Verified SC-100 dumps Q&As - Pass Guarantee Exam Dumps Test Engine [2024]
SC-100 dumps and 169 unique questions
Microsoft SC-100 exam is designed to test the knowledge and skills of cybersecurity professionals who are interested in becoming a Microsoft Certified Cybersecurity Architect. SC-100 exam is aimed at individuals who have experience in cybersecurity and are looking to advance their career by obtaining a certification that is recognized globally.
Skills measured
- Download the study guide in the preceding “Tip” box for more details about the skills measured on this exam.
- Design security for infrastructure (20–25%)
- Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)
- Design a Zero Trust strategy and architecture (30–35%)
- Design a strategy for data and applications (20–25%)
NEW QUESTION # 21
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend configuring gateway-required virtual network integration.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION # 22
You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.
What should you configure for each landing zone?
- A. Azure DDoS Protection Standard
- B. an ExpressRoute gateway
- C. an Azure Private DNS zone
- D. Microsoft Defender for Cloud
Answer: B
Explanation:
One of the stipulations is to meet the business requirements of minimizing costs. ExpressRoute is expensive.
Given the landing zone requirements of
1) "Use a DNS namespace of litware.com"
2) "Ensure that the Azure virtual machines in each landing zone communicate with Azure App Service web apps in the same zone over the Microsoft backbone network, rather than over public endpoints"
NEW QUESTION # 23
You are creating the security recommendations for an Azure App Service web app named App1.
App1 has the following specifications:
* Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
* Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 24
You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD) The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
- A. Azure AD Privileged Identity Management (PIM)
- B. resource-based authorization
- C. role-based authorization
- D. Azure AD Multi-Factor Authentication
Answer: A
Explanation:
Explanation
(https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure)
https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing?rtc=1
NEW QUESTION # 25
You have legacy operational technology (OT) devices and loT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
- A. threat monitoring
- B. active scanning
- C. passive traffic monitoring
- D. software patching
Answer: A,D
NEW QUESTION # 26
Your company has devices that run either Windows 10, Windows 11, or Windows Server.
You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?
- A. Microsoft Intune
- B. Local Group Policy Object (LGPO)
- C. Policy Analyzer
- D. Windows Autopilot
Answer: C
Explanation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10
NEW QUESTION # 27
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
NEW QUESTION # 28
Your company has an on-premises network and an Azure subscription.
The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.
You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.
You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.
What should you include in the recommendation?
- A. virtual network integration
- B. virtual network NAT gateway integration
- C. hybrid connections
- D. a private endpoint
Answer: B
NEW QUESTION # 29
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions that allow traffic from the Front Door service tags.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#restrict-access-to-a-specific-azure
NEW QUESTION # 30
You are designing an auditing solution for Azure landing zones that will contain the following components:
* SQL audit logs for Azure SQL databases
* Windows Security logs from Azure virtual machines
* Azure App Service audit logs from App Service web apps
You need to recommend a centralized logging solution for the landing zones. The solution must meet the following requirements:
* Log all privileged access.
* Retain logs for at least 365 days.
* Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 31
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
NEW QUESTION # 32
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components:
* Azure loT Edge devices
* AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 33
Your company plans to provision blob storage by using an Azure Storage account The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?
- A. inbound rules in network security groups (NSGs)
- B. managed rule sets in Azure Web Application Firewall (WAF) policies
- C. service tags in network security groups (NSGs)
- D. firewall rules for the storage account
- E. inbound rules in Azure Firewall
Answer: A
NEW QUESTION # 34
You need to recommend a solution to meet the compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 35
You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.
What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 36
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
* User accounts that were potentially compromised
* Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.
Answer:
Explanation:
NEW QUESTION # 37
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All the on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend configurations to meet the following requirements:
* Ensure that the security operations team can access the security logs and the operation logs.
* Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A. the Azure Monitor agent
- B. Azure Active Directory (Azure AD) Conditional Access policies
- C. resource-based role-based access control (RBAC)
- D. a custom collector that uses the Log Analytics agent
Answer: A,C
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent
NEW QUESTION # 38
You open Microsoft Defender for Cloud as shown in the following exhibit.
Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 39
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 40
You have an Azure AD tenant that syncs with an Active Directory Domain Services {AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD.
You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.
You plan to remove all the domain accounts from the Administrators group on the Windows computers.
You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.
What should you include in the recommendation?
- A. Local Administrator Password Solution (LAPS)
- B. Privileged Access Workstations (PAWs)
- C. Azure AD Privileged Identity Management (PIM)
- D. Azure AD identity Protection
Answer: A
NEW QUESTION # 41
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
- A. Azure Event Hubs
- B. Azure Data Factor
- C. a Microsoft Sentinel data connector
- D. a Microsoft Sentinel workbook
Answer: A
Explanation:
Explanation
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-side-by-side-with-splunk-via-eve
NEW QUESTION # 42
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:
* Windows 11 devices managed by Microsoft Intune
* Azure Storage accounts
* Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
NEW QUESTION # 43
......
SC-100 Dumps for Pass Guaranteed - Pass SC-100 Exam: https://pass4sure.passtorrent.com/SC-100-latest-torrent.html