Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Microsoft > Microsoft Certified: Cybersecurity Architect Expert > SC-100

SC-100 Microsoft Cybersecurity Architect Question and Answers

Question # 4

You have an Azure subscription that contains multiple Azure Blob Storage accounts.

You need to recommend a solution to detect threats in files after the files are uploaded to a blob container.

What should you include in the recommendation?

A.

vulnerability assessment in Microsoft Defender for Containers

B.

runtime threat protection in Microsoft Defender for Containers

C.

malware scanning in Microsoft Defender for Storage

D.

sensitive data threat detection in Microsoft Defender for Storage

Full Access
Question # 5

A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

You need to design an identity strategy for the app. The solution must meet the following requirements:

• Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.

• Be managed separately from the identity store of the customer.

• Support fully customizable branding for each app.

Which service should you recommend to complete the design?

A.

Azure Active Directory (Azure AD) B2C

B.

Azure Active Directory (Azure AD) B2B

C.

Azure AD Connect

D.

Azure Active Directory Domain Services (Azure AD DS)

Full Access
Question # 6

You have an Azure subscription that contains 100 virtual machines, a virtual network named VNet1, and 20 users. The virtual machines run Windows Server and are connected to VNet1. The users work remotely and access Azure resources from Linux workstations.

You need to ensure that the users can connect to the virtual machines from the workstations by using Secure Shell {SSH). The solution must meet the following requirements:

• Ensure that the users authenticate by using their Microsoft Entra credentials.

• Prevent the users from transferring files from the virtual machines by using SSH.

• Prevent the users from directly accessing the virtual machines by using the public IP address of the virtual machines.

What should you include in the solution?

A.

Azure Bastion

B.

Azure NAT Gateway

C.

just-in-time (JIT) VM access

D.

Point-to-Site (P2S) VPN

Full Access
Question # 7

You need to design a solution to accelerate a Zero Trust security implementation. The solution must be based on the Zero Trust Rapid Modernization Plan (RaMP).

Which three initiatives should you include in the solution, and in which order should you implement the initiatives? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: Each correct selection is worth one point.

Full Access
Question # 8

You have 500 Windows 11 devices and 200 macOS devices. The devices are managed by using Microsoft Intune and are subject to compliance policies.

You plan to deploy the following Intune features:

• Security baselines

• Remote lock of noncompliant devices

Which feature will be supported by each platform? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 9

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 hosts a Windows node pool named Pool1 and a Linux node pool named Pool2.

You are designing a pool update strategy for AKS1.

You need to recommend how often to replace the operating system images deployed to the nodes. The solution must meet the following requirements:

• Minimize how long it takes to apply operating system updates once the updates are released.

• Minimize administrative effort.

What should you recommend for each pool? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 10

You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements:

• Prevent the need to enable ports 3389 and 22 from the internet.

• Only provide permission to connect the virtual machines when required.

• Ensure that administrators use the Azure portal to connect to the virtual machines.

Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.

B.

Configure Azure VPN Gateway.

C.

Enable Just Enough Administration (JEA).

D.

Enable just-in-time (JIT) VM access.

E.

Configure Azure Bastion.

Full Access
Question # 11

You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.

What should you recommend as part of the landing zone deployment?

A.

service chaining

B.

local network gateways

C.

forced tunneling

D.

a VNet-to-VNet connection

Full Access
Question # 12

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Full Access
Question # 13

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Full Access
Question # 14

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Full Access
Question # 15

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 16

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Full Access
Question # 17

What should you create in Azure AD to meet the Contoso developer requirements?

Full Access
Question # 18

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Full Access
Question # 19

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 20

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 21

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Full Access
Question # 22

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Full Access
Question # 23

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 24

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 25

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 26

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Full Access
Question # 27

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Full Access
Question # 28

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Full Access
Question # 29

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Full Access
Question # 30

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Full Access