Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Microsoft Cybersecurity Architect Question and Answers

Microsoft Cybersecurity Architect

Last Update Dec 14, 2024
Total Questions : 187

We are offering FREE SC-100 Microsoft exam questions. All you do is to just go and sign up. Give your details, prepare SC-100 free exam questions and then go for complete pool of Microsoft Cybersecurity Architect test questions that will help you more.

SC-100 pdf

SC-100 PDF

$40.25  $114.99
SC-100 Engine

SC-100 Testing Engine

$47.25  $134.99
SC-100 PDF + Engine

SC-100 PDF + Testing Engine

$61.25  $174.99
Questions 1

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.  

an Azure Bastion host

B.  

a network security group (NSG)

C.  

just-in-time (JIT) VM access

D.  

Azure Virtual Desktop

Discussion 0
Questions 2

You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 3

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

Does this meet the goal?

Options:

A.  

Yes

B.  

No

Discussion 0
Questions 4

For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management. What should you include in the recommendation?

Options:

A.  

device registrations in Azure AD

B.  

application registrations m Azure AD

C.  

Azure service principals with certificate credentials

D.  

Azure service principals with usernames and passwords

E.  

managed identities in Azure

Discussion 0
Questions 5

You are designing the encryption standards for data at rest for an Azure resource

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).

Does this meet the goal?

Options:

A.  

Yes

B.  

No

Discussion 0
Questions 6

You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components:

• Windows 11 devices managed by Microsoft Intune

• Azure Storage accounts

• Azure virtual machines

What should you use to evaluate the components? To answer, select the appropriate options in the answer area.

Options:

Discussion 0
Questions 7

You have Microsoft Defender for Cloud assigned to Azure management groups.

You have a Microsoft Sentinel deployment.

During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.  

workload protections in Defender for Cloud

B.  

threat intelligence reports in Defender for Cloud

C.  

Microsoft Sentinel notebooks

D.  

Microsoft Sentinel threat intelligence workbooks

Discussion 0
Questions 8

You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.

Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion!

You need to ensure that the virtual machines can be accessed only by using bastion! The solution must prevent the use of NSG rules to bypass bastion1.

What should you include in the solution?

Options:

A.  

Azure Virtual Network Manager connectivity configurations

B.  

Azure Virtual Network Manager security admin rules

C.  

Azure Firewall application rules

D.  

Azure Firewall network rules

Discussion 0
Questions 9

Your company has an on-premises network and an Azure subscription.

The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.

You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.

You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.

What should you include in the recommendation?

Options:

A.  

a private endpoint

B.  

hybrid connections

C.  

virtual network NAT gateway integration

D.  

virtual network integration

Discussion 0
Questions 10

Your company has an Azure App Service plan that is used to deploy containerized web apps. You are designing a secure DevOps strategy for deploying the web apps to the App Service plan. You need to recommend a strategy to integrate code scanning tools into a secure software development lifecycle. The code must be scanned during the following two phases:

Uploading the code to repositories Building containers

Where should you integrate code scanning for each phase? To answer, select the appropriate options in the answer area.

Options:

Discussion 0
Questions 11

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementation.

You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options:

A.  

Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

B.  

Azure Active Directory (Azure AD) Conditional Access

C.  

Microsoft Defender for servers

D.  

Azure Policy

E.  

Microsoft Defender for Containers

Discussion 0
Questions 12

You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.

In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options:

A.  

Linux containers deployed to Azure Container Registry

B.  

Linux containers deployed to Azure Kubernetes Service (AKS)

C.  

Windows containers deployed to Azure Container Registry

D.  

Windows containers deployed to Azure Kubernetes Service (AKS)

E.  

Linux containers deployed to Azure Container Instances

Discussion 0
Questions 13

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.

You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?

Options:

A.  

Azure Event Hubs

B.  

Azure Data Factor

C.  

a Microsoft Sentinel workbook

D.  

a Microsoft Sentinel data connector

Discussion 0
Questions 14

You are designing a ransomware response plan that follows Microsoft Security Best Practices-

You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.

