Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Microsoft
Microsoft Certified: Cybersecurity Architect Expert
SC-100
Microsoft Cybersecurity Architect Questions and Answers

Pass the Microsoft Certified: Cybersecurity Architect Expert SC-100 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam SC-100 Premium Access

View all detail and faqs for the SC-100 exam

Go to Exam

722 Students Passed

84% Average Score

98% Same Questions

Viewing page 4 out of 9 pages

Viewing questions 31-40 out of questions

Questions # 31:

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

Security Assertion Markup Language (SAML)

NTLMv2

certificate-based authentication

Kerberos

Answer

A, D

Explanation

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-on-premises-apps

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on- with-kcd

https://doc s.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-custom-domain

Questions # 32:

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Question # 32

Options:

Answer

Answer:

Explanation

1. Azure AD Identity Protection

Brute Force Detection: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

2. Defender for Identity

MDI can detect brute force attacks: ref: https://docs.microsoft.com/en-us/defender-for-identity/compromised -credentials-alerts#suspected-brute-force-attack-ldap-external-id-2004

Questions # 33:

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 33

Options:

Answer

Answer:

Questions # 34:

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Question # 34

Options:

Answer

Answer:

Explanation

Box 1: Virtual Network Integration - correct

Virtual network integration gives your app access to resources in your virtual network, but it doesn't grant inbound private access to your app from the virtual network.

Box 2: Private Endpoints. - correct

You can use Private Endpoint for your Azure Web App to allow clients located in your private network to securely access the app over Private Link.

Questions # 35:

Question # 35

Options:

Answer

Answer:

Explanation

1. Azure AD Identity Protection

Brute Force Detection: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

2. Defender for Identity

MDI can detect brute force attacks: ref: https://docs.microsoft.com/en-us/defender-for-identity/compromised -credentials-alerts#suspected-brute-force-attack-ldap-external-id-2004

Questions # 36:

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 36

Options:

Answer

Answer:

Questions # 37:

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

Azure DDoS Protection Standard

an Azure Private DNS zone

Microsoft Defender for Cloud

an ExpressRoute gateway

Answer

Explanation

One of the stipulations is to meet the business requirements of minimizing costs. ExpressRoute is expensive.

Given the landing zone requirements of

1) "Use a DNS namespace of litware.com"

2) "Ensure that the Azure virtual machines in each landing zone communicate with Azure App Service web apps in the same zone over the Microsoft backbone network, rather than over public endpoints"

Questions # 38:

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 38

Options:

Answer

Answer:

Explanation

Segment Microsoft Sentinel workspaces by: Region and Azure AD tenant

Lighthouse subscription

Questions # 39:

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question # 39

Options:

Answer

Answer:

Questions # 40:

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.