Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

SC-100 Microsoft Cybersecurity Architect Questions and Answers

Questions 4

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 5

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Buy Now
Questions 6

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Buy Now
Questions 7

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 8

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Buy Now
Questions 9

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Buy Now
Questions 10

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 11

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Buy Now
Questions 12

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Options:

Buy Now
Questions 13

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Buy Now
Questions 14

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 15

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 16

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.

You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.

What should you include in the recommendation?

Options:

A.

Apply read-only locks on the storage accounts.

B.

Set the AllowSharcdKeyAccess property to false.

C.

Set the AllowBlobPublicAcccss property to false.

D.

Configure automated key rotation.

Buy Now
Questions 17

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Options:

Buy Now
Questions 18

You have a Microsoft 365 subscription that contains 1,000 users and a group named Group1. All the users have Windows 11 devices. The users sign in to their devices by using their Microsoft Entra account. The users do NOT have administrative rights to their devices.

The members of Group1 remotely assist the users by taking control of user sessions. The remote control sessions run in the security context of the users they are assisting.

You need to recommend a solution that will enable the Group1 members to run apps that require administrative rights to the users ' devices. The solution must ensure that the apps are run in the context of each signed-in standard user.

What should you include in the recommendation?

Options:

A.

Microsoft Intune Endpoint Privilege Management

B.

Windows Local Administrator Password Solution (Windows LAPS)

C.

Cloud Infrastructure Entitlement Management

D.

Privileged Identity Management (PIM) in Microsoft Entra ID

Buy Now
Questions 19

You have the resources shown in the following table.

You need to configure multi-user authorization (MUA) for Azure Backup to protect the Recovery Services vaults. The solution must maximize the security of the MUA configuration and follow the principle of least privilege.

To which location should you deploy Resource Guard, and which role-based access control (RBAC) role should you assign to the team responsible for managing the backup of Resource Guard? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 20

Your company is moving all on-premises workloads to Azure and Microsoft 365. You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:

• Minimizes manual intervention by security operation analysts

• Supports Waging alerts within Microsoft Teams channels

What should you include in the strategy?

Options:

A.

data connectors

B.

playbooks

C.

workbooks

D.

KQL

Buy Now
Questions 21

You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (O/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure. What should you recommend?

Options:

A.

unit testing

B.

penetration testing

C.

dependency testing

D.

threat modeling

Buy Now
Questions 22

You have 50 Azure subscriptions.

You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.

NOTE: Each correct selection is worth one point.

Options:

A.

Assign an initiative to a management group.

B.

Assign a policy to each subscription.

C.

Assign a policy to a management group.

D.

Assign an initiative to each subscription.

E.

Assign a blueprint to each subscription.

F.

Assign a blueprint to a management group.

Buy Now
Questions 23

You have a multi-cloud environment that contains an Azure subscription and an Amazon Web Services (AWS) account.

You need to implement security services in Azure to manage the resources in both subscriptions. The solution must meet the following requirements:

• Automatically identify threats found in AWS CloudTrail events.

• Enforce security settings on AWS virtual machines by using Azure policies.

What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 24

You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG)

You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:

• Ensure that each time the support staff connects to a jump server; they must request access to the server.

• Ensure that only authorized support staff can initiate SSH connections to the jump servers.

• Maximize protection against brute-force attacks from internal networks and the internet.

• Ensure that users can only connect to the jump servers from the internet.

• Minimize administrative effort

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 25

You have on-premises Windows 11 devices that have the Global Secure Access client deployed.

You have a Microsoft 365 subscription that uses Microsoft SharePoint Online and Exchange Online.

You deploy Microsoft Entra Internet Access from the on-premises network to Microsoft 365. The deployment has the Microsoft 365 profile enabled and contains the following:

• Default traffic policies for Microsoft 365 services

• A linked Conditional Access policy that performs compliant network checks with continuous access evaluation and is applied to all users

• An assignment to all the devices

• An assignment to a remote network associated with the on-premises network

Which Microsoft 365 resources are protected by using continuous access evaluation?

Options:

A.

SharePoint Online only

B.

Exchange Online only

C.

both SharePoint Online and Exchange Online

Buy Now
Questions 26

Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DS).

You need to recommend an identity security strategy that meets the following requirements:

• Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website

• Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned

The solution must minimize the need to deploy additional infrastructure components. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 27

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company ' premises network.

The company ' s security policy prevents the use of personal devices for accessing company data and applications.

You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.

What should you include in the recommendation?

Options:

A.

Migrate the on-premises applications to cloud-based applications.

B.

Redesign the VPN infrastructure by adopting a split tunnel configuration.

C.

Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

D.

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Buy Now
Questions 28

Azure subscription that uses Azure Storage.

The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be t\me-Vim\ted. What should you include in the recommendation?

Options:

A.

Create shared access signatures (SAS).

B.

Share the connection string of the access key.

C.

Configure private link connections.

D.

Configure encryption by using customer-managed keys (CMKs)

Buy Now
Questions 29

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Options:

A.

Azure Active Directory (Azure AD) Conditional Access App Control policies

B.

OAuth app policies in Microsoft Defender for Cloud Apps

C.

app protection policies in Microsoft Endpoint Manager

D.

application control policies in Microsoft Defender for Endpoint

Buy Now
Questions 30

You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 £5 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11.

You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks.

What should you include in the recommendation?

Options:

A.

Authenticated scan for Windows in Microsoft Defender Vulnerability Management

B.

Microsoft Secure Score for Devices in Defender for Endpoint

C.

attack surface reduction (ASR) rules in Defender for Endpoint

D.

security baselines assessments in Microsoft Defender Vulnerability Management

Buy Now
Questions 31

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 32

Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States.

