New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

SC-100 Microsoft Cybersecurity Architect Questions and Answers

Questions 4

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised administrator account cannot be used to delete the backups

What should you do?

Options:

A.

From a Recovery Services vault generate a security PIN for critical operations.

B.

From Azure Backup, configure multi-user authorization by using Resource Guard.

C.

From Microsoft Azure Backup Setup, register MABS with a Recovery Services vault

D.

From Azure AD Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role.

Buy Now
Questions 5

You have an on-premises network and a Microsoft 365 subscription.

You are designing a Zero Trust security strategy.

Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution.

NOTE: Each correct answer is worth one point.

Options:

A.

Block sign-attempts from unknown location.

B.

Always allow connections from the on-premises network.

C.

Disable passwordless sign-in for sensitive account.

D.

Block sign-in attempts from noncompliant devices.

Buy Now
Questions 6

For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management. What should you include in the recommendation?

Options:

A.

device registrations in Azure AD

B.

application registrations m Azure AD

C.

Azure service principals with certificate credentials

D.

Azure service principals with usernames and passwords

E.

managed identities in Azure

Buy Now
Questions 7

Your company has a hybrid cloud infrastructure.

Data and applications are moved regularly between cloud environments.

The company's on-premises network is managed as shown in the following exhibit.

SC-100 Question 7

You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements:

    Govern virtual machines and servers across multiple environments.

    Enforce standards for all the resources across all the environment across the Azure policy.

Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure VPN Gateway

B.

guest configuration in Azure Policy

C.

on-premises data gateway

D.

Azure Bastion

E.

Azure Arc

Buy Now
Questions 8

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options:

A.

an Azure AD enterprise application

B.

a retying party trust in Active Directory Federation Services (AD FS)

C.

Azure AD Application Proxy

D.

Azure AD B2C

Buy Now
Questions 9

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 9

Options:

Buy Now
Questions 10

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Buy Now
Questions 11

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 12

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 12

Options:

Buy Now
Questions 13

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

SC-100 Question 13

Options:

Buy Now
Questions 14

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 14

Options:

Buy Now
Questions 15

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Buy Now
Questions 16

What should you create in Azure AD to meet the Contoso developer requirements?

SC-100 Question 16

Options:

Buy Now
Questions 17

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 17

Options:

Buy Now
Questions 18

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 18

Options:

Buy Now
Questions 19

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Buy Now
Questions 20

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Buy Now
Questions 21

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Buy Now
Questions 22

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 22

Options:

Buy Now
Questions 23

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

SC-100 Question 23

Options:

Buy Now
Questions 24

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Buy Now
Questions 25

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

SC-100 Question 25

Options:

Buy Now
Questions 26

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Buy Now
Questions 27

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Buy Now
Questions 28

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 28

Options:

Buy Now
Questions 29

A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

SC-100 Question 29

You need to design an identity strategy for the app. The solution must meet the following requirements:

• Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.

• Be managed separately from the identity store of the customer.

• Support fully customizable branding for each app.

Which service should you recommend to complete the design?

Options:

A.

Azure Active Directory (Azure AD) B2C

B.

Azure Active Directory (Azure AD) B2B

C.

Azure AD Connect

D.

Azure Active Directory Domain Services (Azure AD DS)

Buy Now
Questions 30

You have an operational model based on the Microsoft Cloud Adoption framework for Azure.

You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, database, files, and storage accounts.

What should you include in the recommendation?

Options:

A.

security baselines in the Microsoft Cloud Security Benchmark

B.

modern access control

C.

business resilience

D.

network isolation

Buy Now
Questions 31

You have a Microsoft 365 E5 subscription.

You need to recommend a solution to add a watermark to email attachments that contain sensitive data. What should you include in the recommendation?

Options:

A.

Microsoft Defender for Cloud Apps

B.

insider risk management

C.

Microsoft Information Protection

D.

Azure Purview

Buy Now
Questions 32

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access integration with user flows and custom policies

B.

Azure AD workbooks to monitor risk detections

C.

custom resource owner password credentials (ROPC) flows in Azure AD B2C

D.

access packages in Identity Governance

E.

smart account lockout in Azure AD B2C

Buy Now
Questions 33

You are designing the security standards for a new Azure environment.

You need to design a privileged identity strategy based on the Zero Trust model.

Which framework should you follow to create the design?

Options:

A.

Enhanced Security Admin Environment (ESAE)

B.

Microsoft Security Development Lifecycle (SDL)

C.

Rapid Modernization Plan (RaMP)

D.

Microsoft Operational Security Assurance (OSA)

Buy Now
Questions 34

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.

You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.

Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

Configure auto provisioning.

B.

Assign regulatory compliance policies.

C.

Review the inventory.

D.

Add a workflow automation.

E.

Enable Defender plans.

Buy Now
Questions 35

Your company wants to optimize using Azure to protect its resources from ransomware.

You need to recommend which capabilities of Azure Backup and Azure Storage provide the strongest protection against ransomware attacks. The solution must follow Microsoft Security Best Practices.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 35

Options:

Buy Now
Questions 36

Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

SC-100 Question 36

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.

Solution: You recommend creating private endpoints for the web app and the database layer.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 37

You design cloud-based software as a service (SaaS) solutions.

You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices.

What should you recommend doing first?

Options:

A.

Implement data protection.

B.

Develop a privileged access strategy.

C.

Prepare a recovery plan.

D.

Develop a privileged identity strategy.

Buy Now
Questions 38

You are designing an auditing solution for Azure landing zones that will contain the following components:

• SQL audit logs for Azure SQL databases

• Windows Security logs from Azure virtual machines

• Azure App Service audit logs from App Service web apps

You need to recommend a centralized logging solution for the landing zones. The solution must meet the following requirements:

• Log all privileged access.

• Retain logs for at least 365 days.

• Minimize costs.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 38

Options:

Buy Now
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Dec 20, 2024
Questions: 187

PDF + Testing Engine

$61.25  $174.99

Testing Engine

$47.25  $134.99
buy now SC-100 testing engine

PDF (Q&A)

$40.25  $114.99
buy now SC-100 pdf