Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Microsoft
Microsoft Certified: Cybersecurity Architect Expert
SC-100
Microsoft Cybersecurity Architect Questions and Answers

Pass the Microsoft Certified: Cybersecurity Architect Expert SC-100 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam SC-100 Premium Access

View all detail and faqs for the SC-100 exam

Go to Exam

722 Students Passed

84% Average Score

98% Same Questions

Viewing page 8 out of 9 pages

Viewing questions 71-80 out of questions

Questions # 71:

Your company has devices that run either Windows 10, Windows 11, or Windows Server.

You are in the process of improving the security posture of the devices.

You plan to use security baselines from the Microsoft Security Compliance Toolkit.

What should you recommend using to compare the baselines to the current device configurations?

Options:

Microsoft Intune

Policy Analyzer

Local Group Policy Object (LGPO)

Windows Autopilot

Answer

Explanation

https://docs.microsoft.com/en-us/windows/security/threat-protection/win dows-security-configuration-framework/security-compliance-toolkit-10

Questions # 72:

Your company has an on-premises network and an Azure subscription.

The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.

You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.

You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.

What should you include in the recommendation?

Options:

a private endpoint

hybrid connections

virtual network NAT gateway integration

virtual network integration

Answer

Explanation

https://docs.microsoft.com/en-us/azure/ap p-service/app-service-hybrid-connections

Questions # 73:

You have a Microsoft 365 E5 subscription.

You plan to deploy Global Secure Access universal tenant restrictions v2.

Which authentication plane resources and which data plane resources will be protected? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 73

Options:

Answer

Answer:

Questions # 74:

You have a Microsoft 365 £5 subscription.

You plan to implement Microsoft Priva Subject Rights Requests for Microsoft 365 data.

You need to streamline the creation and processing of subject rights requests. The solution must minimize development effort.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 74

Options:

Answer

Answer:

Questions # 75:

Your company has a hybrid cloud infrastructure.

The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company' premises network.

The company's security policy prevents the use of personal devices for accessing company data and applications.

You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.

What should you include in the recommendation?

Options:

Migrate the on-premises applications to cloud-based applications.

Redesign the VPN infrastructure by adopting a split tunnel configuration.

Deploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access.

Deploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps.

Answer

Explanation

https://docs.microsoft.com/en- us/azure/architecture/example-scenario/wvd/windows-virtual-desktop

https://docs.microsoft.com /en-us/azure/virtual-desktop/security-guide

https://techcommunity.microsoft.com/t5/security-compli ance-and-identity/announcing-microsoft-defender-for-cloud-apps/ba-p/2835842

Questions # 76:

You have a Microsoft 365 subscription

You need to recommend a security solution to monitor the following activities:

• User accounts that were potentially compromised

• Users performing bulk file downloads from Microsoft SharePoint Online

What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each Correct selection is worth one Point.

Question # 76

Options:

Answer

Answer:

Explanation

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

https://docs.microsoft.com/en-us/defender-cloud-apps/policies-threat-protection#detect-mass-download-data-exfiltration

https://docs.microsoft.com/en -us/microsoft-365/security/defender/investigate-users

Questions # 77:

You have an Azure subscription that contains a resources group named RG1. RG1 contains multiple Azure Files shares.

You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:

• Prevent the deletion of backups and the vault used to store the backups.

• Prevent privilege escalation attacks against the backup solution.

• Prevent the modification of the backup retention period.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 77

Options:

Answer

Answer:

Questions # 78:

Your company is moving all on-premises workloads to Azure and Microsoft 365. You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:

• Minimizes manual intervention by security operation analysts

• Supports Waging alerts within Microsoft Teams channels

What should you include in the strategy?

Options:

data connectors

playbooks

workbooks

KQL

Answer

Explanation

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC

Questions # 79:

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.

You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.

Which identity service should you include in the recommendation?

Options:

Azure Active Directory Domain Services (Azure AD DS)

Azure Active Directory (Azure AD) B2C

Azure Active Directory (Azure AD)

Active Directory Domain Services (AD DS)

Answer

Explanation

https://docs.microsoft.c om/en-us/azure/active-directory-domain-services/overview

Questions # 80:

You have two Azure subscriptions named Sub1 and Sub2 that contain the vaults shown in the following table.

Question # 80

You need to design a multi-user authorization (MUA) solution for security operations on the vaults. The solution must meet the following requirements:

• RSVault1 and RSVault2 must require MUA for disabling soft delete, removing MUA protection, and disabling immutability.

• BackupVault1 and BackupVault2 must require MUA for disabling soft delete and removing MUA protection.

What is the minimum number of Resource Guard resources required?