch office contains an on-premises file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet The solution must ensure that all the web traffic from the devices in the branch offices is controlled by using Global Secure Access.

What should you do first in each branch office?

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.