New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SC-100 Microsoft Cybersecurity Architect Questions and Answers

Questions 4

Your company is moving all on-premises workloads to Azure and Microsoft 365. You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:

• Minimizes manual intervention by security operation analysts

• Supports Waging alerts within Microsoft Teams channels

What should you include in the strategy?

Options:

A.

data connectors

B.

playbooks

C.

workbooks

D.

KQL

Buy Now
Questions 5

You have an Azure subscription and an on-premises datacenter. The datacenter contains 100 servers that run Windows Server. AJI the servers are backed up to a Recovery Services vault by using Azure Backup and the Microsoft Azure Recovery Services (MARS) agent.

You need to design a recovery solution for ransomware attacks that encrypt the on-premises servers. The solution must follow Microsoft Security Best Practices and protect against the following risks:

• A compromised administrator account used to delete the backups from Azure Backup before encrypting the servers

• A compromised administrator account used to disable the backups on the MARS agent before encrypting the servers

What should you use for each risk? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point

Options:

Buy Now
Questions 6

Your company has an on-premises network and an Azure subscription.

The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.

You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.

You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.

What should you include in the recommendation?

Options:

A.

a private endpoint

B.

hybrid connections

C.

virtual network NAT gateway integration

D.

virtual network integration

Buy Now
Questions 7

Your company has offices in New York City and Los Angeles.

The New York City office contains an on-premises app named Appl.

You have an Azure subscription. The subscription is linked to a Microsoft Entra tenant that is hosted in North America.

You plan to manage access to App1 for the users in the Los Angeles office by using Microsoft Entra Private Access. You will deploy Private Access by performing the following actions:

• Provision an ExpressRoute circuit from the New York City office to the closest peering location.

• Create an Azure virtual network named VNet1 in the East US Azure region.

• Deploy a Microsoft Entra application proxy connector to VNet1.

You need to optimize the network for the planned deployment The solution must meet the following requirements:

• Maximize redundancy for connectivity to App1.

• Minimize network latency when accessing App1

• Minimize complexity.

• Minimize costs.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 8

Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.

Solution: You recommend implementing Azure Key Vault to store credentials.

Options:

A.

Yes

B.

No

Buy Now
Questions 9

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Buy Now
Questions 10

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Options:

Buy Now
Questions 11

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 12

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 13

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Buy Now
Questions 14

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 15

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Buy Now
Questions 16

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Buy Now
Questions 17

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 18

What should you create in Azure AD to meet the Contoso developer requirements?

Options:

Buy Now
Questions 19

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 20

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Buy Now
Questions 21

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 22

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Options:

Buy Now
Questions 23

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Buy Now
Questions 24

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 25

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Buy Now
Questions 26

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Buy Now
Questions 27

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Options:

Buy Now
Questions 28

Azure subscription that uses Azure Storage.

The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be t\me-Vim\ted. What should you include in the recommendation?

Options:

A.

Create shared access signatures (SAS).

B.

Share the connection string of the access key.

C.

Configure private link connections.

D.

Configure encryption by using customer-managed keys (CMKs)

Buy Now
Questions 29

You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications.

You need to recommend a deployment solution that includes network security groups (NSGs) Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure.

What should you include in the recommendation?

Options:

A.

the Azure landing zone accelerator

B.

the Azure Will-Architected Framework

C.

Azure Security Benchmark v3

D.

Azure Advisor

Buy Now
Questions 30

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

• Ensure that the security operations team can access the security logs and the operation logs.

• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options:

A.

Configure Azure Active Directory (Azure AD) Conditional Access policies.

B.

Use the Azure Monitor agent with the multi-homing configuration.

C.

Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

D.

Create a custom collector that uses the Log Analytics agent.

Buy Now
Questions 31

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

• Ensure that the security operations team can access the security logs and the operation logs.

• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options:

A.

Azure Active Directory (Azure AD) Conditional Access policies

B.

a custom collector that uses the Log Analytics agent

C.

resource-based role-based access control (RBAC)

D.

the Azure Monitor agent

Buy Now
Questions 32

You are designing a security operations strategy based on the Zero Trust framework.

You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.

What should you do?

Options:

A.

Enable built-in compliance policies in Azure Policy.

B.

Enable self-healing in Microsoft 365 Defender.

C.

Automate data classification.

D.

Create hunting queries in Microsoft 365 Defender.

Buy Now
Questions 33

You have legacy operational technology (OT) devices and loT devices.

You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.

Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point

Options:

A.

passive traffic monitoring

B.

active scanning

C.

threat monitoring

D.

software patching

Buy Now
Questions 34

You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.

You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?

Options:

A.

Azure Monitor webhooks

B.

Azure Logics Apps

C.

Azure Event Hubs

D.

Azure Functions apps

Buy Now
Questions 35

You have a hybrid cloud infrastructure.

You plan to deploy the Azure applications shown in the following table.

What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 36

You have Microsoft Defender for Cloud assigned to Azure management groups.

You have a Microsoft Sentinel deployment.

During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

workload protections in Defender for Cloud

B.

threat intelligence reports in Defender for Cloud

C.

Microsoft Sentinel notebooks

D.

Microsoft Sentinel threat intelligence workbooks

Buy Now
Questions 37

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 38

You have a Microsoft 365 subscription. You have an Azure subscription.

You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:

• Assign compliance policies to Microsoft 365 groups based on custom Microsoft Exchange Online attributes.

• Minimize the number of compliance policies

• Minimize administrative effort

What should you include in the solution?

Options:

A.

Azure AD Information Protection labels

B.

Microsoft 365 Defender user tags

C.

adaptive scopes

D.

administrative units

Buy Now
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Dec 27, 2024
Questions: 187
SC-100 pdf

SC-100 PDF

$28.5  $94.99
SC-100 Engine

SC-100 Testing Engine

$33  $109.99
SC-100 PDF + Engine

SC-100 PDF + Testing Engine

$43.5  $144.99