Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Microsoft SC-100 Microsoft Cybersecurity Architect Exam Practice Test

Page: 1 / 22
Total 215 questions

Microsoft Cybersecurity Architect Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$49  $139.99

PDF Study Guide

  • Product Type: PDF Study Guide
$42  $119.99
Question 1

You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect from personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG).

You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:

• Ensure that each time the support staff connects to a jump server; they must request access to the server.

• Ensure that only authorized support staff can initiate SSH connections to the jump servers.

• Maximize protection against brute-force attacks from internal networks and the internet.

• Ensure that users can only connect to the jump servers from the internet.

• Minimize administrative effort.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 2

You have an Azure subscription.

Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.

What should you recommend using to enforce the governance requirement?

Options:

A.

regulatory compliance standards in Microsoft Defender for Cloud

B.

custom Azure roles

C.

Azure Policy assignments

D.

Azure management groups

Question 3

You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.

What should you recommend as part of the landing zone deployment?

Options:

A.

service chaining

B.

local network gateways

C.

forced tunneling

D.

a VNet-to-VNet connection

Question 4

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network.

The company's security policy prevents the use of personal devices for accessing company data and applications.

You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.

What should you include in the recommendation?

Options:

A.

Migrate the on-premises applications to cloud-based applications.

B.

Redesign the VPN infrastructure by adopting a split tunnel configuration.

C.

Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D.

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Question 5

You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

You need to recommend a security solution that meets the following requirements:

• Detects vulnerability scans of the apps

• Detects whether newly deployed apps are vulnerable to attack

What should you recommend using? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 6

You have the Azure subscriptions shown in the following table.

The tenants contain the groups shown in the following table.

You perform the following actions:

• Configure multi-user authorization (MUA) for Vault1 by using a resource guard deployed to Sub2.

• Enable all available MUA controls for Vault1.

• In contoso.com, create a Privileged Identity Management (PIM) assignment named Assignment1.

• Configure Assignment1 to enable Group! to activate the Contributor role for Vault1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Options:

Question 7

You have an on-premises datacenter and an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to restrict internet access to the public endpoint of AKS 1. The solution must ensure that AKS1 can be accessed only from the public IP addresses associated with the on-premises datacenter.

What should you use?

Options:

A.

a network security group (N5G)

B.

a service endpoint

C.

a private endpoint

D.

an authorized IP range

Question 8

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation?

Options:

A.

Azure Active Directory (Azure AD) enterprise applications

B.

an Azure App Service Environment (ASE)

C.

Azure service endpoints

D.

an Azure Active Directory (Azure AD) application proxy

Question 9

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Options:

A.

Azure Active Directory (Azure AD) Conditional Access App Control policies

B.

OAuth app policies in Microsoft Defender for Cloud Apps

C.

app protection policies in Microsoft Endpoint Manager

D.

application control policies in Microsoft Defender for Endpoint

Question 10

Your company, named Contoso. Ltd... has an Azure AD tenant namedcontoso.com. Contoso has a partner company named Fabrikam. Inc. that has an Azure AD tenant named fabrikam.com. You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso. The solution must meet the following requirements:

• Follow the principle of least privilege.

• Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 11

You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG)

You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:

• Ensure that each time the support staff connects to a jump server; they must request access to the server.

• Ensure that only authorized support staff can initiate SSH connections to the jump servers.

• Maximize protection against brute-force attacks from internal networks and the internet.

• Ensure that users can only connect to the jump servers from the internet.

• Minimize administrative effort

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 12

You are designing a security operations strategy based on the Zero Trust framework.

You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).

Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer, move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.

Options:

Question 13

Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.

You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

Question 14

You are designing a ransomware response plan that follows Microsoft Security Best Practices-

You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.

What should you include in the recommendations?

Options:

A.

Privileged Access Workstations (PAWs)

B.

emergency access accounts

C.

device compliance policies

D.

Customer Lockbox for Microsoft Azure

Question 15

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options:

A.

an Azure AD enterprise application

B.

a retying party trust in Active Directory Federation Services (AD FS)

C.

Azure AD Application Proxy

D.

Azure AD B2C

Question 16

You are designing the security architecture for a cloud-only environment.

You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA).

You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements:

• Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal.

• Detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting.

What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 17

Your company wants to optimize using Azure to protect its resources from ransomware.

You need to recommend which capabilities of Azure Backup and Azure Storage provide the strongest protection against ransomware attacks. The solution must follow Microsoft Security Best Practices.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 18

You plan to automate the development and deployment of a Nodejs-based app by using GitHub.

You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:

• Automate the generation of pull requests that remediate identified vulnerabilities.

• Automate vulnerability code scanning for public and private repositories.

• Minimize administrative effort.

• Minimize costs.

What should you recommend using? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 19

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.

You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.

Which identity service should you include in the recommendation?

Options:

A.

Azure Active Directory Domain Services (Azure AD DS)

B.

Azure Active Directory (Azure AD) B2C

C.

Azure Active Directory (Azure AD)

D.

Active Directory Domain Services (AD DS)

Question 20

You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.

You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?

Options:

A.

Azure Monitor webhooks

B.

Azure Logics Apps

C.

Azure Event Hubs

D.

Azure Functions apps

Question 21

You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft Sentinel deployment.

You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?

Options:

A.

playbooks

B.

workbooks

C.

notebooks

D.

threat intelligence

Question 22

You have an Azure subscription that contains the resources shown in the following table.

You need to recommend a network security solution for App1. The solution must meet the following requirements:

• Only the virtual machines that are connected to Subnet1 must be able to connect to D81.

• DB1 must be inaccessible from the internet

• Costs must be minimized.

What should you include in the recommendation? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.

Options:

Question 23

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Options:

Question 24

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Question 25

What should you create in Azure AD to meet the Contoso developer requirements?

Options:

Question 26

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Question 27

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Question 28

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 29

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 30

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Question 31

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 32

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Question 33

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 34

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Question 35

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Question 36

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Options:

Question 37

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Options:

Question 38

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Question 39

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 40

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 41

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Page: 1 / 22
Total 215 questions