Customers Passed Microsoft SC-100 Exam
Average Score In Real SC-100 Exam
Questions came from our SC-100 dumps.
Welcome to PassExamHub's comprehensive study guide for the Microsoft Cybersecurity Architect exam. Our SC-100 dumps is designed to equip you with the knowledge and resources you need to confidently prepare for and succeed in the SC-100 certification exam.
PassExamHub's SC-100 dumps PDF is carefully crafted to provide you with a comprehensive and effective learning experience. Our study material includes:
In-depth Content: Our study guide covers all the key concepts, topics, and skills you need to master for the SC-100 exam. Each topic is explained in a clear and concise manner, making it easy to understand even the most complex concepts.
Online Test Engine: Test your knowledge and build your confidence with a wide range of practice questions that simulate the actual exam format. Our test engine cover every exam objective and provide detailed explanations for both correct and incorrect answers.
Exam Strategies: Get valuable insights into exam-taking strategies, time management, and how to approach different types of questions.
Real-world Scenarios: Gain practical insights into applying your knowledge in real-world scenarios, ensuring you're well-prepared to tackle challenges in your professional career.
Expertise: Our SC-100 exam questions answers are developed by experienced Microsoft certified professionals who have a deep understanding of the exam objectives and industry best practices.
Comprehensive Coverage: We leave no stone unturned in covering every topic and skill that could appear on the SC-100 exam, ensuring you're fully prepared.
Engaging Learning: Our content is presented in a user-friendly and engaging format, making your study sessions enjoyable and effective.
Proven Success: Countless students have used our study materials to achieve their SC-100 certifications and advance their careers.
Start Your Journey Today!
Embark on your journey to Microsoft Cybersecurity Architect success with PassExamHub. Our study material is your trusted companion in preparing for the SC-100 exam and unlocking exciting career opportunities.
You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 £5 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11. You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks. What should you include in the recommendation?
A. Authenticated scan for Windows in Microsoft Defender Vulnerability Management
B. Microsoft Secure Score for Devices in Defender for Endpoint
C. attack surface reduction (ASR) rules in Defender for Endpoint
D. security baselines assessments in Microsoft Defender Vulnerability Management
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected. What should you use?
A. Azure Blueprints
B. the regulatory compliance dashboard in Defender for Cloud
C. Azure role-based access control (Azure RBAC)
D. Azure Policy
You design cloud-based software as a service (SaaS) solutions. You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices. What should you recommend doing first?
A. Implement data protection.
B. Develop a privileged access strategy.
C. Prepare a recovery plan.
D. Develop a privileged identity strategy.
You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1. You plan to migrate DB1 to Azure. You need to recommend an encrypted Azure database solution that meets the following requirements: • Minimizes the risks of malware that uses elevated privileges to access sensitive data • Prevents database administrators from accessing sensitive data • Enables pattern matching for server-side database operations • Supports Microsoft Azure Attestation • Uses hardware-based encryption What should you include in the recommendation?
A. SQL Server on Azure Virtual Machines with virtualization-based security (VBS) enclaves
B. Azure SQL Database with virtualization-based security (VBS) enclaves
C. Azure SQL Managed Instance that has Always Encrypted configured
D. Azure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves
You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For blob containers in Azure Storage, you recommend encryption that uses customer-managed keys (CMKs). Does this meet the goal?
A. Yes
B. No
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains 500 Windows 11 devices. You have a Microsoft 365 subscription and an Azure subscription. You have a Microsoft Entra tenant that syncs with the domain and is linked to the subscriptions. The devices are Microsoft Entra hybrid joined. You plan to deploy a solution to mitigate attacks against privileged accounts. The solution will include Microsoft Sentinel rules that will detect attempts to use fake cached credentials. You need to recommend a solution to create the fake cached credentials on client computers. What should you recommend?
A. User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel
B. a deception rule in Microsoft Defender for Endpoint
C. a Honeytoken tag in Microsoft Defender for Identity
D. a user risk policy in Microsoft Entra ID Protection
You have an Azure subscription. You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar. Developers use Azure DevOps to deploy web apps to App Service Environments- When a new app is deployed, a CNAME record for the app is registered in contoso.com. You need to recommend a solution to secure the DNS record tor each web app. The solution must meet the following requirements: • Ensure that when an app is deleted, the CNAME record for the app is removed also • Minimize administrative effort. What should you include in the recommendation?
A. Microsoft Defender for DevOps
B. Microsoft Defender foe App Service
C. Microsoft Defender for Cloud Apps
D. Microsoft Defender for DNS
You have an Azure subscription. You have a subscription to a third-party cloud provider. The subscription contains 100 virtual machines. You manage cloud security for both subscriptions from the Azure subscription. You need to recommend a solution to validate the security posture of the virtual machines. Which two services should you include in the recommendation? Each correct answer presents part of the solution.
