March Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Microsoft Cybersecurity Architect Question and Answers

Microsoft Cybersecurity Architect

Last Update Mar 29, 2024
Total Questions : 171

We are offering FREE SC-100 Microsoft exam questions. All you do is to just go and sign up. Give your details, prepare SC-100 free exam questions and then go for complete pool of Microsoft Cybersecurity Architect test questions that will help you more.

SC-100 pdf

SC-100 PDF

$38.5  $109.99
SC-100 Engine

SC-100 Testing Engine

$45.5  $129.99
SC-100 PDF + Engine

SC-100 PDF + Testing Engine

$59.5  $169.99
Questions 1

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.  

Security Assertion Markup Language (SAML)

B.  

NTLMv2

C.  

certificate-based authentication

D.  

Kerberos

Discussion 0
Questions 2

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.  

Azure AD Conditional Access

B.  

Microsoft Defender for Cloud Apps

C.  

Microsoft Defender for Cloud

D.  

Microsoft Defender for Endpoint

E.  

access reviews in Azure AD

Discussion 0
Questions 3

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.  

Azure DDoS Protection Standard

B.  

an Azure Private DNS zone

C.  

Microsoft Defender for Cloud

D.  

an ExpressRoute gateway

Discussion 0
Questions 4

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.  

Azure Key Vault

B.  

GitHub Advanced Security

C.  

Application Insights in Azure Monitor

D.  

Azure DevTest Labs

Discussion 0
Questions 5

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 6

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

Options:

Discussion 0
Questions 7

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 8

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.  

Transparent Data Encryption (TDE)

B.  

Always Encrypted

C.  

row-level security (RLS)

D.  

dynamic data masking

E.  

data classification

Discussion 0
Questions 9

Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled.

You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.

You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.

You need to recommend an Azure AD identity Governance solution that meets the following requirements:

• Project managers must verify that their project group contains only the current members of their project team

• The members of each project team must only have access to the resources of the project to which they are assigned

• Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.

• Administrative effort must be minimized.

What should you include in the recommendation? To answer select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 10

You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.

What should you recommend as part of the landing zone deployment?

Options:

A.  

service chaining

B.  

local network gateways

C.  

forced tunneling

D.  

a VNet-to-VNet connection

Discussion 0
Questions 11

You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CO) workflows.

You need to recommend best practices to secure the stages of the CI/CD workflows based on the Microsoft Cloud Adoption Framework for Azure.

What should you include in the recommendation for each stage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 12

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 13

You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (O/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure. What should you recommend?

Options:

A.  

unit testing

B.  

penetration testing

C.  

dependency testing

D.  

threat modeling

Discussion 0
Questions 14

What should you create in Azure AD to meet the Contoso developer requirements?

Options:

Discussion 0
Questions 15

Your company has an on-premises network and an Azure subscription.

The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.

You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.

You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.

What should you include in the recommendation?

Options:

A.  

a private endpoint

B.  

hybrid connections

C.  

virtual network NAT gateway integration

D.  

virtual network integration

Discussion 0
Questions 16

You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect from personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG).

You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:

• Ensure that each time the support staff connects to a jump server; they must request access to the server.

• Ensure that only authorized support staff can initiate SSH connections to the jump servers.

• Maximize protection against brute-force attacks from internal networks and the internet.

• Ensure that users can only connect to the jump servers from the internet.

• Minimize administrative effort.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 17

You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

You need to recommend a security solution that meets the following requirements:

• Detects vulnerability scans of the apps

• Detects whether newly deployed apps are vulnerable to attack

What should you recommend using? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 18

You are designing the security standards for a new Azure environment.

You need to design a privileged identity strategy based on the Zero Trust model.

Which framework should you follow to create the design?

Options:

A.  

Enhanced Security Admin Environment (ESAE)

B.  

Microsoft Security Development Lifecycle (SDL)

C.  

Rapid Modernization Plan (RaMP)

D.  

Microsoft Operational Security Assurance (OSA)

Discussion 0
Questions 19

You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.

You need to enhance security on the virtual machines. The solution must meet the following requirements:

• Ensure that only apps on an allowlist can be run.

• Require administrators to confirm each app added to the allowlist.

• Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.

• Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.

What should you include in the solution?

Options:

A.  

a compute policy in Azure Policy

B.  

admin consent settings for enterprise applications in Azure AD

C.  

adaptive application controls in Defender for Servers

D.  

app governance in Microsoft Defender for Cloud Apps

Discussion 0
Questions 20

You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:

• Encrypt cardholder data by using encryption keys managed by the company.

• Encrypt insurance claim files by using encryption keys hosted on-premises.

Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.  

Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.

B.  

Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM

C.  

Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.

D.  

Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.

Discussion 0
Questions 21

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

You need to recommend a solution to isolate the compute components on an Azure virtual network. What should you include in the recommendation?

Options:

A.  

Azure Active Directory (Azure AD) enterprise applications

B.  

an Azure App Service Environment (ASE)

C.  

Azure service endpoints

D.  

an Azure Active Directory (Azure AD) application proxy

Discussion 0
Questions 22

You have an Azure subscription.

Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.

What should you recommend using to enforce the governance requirement?

Options:

A.  

regulatory compliance standards in Microsoft Defender for Cloud

B.  

custom Azure roles

C.  

Azure Policy assignments

D.  

Azure management groups

Discussion 0
Questions 23

Your company uses Azure Pipelines and Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure.

You are updating the deployment process to align with DevSecOps controls guidance in the Microsoft Cloud Adoption Framework for Azure.

You need to recommend a solution to ensure that all code changes are submitted by using pull requests before being deployed by the CI/CD workflow.

What should you include in the recommendation?

Options:

A.  

custom roles in Azure Pipelines

B.  

branch policies in Azure Repos

C.  

Azure policies

D.  

custom Azure roles

Discussion 0
Questions 24

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.  

an Azure Bastion host

B.  

a network security group (NSG)

C.  

just-in-time (JIT) VM access

D.  

Azure Virtual Desktop

Discussion 0
Questions 25

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.  

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.  

Onboard the virtual machines to Azure Arc.

C.  

Create a device compliance policy in Microsoft Endpoint Manager.

D.  

Enable the Qualys scanner in Defender for Cloud.

Discussion 0
Questions 26

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.  

a subscription

B.  

a custom role-based access control (RBAC) role

C.  

a resource group

D.  

a management group

Discussion 0
Questions 27

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:

• Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.

• The Security Administrator role will be mapped to the privileged access security level.

• The users in Group1 will be assigned the Security Administrator role.

• The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.

What should you include in the solution?

Options:

A.  

Only add Group2 to the local Administrators group.

B.  

Configure Windows Local Administrator Password Solution (Windows LAPS) in legacy Microsoft LAPS emulation mode.

C.  

Add Group2 to the local Administrators group. Add the user that is assigned the Security Administrator role to the local Administrators group of the user's assigned privileged access device.

Discussion 0
Questions 28

Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.

You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?

Options:

A.  

1

B.  

2

C.  

3

D.  

4

E.  

5

Discussion 0
Questions 29

You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).

You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices.

What is the first step in the recovery plan?

Options:

A.  

Disable Microsoft OneDnve sync and Exchange ActiveSync.

B.  

Recover files to a cleaned computer or device.

C.  

Contact law enforcement.

D.  

From Microsoft Defender for Endpoint perform a security scan.

Discussion 0
Questions 30

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 31

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

Does this meet the goal?

Options:

A.  

Yes

B.  

No

Discussion 0
Questions 32

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Discussion 0
Questions 33

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Options:

Discussion 0
Questions 34

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Discussion 0