What should you include in the recommendations?

Options:

A.  

Privileged Access Workstations (PAWs)

B.  

emergency access accounts

C.  

device compliance policies

D.  

Customer Lockbox for Microsoft Azure

Discussion 0
Questions 15

You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).

You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices.

What is the first step in the recovery plan?

Options:

A.  

Disable Microsoft OneDnve sync and Exchange ActiveSync.

B.  

Recover files to a cleaned computer or device.

C.  

Contact law enforcement.

D.  

From Microsoft Defender for Endpoint perform a security scan.

Discussion 0
Questions 16

Your company has offices in New York City and Los Angeles.

The New York City office contains an on-premises app named Appl.

You have an Azure subscription. The subscription is linked to a Microsoft Entra tenant that is hosted in North America.

You plan to manage access to App1 for the users in the Los Angeles office by using Microsoft Entra Private Access. You will deploy Private Access by performing the following actions:

• Provision an ExpressRoute circuit from the New York City office to the closest peering location.

• Create an Azure virtual network named VNet1 in the East US Azure region.

• Deploy a Microsoft Entra application proxy connector to VNet1.

You need to optimize the network for the planned deployment The solution must meet the following requirements:

• Maximize redundancy for connectivity to App1.

• Minimize network latency when accessing App1

• Minimize complexity.

• Minimize costs.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 17

You are planning the security levels for a security access strategy.

You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA).

Which security level should you configure for each job role? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 18

Your company wants to optimize using Azure to protect its resources from ransomware.

You need to recommend which capabilities of Azure Backup and Azure Storage provide the strongest protection against ransomware attacks. The solution must follow Microsoft Security Best Practices.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 19

You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?

Options:

A.  

Storage account public access should be disallowed

B.  

Azure Key Vault Managed HSM should have purge protection enabled

C.  

Storage accounts should prevent shared key access

D.  

Storage account keys should not be expired

Discussion 0
Questions 20

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Options:

Discussion 0
Questions 21

You have an Azure subscription.

You plan to deploy a storage account named storage1 that will store confidential data. You will assign tags to the confidential data.

You need to ensure that access to storage1 can be defined by using the assigned tags.

Which authorization mechanism should you enable, and which type of resource should you use to store the data? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 22

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 23

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 24

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.  

Azure DDoS Protection Standard

B.  

an Azure Private DNS zone

C.  

Microsoft Defender for Cloud

D.  

an ExpressRoute gateway

Discussion 0
Questions 25

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 26

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 27

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

Options:

Discussion 0
Questions 28

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.  

Azure AD Conditional Access

B.  

Microsoft Defender for Cloud Apps

C.  

Microsoft Defender for Cloud

D.  

Microsoft Defender for Endpoint

E.  

access reviews in Azure AD

Discussion 0
Questions 29

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 30

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.  

Security Assertion Markup Language (SAML)

B.  

NTLMv2

C.  

certificate-based authentication

D.  

Kerberos

Discussion 0
Questions 31

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Options:

Discussion 0
Questions 32

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.  

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.  

Onboard the virtual machines to Azure Arc.

C.  

Create a device compliance policy in Microsoft Endpoint Manager.

D.  

Enable the Qualys scanner in Defender for Cloud.

Discussion 0
Questions 33

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.  

a subscription

B.  

a custom role-based access control (RBAC) role

C.  

a resource group

D.  

a management group

Discussion 0
Questions 34

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 35

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.  

Transparent Data Encryption (TDE)

B.  

Always Encrypted

C.  

row-level security (RLS)

D.  

dynamic data masking

E.  

data classification

Discussion 0
Questions 36

What should you create in Azure AD to meet the Contoso developer requirements?

Options:

Discussion 0
Questions 37

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.  

Azure Key Vault

B.  

GitHub Advanced Security

C.  

Application Insights in Azure Monitor

D.  

Azure DevTest Labs

Discussion 0
Questions 38

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0