A. Microsoft Defender for Cloud
B. Microsoft Defender for Endpoint
C. Azure Lighthouse
D. Microsoft Sentinel
E. Azure Arc
Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1. Your perimeter network contains a server named Server1 that runs Windows Server. You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com. You plan to implement a security solution that will include the following configurations: • Manage access to App1 by using Microsoft Entra Private Access. • Deploy a Microsoft Entra application proxy connector to Server1. • Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation. • For Server1, configure the following rules in Windows Defender Firewall with Advanced Security: o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs. o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs. o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs. o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com. You need to maximize security for the planned implementation. The solution must minimize the impact on the connector. Which rule should you remove?
A. Rule1
B. Rule2
C. Rule3
D. Rule4
You have an Azure AD tenant that syncs with an Active Directory Domain Services {AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD. You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices. You plan to remove all the domain accounts from the Administrators group on the Windows computers. You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised. What should you include in the recommendation?
A. Local Administrator Password Solution (LAPS)
B. Privileged Access Workstations (PAWs)
C. Azure AD Privileged Identity Management (PIM)
D. Azure AD identity Protection
For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark. What are three best practices for identity management based on the Azure Security Benchmark? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Manage application identities securely and automatically.
B. Manage the lifecycle of identities and entitlements
C. Protect identity and authentication systems.
D. Enable threat detection for identity and access management.
E. Use a centralized identity and authentication system.
You have an Azure subscription that contains multiple Azure Data Lake Storage accounts. You need to recommend a solution to encrypt the content of the accounts by using serviceside encryption and customer-managed keys. The solution must ensure that individual encryption keys are applied at the most granular level. At which level should you recommend the encryption be applied?
A. account
B. folder
C. file
D. container
A customer has a Microsoft 365 E5 subscription and an Azure subscription. The customer wants to centrally manage security incidents, analyze log, audit activity, and search for potential threats across all deployed services. You need to recommend a solution for the customer. The solution must minimize costs. What should you include in the recommendation?
A. Microsoft 365 Defender
B. Microsoft Defender for Cloud
C. Microsoft Defender for Cloud Apps
D. Microsoft Sentinel
You have to Azure subscriptions that contain 100 role-based access control (RBAC) role assignments. You plan to consolidate the role assignments. You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort. What should you include in the recommendation?
A. Microsoft Defender for Cloud
B. Microsoft Entra access reviews
C. Microsoft Entra Privileged Identity Management (PIM)
D. Microsoft Entra Permissions Management
You have an Azure subscription that contains a Microsoft Sentinel workspace. Your on-premises network contains firewalls that support forwarding event logs m the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel. What should you include m the recommendation?
A. an Azure logic app
B. an on-premises Syslog server
C. an on-premises data gateway
D. Azure Data Factory
You have a Microsoft Entra tenant named contoso.com. You have an external partner that has a Microsoft Entra tenant named fabrikam.com. You need to recommend an identity governance solution for contoso.com that meets the following requirements: Enables the users in contoso.com and fabrikam.com to communicate by using shared Microsoft Teams channels. Manages access to shared Teams channels in contoso.com by using groups in fabrikam.com. Supports single sign-on (SSO). Minimizes administrative effort. Maximizes security. What should you include in the recommendation?
A. Microsoft Entra B2B collaboration
B. Microsoft Entra Connect Sync
C. Cross-tenant synchronization
D. B2B direct connect
You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications. You need to recommend a deployment solution that includes network security groups (NSGs) Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure. What should you include in the recommendation?
A. the Azure landing zone accelerator
B. the Azure Will-Architected Framework
C. Azure Security Benchmark v3
D. Azure Advisor
You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed. You plan to deploy the following configuration of Microsoft Entra Internet Access: • Enable a baseline profile. • Create a security profile named Profile` that has a priority of 300 and contains a single web content filtering policy named WCFPolicy configure WCFPolicy1 as follows: o Set Action to allow. o Include a single rule that has a fully qualified domain name (FQDN) destination of ‘. adatum.com. • Link Profile1 to a Conditional Access policy named CAPolicy1, apply CAPolicy1 to all users, and grant access unless a user's device is noncompliant You need to evaluate the impact of the planned deployment on traffic to the following resources: • https://www.adatum.com:8433 • https://www.fabrikam.com Which two traffic scenarios will occur? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point
A. Traffic to https://www.fabrikam.com will be allowed from all the devices.
B. Traffic to https://www.adatum.com:8433 will be blocked from all the devices.
C. Traffic to https://www.adatumxom:8433 will be allowed from all the devices.
D. Traffic to https://www.fabrikam.com will be allowed from compliant devices only.
E. Traffic to https://www.adatum.com:8433 will be allowed from compliant devices only.
F. Traffic to https://www.fabrikam.com will be blocked from noncompliant devices only.
You have an on-premises datacenter and an Azure Kubernetes Service (AKS) cluster named AKS1. You need to restrict internet access to the public endpoint of AKS 1. The solution must ensure that AKS1 can be accessed only from the public IP addresses associated with the on-premises datacenter. What should you use?
