March Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

SC-100 Microsoft Cybersecurity Architect Questions and Answers

Questions 4

You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates. VDI devices are members of the domain.

You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Azure Active Directory Domain Services (Azure AD DS) domain.

You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:

• Ensure that the hosts are onboarded to Defender for Endpoint during the first startup sequence.

• Ensure that the Microsoft Defender 365 portal contains a single entry for each deployed VDI host.

• Minimize administrative effort.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 5

Your company is developing a new Azure App Service web app. You are providing design assistance to verify the security of the web app.

You need to recommend a solution to test the web app for vulnerabilities such as insecure server configurations, cross-site scripting (XSS), and SQL injection. What should you include in the recommendation?

Options:

A.

interactive application security testing (IAST)

B.

static application security testing (SAST)

C.

runtime application se/f-protection (RASP)

D.

dynamic application security testing (DAST)

Questions 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing the encryption standards for data at rest for an Azure resource.

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses Microsoft-managed keys.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 7

Your company has a Microsoft 365 E5 subscription.

Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?

Options:

A.

insider risk management policies

B.

data loss prevention (DLP) policies

C.

sensitivity label policies

D.

retention policies

Questions 8

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.

The company signs a contract with the United States government.

You need to review the current subscription for NIST 800-53 compliance.

What should you do first?

Options:

A.

From Defender for Cloud, review the secure score recommendations.

B.

From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.

C.

From Defender for Cloud, review the Azure security baseline for audit report.

D.

From Defender for Cloud, add a regulatory compliance standard.

Questions 9

You have an operational model based on the Microsoft Cloud Adoption framework for Azure.

You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, database, files, and storage accounts.

What should you include in the recommendation?

Options:

A.

security baselines in the Microsoft Cloud Security Benchmark

B.

modern access control

C.

business resilience

D.

network isolation

Buy Now
Questions 10

Your company has a hybrid cloud infrastructure that contains an on-premises Active Directory Domain Services (AD DS) forest, a Microsoft B65 subscription, and an Azure subscription.

The company's on-premises network contains internal web apps that use Kerberos authentication. Currently, the web apps are accessible only from the network.

You have remote users who have personal devices that run Windows 11.

You need to recommend a solution to provide the remote users with the ability to access the web apps. The solution must meet the following requirements:

• Prevent the remote users from accessing any other resources on the network.

• Support Azure Active Directory (Azure AD) Conditional Access.

• Simplify the end-user experience.

What should you include in the recommendation?

Options:

A.

Azure AD Application Proxy

B.

Azure Virtual WAN

C.

Microsoft Tunnel

D.

web content filtering in Microsoft Defender for Endpoint

Questions 11

You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft Sentinel deployment.

You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?

Options:

A.

playbooks

B.

workbooks

C.

notebooks

D.

threat intelligence

Questions 12

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Buy Now
Questions 13

What should you create in Azure AD to meet the Contoso developer requirements?

Options:

Buy Now
Questions 14

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 15

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Questions 16

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Buy Now
Questions 17

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Questions 18

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Options:

Buy Now
Questions 19

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Questions 20

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Questions 21

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Options:

Buy Now
Questions 22

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Options:

Buy Now
Questions 23

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 24

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 25

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 26

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Questions 27

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Mar 29, 2024
Questions: 171

PDF + Testing Engine

$140

Testing Engine

$105

PDF (Q&A)

$90