You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attach surface.

What should you include in the recommendation?

Options:

A.

Azure Firewall Premium

B.

Azure Application Gateway Web Application Firewall (WAF)

C.

network security groups (NSGs)

D.

Azure Traffic Manager and application security groups

Buy Now
Questions 33

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a 10-node virtual machine scale set that hosts a web search app named App1. Customers access App1 from the internet. The nodes establish outbound HTTP and HTTPS connections to the internet.

You need to recommend a network security solution for App1. The solution must meet the following requirements:

• Inbound connections to App1 that contain security threats specified in the Core Rule. Set (CRS) from the Open Web Application Security Project (OWASP) must be blocked.

• Outbound HTTP and HTTPS connections from the virtual machine scale set that contain security threats identified by the Microsoft Defender Threat Intelligence (Defender Tl) feed must be blocked.

What should you include in the recommendation? To answer, select the options in the answer area,

NOTE: Each correct answer is worth one point.

Options:

Buy Now
Questions 34

You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect from personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG).

You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:

• Ensure that each time the support staff connects to a jump server; they must request access to the server.

• Ensure that only authorized support staff can initiate SSH connections to the jump servers.

• Maximize protection against brute-force attacks from internal networks and the internet.

• Ensure that users can only connect to the jump servers from the internet.

• Minimize administrative effort.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 35

You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 36

Your company, named Contoso. Ltd... has an Azure AD tenant namedcontoso.com. Contoso has a partner company named Fabrikam. Inc. that has an Azure AD tenant named fabrikam.com. You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso. The solution must meet the following requirements:

• Follow the principle of least privilege.

• Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 37

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 38

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server! that runs Windows Server.

You have an Azure subscription that is linked to a hybrid Microsoft Entra tenant and contains a user named User1. User1 works remotely.

You need to ensure that User1 can establish RDP connections to Server1 via the internet. The solution must ensure that User1 authenticates by using multifactor authentication (MFA).

What should you include in the solution?

Options:

A.

Microsoft Entra Internet Access

B.

Windows Admin Center

C.

Azure Bastion

D.

Microsoft Entra Private Access

Buy Now
Questions 39

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 40

You have an Azure subscription that contains multiple apps. The apps are managed by using continuous integration and continuous deployment (CI/CD) pipelines in Azure DevOps.

You need to recommend DevSecOps controls for the Commit the code and the Build and test CI/CD process stages based on the Microsoft Cloud Adoption Framework for Azure.

Which testing method should you recommend for each stage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 41

Your company has a hybrid cloud infrastructure.

Data and applications are moved regularly between cloud environments.

The company ' s on-premises network is managed as shown in the following exhibit.

You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements:

    Govern virtual machines and servers across multiple environments.

    Enforce standards for all the resources across all the environment across the Azure policy.

Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure VPN Gateway

B.

guest configuration in Azure Policy

C.

on-premises data gateway

D.

Azure Bastion

E.

Azure Arc

Buy Now
Questions 42

Your network contains an on-premises Active Directory Domain Services (ADDS) domain that syncs with a Microsoft Entra tenant. You need to assess the domain to identify potential credential exposure risks. The solution must meet the following requirements:

• Provide actionable recommendations to mitigate the risks.

• Minimize administrative effort

What should you use?

Options:

A.

Microsoft Defender for Cloud Apps

B.

Microsoft Secure Score

C.

Microsoft Assessment and Planning (MAP) Toolkit

D.

Microsoft Defender for Identity

Buy Now
Questions 43

You have an Azure subscription that contains multiple Azure Storage blobs and Azure Files shares.

You need to recommend a security solution for authorizing access to the blobs and shares. The solution must meet the following requirements:

• Support access to the shares by using the SMB protocol.

• Limit access to the blobs to specific periods of time.

• Include authentication support when possible.

What should you recommend for each resource? To answer, select the options in the answer area.

NOTE: Each correct answer is worth one point.

Options:

Buy Now
Questions 44

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 45

You have a Microsoft Entra tenant that contains two users named User! and User2.

A recent audit reveals that User1 has a permanent assignment to the User Administrator role, even though the user account belongs to a former contractor

The security team at your company has the following requirements:

• Ensure that all privileged role assignments are periodically validated.

• Use Privileged Identity Management (PIM) to automate and enforce the validation process

You need to ensure that User2 can meet the security requirements. The solution must follow the principle of least privilege. Which role should you assign to User2, and what should User2 use? To answer, select the appropriate options in the answer area.

Options:

Buy Now
Questions 46

You are designing a ransomware response plan that follows Microsoft Security Best Practices.

You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files.

What should you include in the recommendation?

Options:

A.

Microsoft Defender for Endpoint

B.

Windows Defender Device Guard

C.

protected folders

D.

Azure Files

E.

BitLocker Drive Encryption (BitLocker)

Buy Now
Questions 47

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Options:

Buy Now
Questions 48

You plan to automate the development and deployment of a Nodejs-based app by using GitHub.

You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:

• Automate the generation of pull requests that remediate identified vulnerabilities.

• Automate vulnerability code scanning for public and private repositories.

• Minimize administrative effort.

• Minimize costs.

What should you recommend using? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 49

You have legacy operational technology (OT) devices and loT devices.

You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.

Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point

Options:

A.

passive traffic monitoring

B.

active scanning

C.

threat monitoring

D.

software patching

Buy Now
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Jun 28, 2026
Questions: 269
SC-100 pdf

SC-100 PDF

$28.5  $94.99
SC-100 Engine

SC-100 Testing Engine

$33  $109.99
SC-100 PDF + Engine

SC-100 PDF + Testing Engine

$43.5  $144.99