A. a network security group (N5G)
B. a service endpoint
C. a private endpoint
D. an authorized IP range
For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management. What should you include in the recommendation?
A. device registrations in Azure AD
B. application registrations m Azure AD
C. Azure service principals with certificate credentials
D. Azure service principals with usernames and passwords
E. managed identities in Azure
You have an Azure subscription You plan to deploy multiple containerized microservice-based apps to Azure Kubemetes Service (AKS) You need to recommend a solution that meets the following requirements: • Manages secrets • Provides encryption • Secures service-to-service communication by using mTLS encryption • Minimizes administrative effort What should you include in the recommendation?
A. Flux
B. Envoy
C. Dapr
D. Istio
Your company uses Azure Pipelines and Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure. You are updating the deployment process to align with DevSecOps controls guidance in the Microsoft Cloud Adoption Framework for Azure. You need to recommend a solution to ensure that all code changes are submitted by using pull requests before being deployed by the CI/CD workflow. What should you include in the recommendation?
A. custom roles in Azure Pipelines
B. branch policies in Azure Repos
C. Azure policies
D. custom Azure roles
You have a Microsoft Entra tenant. The tenant contains 500 Windows devices that have the Global Secure Access client deployed. You have a third-party software as a service (SaaS) app named App1. You plan to implement Global Secure Access to manage access to App1. You need to recommend a solution to manage connections to App1. The solution must ensure that users authenticate by using their Microsoft Entra credentials before they can connect to App1. What should you include the recommendation?
A. a Global Secure Access app
B. a private access traffic forwarding profile
C. an internet access traffic forwarding profile
D. a Quick Access app
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
A. Azure Monitor webhooks
B. Azure Logics Apps
C. Azure Event Hubs
D. Azure Functions apps
You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune. You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations: • Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device. • The Security Administrator role will be mapped to the privileged access security level. • The users in Group1 will be assigned the Security Administrator role. • The users in Group2 will manage the privileged access devices. You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege. What should you include in the solution?
A. Only add Group2 to the local Administrators group.
B. Configure Windows Local Administrator Password Solution (Windows LAPS) in legacy Microsoft LAPS emulation mode.
C. Add Group2 to the local Administrators group. Add the user that is assigned the Security Administrator role to the local Administrators group of the user's assigned privileged access device.
You have a Microsoft 365 subscription that contains 1,000 users. Each user is assigned a Microsoft 365 E5 license. The subscription uses sensitivity labels to classify corporate documents. All the users have Windows 11 devices that are onboarded to Microsoft Defender for Endpoint and are configured to sync files to Microsoft OneDrive. You need to prevent the users from uploading the documents from OneDrive to external websites. What should you include in the solution?
A. Microsoft Purview Information Protection
B. Microsoft Purview data loss prevention (DLP)
C. web content filtering in Defender for Endpoint
D. an endpoint security policy
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines. You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure. What should you recommend?
A. an Azure AD user account that has a password stored in Azure Key Vault
B. a group managed service account (gMSA)
C. an Azure AD user account that has role assignments in Azure AD Privileged Identity Management (PIM)
D. a managed identity in Azure
Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment. You need to recommend the top three modernization areas to prioritize as part of the plan. Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. data, compliance, and governance
B. user access and productivity
C. infrastructure and development
D. modern security operations
E. operational technology (OT) and loT
You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers. You need to enhance security on the virtual machines. The solution must meet the following requirements: • Ensure that only apps on an allowlist can be run. • Require administrators to confirm each app added to the allowlist. • Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app. • Require administrators to approve an app before the app can be moved from the blocklist to the allowlist. What should you include in the solution?
A. a compute policy in Azure Policy
B. admin consent settings for enterprise applications in Azure AD
C. adaptive application controls in Defender for Servers
D. app governance in Microsoft Defender for Cloud Apps
You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements: • Users must be able to request access to App1 by using a self-service request. • When users request access to App1, they must be prompted to provide additional information about their request. • Every three months, managers must verify that the users still require access to Appl. What should you include in the design?
A. Azure AD Application Proxy
B. connected apps in Microsoft Defender for Cloud Apps
C. Microsoft Entra Identity Governance
D. access policies in Microsoft Defender for Cloud Apps