Weekend Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Microsoft Cybersecurity Architect

Last Update 6 hours ago Total Questions : 296

The Microsoft Cybersecurity Architect content is now fully updated, with all current exam questions added 6 hours ago. Deciding to include SC-100 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our SC-100 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these SC-100 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Microsoft Cybersecurity Architect practice test comfortably within the allotted time.

Question # 1

You plan to deploy an Azure API Management solution that will enable different groups of developers to access different sets of APIs at random times and rates.

You need to recommend the pricing tier that should be purchased and the scope at which the rate limit policies should be applied. The solution must meet the following requirements:

• Ensure that each group of developers can access only specific sets of APIs.

• Ensure that each set of APIs can be configured with specific rate limits.

• Minimize development and administrative effort and costs.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 2

You have an Azure subscription that contains multiple storage accounts. The accounts contain Azure Files shares and Azure Blob Storage containers. The accounts have encryption scopes and infrastructure encryption enabled.

You need to implement customer-managed key-based encryption for the shares and the containers. The solution must ensure that the encryption keys are applied at the most granular level.

At which level should you apply the encryption keys? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 3

Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.

You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.

What should you include in the recommendation?

A.

Azure Traffic Manager with priority traffic-routing methods

B.

Azure Application Gateway v2 with user-defined routes (UDRs).

C.

Azure Front Door with Azure Web Application Firewall (WAF)

D.

Azure Firewall with policy rule sets

Question # 4

Your on-premises network contains an Active Directory Domain Services (AD DS) domain and a hybrid deployment between a Microsoft Exchange Server 2019 organization and an Exchange Online tenant. The AD DS domain contains a group named Group1. Group1 is a member of the Organization Management role group for the Exchange deployment.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender.

You have an Azure subscription that uses Microsoft Sentinel.

You need to recommend a solution to ensure that Group1 is marked as a sensitive group and that any changes made to Group1 raises an alert in Microsoft Sentinel. The solution must minimize administrative effort.

What should you include in the recommendation?

A.

Microsoft Entra ID Protection

B.

Microsoft Defender for Identity

C.

Microsoft Defender for Office 365

D.

Microsoft Entra Privileged Identity Management (PIM)

Question # 5

Your network contains an on-premises Active Directory Domain Services (ADDS) domain that syncs with a Microsoft Entra tenant. You need to assess the domain to identify potential credential exposure risks. The solution must meet the following requirements:

• Provide actionable recommendations to mitigate the risks.

• Minimize administrative effort

What should you use?

A.

Microsoft Defender for Cloud Apps

B.

Microsoft Secure Score

C.

Microsoft Assessment and Planning (MAP) Toolkit

D.

Microsoft Defender for Identity

Question # 6

You have the Azure subscriptions shown in the following table.

The tenants contain the groups shown in the following table.

You perform the following actions:

• Configure multi-user authorization (MUA) for Vault1 by using a resource guard deployed to Sub2.

• Enable all available MUA controls for Vault1.

• In contoso.com, create a Privileged Identity Management (PIM) assignment named Assignment1.

• Configure Assignment1 to enable Group! to activate the Contributor role for Vault1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Question # 7

Your company develops several applications that are accessed as custom enterprise applications in Microsoft Entra ID. You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

A.

Microsoft Entra Conditional Access policies

B.

user risk policies in Microsoft Entra ID Protection

C.

activity policies in Microsoft Defender for Cloud Apps

D.

device compliance policies in Microsoft Intune

E.

sign-in risk policies in Microsoft Entra ID Protection

Question # 8

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.

You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.

Which identity service should you include in the recommendation?

A.

Azure Active Directory Domain Services (Azure AD DS)

B.

Azure Active Directory (Azure AD) B2C

C.

Azure Active Directory (Azure AD)

D.

Active Directory Domain Services (AD DS)

Question # 9

You have the resources shown in the following table.

You need to configure multi-user authorization (MUA) for Azure Backup to protect the Recovery Services vaults. The solution must maximize the security of the MUA configuration and follow the principle of least privilege.

To which location should you deploy Resource Guard, and which role-based access control (RBAC) role should you assign to the team responsible for managing the backup of Resource Guard? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 10

Your company has a Microsoft 365 E5 subscription.

Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?

A.

insider risk management policies

B.

data loss prevention (DLP) policies

C.

sensitivity label policies

D.

retention policies

Go to page: