Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Microsoft SC-100 Dumps

Page: 1 / 30
Total 296 questions

Microsoft Cybersecurity Architect Questions and Answers

Question 1

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 2

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

as

Options:

Question 3

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

as

Options:

Question 4

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 5

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Question 6

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

as

Options:

Question 7

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Question 8

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 9

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Question 10

Your network contains an Active Directory Domain Services (AD DS) domain named Domain1.

You have a Microsoft Entra tenant.

Domain1 syncs with the tenant by using Microsoft Entra Connect.

You need to evaluate Microsoft Entra smart lockout by testing the following account lockout considerations:

The number of failed sign-in attempts that trigger a lockout.

as

Options:

Question 11

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and Microsoft Purview.

You need to recommend a data protection solution. The solution must ensure that you can identify users that download atypical amounts of data from Microsoft SharePoint Online.

Which service should you include in the recommendation, and which policy should be configured? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 12

You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft Sentinel deployment.

You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?

Options:

A.

playbooks

B.

workbooks

C.

notebooks

D.

threat intelligence

Question 13

You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

You need to recommend a security solution that meets the following requirements:

• Detects vulnerability scans of the apps

• Detects whether newly deployed apps are vulnerable to attack

What should you recommend using? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

as

Options:

Question 14

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

as

as

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate?

Options:

A.

Data Protection

B.

Incident Response

C.

Posture and Vulnerability Management

D.

Asset Management

E.

Endpoint Security

Question 15

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.

You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.

Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

Configure auto provisioning.

B.

Assign regulatory compliance policies.

C.

Review the inventory.

D.

Add a workflow automation.

E.

Enable Defender plans.

Question 16

You need to recommend a security methodology for a DevOps development process based on the Microsoft Cloud Adoption Framework for Azure.

During which stage of a continuous integration and continuous deployment (CI/CD) DevOps process should each security-related task be performed? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point

as

Options:

Question 17

Your network contains an on-premises Active Directory Domain Services (AD DS) domain.

You have a Microsoft 365 subscription.

You need to recommend a solution to evaluate the security and governance of the domains. The solution must meet the following requirements:

• identify configuration issues and administrative vulnerabilities.

• Minimize effort.

What should you include in the recommendation?

Options:

A.

Microsoft Entra ID Protection

B.

Microsoft Defender for Servers

C.

Microsoft Defender for Identity

D.

Microsoft Sentinel

Question 18

You have 500 Windows 11 devices and 200 macOS devices. The devices are managed by using Microsoft Intune and are subject to compliance policies.

You plan to deploy the following Intune features:

• Security baselines

• Remote lock of noncompliant devices

Which feature will be supported by each platform? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 19

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company ' premises network.

The company ' s security policy prevents the use of personal devices for accessing company data and applications.

You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.

What should you include in the recommendation?

Options:

A.

Migrate the on-premises applications to cloud-based applications.

B.

Redesign the VPN infrastructure by adopting a split tunnel configuration.

C.

Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D.

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Question 20

You have an on-premises network and a Microsoft 365 subscription.

You are designing a Zero Trust security strategy.

Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution.

NOTE: Each correct answer is worth one point.

Options:

A.

Block sign-attempts from unknown location.

B.

Always allow connections from the on-premises network.

C.

Disable passwordless sign-in for sensitive account.

D.

Block sign-in attempts from noncompliant devices.

Question 21

You have a Microsoft 365 subscription.

You need to design a solution to block file downloads from Microsoft SharePoint Online by authenticated users on unmanaged devices.

Which two services should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Microsoft Defender for Cloud Apps

B.

Azure AD Application Proxy

C.

Azure Data Catalog

D.

Azure AD Conditional Access

E.

Microsoft Purview Information Protection

Question 22

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Options:

A.

Azure Active Directory (Azure AD) Conditional Access App Control policies

B.

OAuth app policies in Microsoft Defender for Cloud Apps

C.

app protection policies in Microsoft Endpoint Manager

D.

application control policies in Microsoft Defender for Endpoint

Question 23

You have an Azure environment that contains multiple workloads deployed across multiple subscriptions.

You need to recommend a solution to assess and improve the security posture of the workloads. The solution must meet the following requirements:

• Use the Microsoft Cloud Adoption Framework for Azure to evaluate compliance with cloud governance policies.

• Use the Azure Well-Architected Framework to secure individual workloads.

What should you include in the recommendation for each requirement? To answer, drag the appropriate recommendations to the correct requirements. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content

NOTE: Each correct selection is worth one point.

as

Options:

Question 24

You have an operational model based on the Microsoft Cloud Adoption framework for Azure.

You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, database, files, and storage accounts.

What should you include in the recommendation?

Options:

A.

security baselines in the Microsoft Cloud Security Benchmark

B.

modern access control

C.

business resilience

D.

network isolation

Question 25

You are evaluating an Azure environment for compliance.

You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.

Which effect should you use in Azure Policy?

Options:

A.

Deny

B.

Disabled

C.

Modify

D.

Append

Question 26

You have an Azure subscription.

You plan to deploy Azure App Services apps by using Azure DevOps.

You need to recommend a solution to ensure that deployed apps maintain compliance with Microsoft cloud security benchmark (MCSB) recommendations.

What should you include in the recommendation?

Options:

A.

DevOps security in Microsoft Defender for Cloud

B.

Microsoft Defender for App Service

C.

a branch policy in Azure DevOps

D.

Azure Policy

Question 27

Your company has two offices named Office1 and Office2. The offices contain 1,000 on-premises Windows 11 devices that are Microsoft Entra joined.

You have a Microsoft 365 subscription and use Microsoft Intune.

You plan to deploy Microsoft Entra Internet Access from the offices to Microsoft 365.

You enable the Microsoft 365 profile and configure the following:

• A traffic policy for all Microsoft 365 traffic

• A linked Conditional Access policy that has the following configurations:

° Applies to all users

° Performs compliant network checks

o Allows Microsoft 365 traffic from compliant devices

• An assignment to all devices

• An assignment to the remote network associated with Office1

You deploy the Global Secure Access client to all the devices in Office2 and establish connections.

Which users can access Microsoft 365 services from compliant devices, and which users are blocket1 from accessing Microsoft 365 services when using noncompliar devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 28

You have a Microsoft 365 subscription that contains 1,000 users. Each user is assigned a Microsoft 365 E5 license.

The subscription uses sensitivity labels to classify corporate documents. All the users have Windows 11 devices that are onboarded to Microsoft Defender for Endpoint and are configured to sync files to Microsoft OneDrive.

You need to prevent the users from uploading the documents from OneDrive to external websites.

What should you include in the solution?

Options:

A.

Microsoft Purview Information Protection

B.

Microsoft Purview data loss prevention (DLP)

C.

web content filtering in Defender for Endpoint

D.

an endpoint security policy

Question 29

You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:

• Encrypt cardholder data by using encryption keys managed by the company.

• Encrypt insurance claim files by using encryption keys hosted on-premises.

Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.

B.

Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM

C.

Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.

D.

Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.

Question 30

You have an on-premises datacenter. The datacenter contains a server named Server1 that runs Windows Server 2022 and a firewall that prevents Server1 from connecting to the internet.

You have an Azure subscription named Sub1.

You need to recommend a resiliency strategy for Server1 that incorporates a backup plan to transfer the data from Server1 to Sub1.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 31

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Question 32

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

as

Options:

Question 33

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Question 34

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 35

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Question 36

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Question 37

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Question 38

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Question 39

What should you create in Azure AD to meet the Contoso developer requirements?

as

Options:

Question 40

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

as

Options:

Page: 1 / 30
Total 296 questions