DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master Microsoft SC-100 Certification Questions & Study Resources, Microsoft Cybersecurity Architect | SPOTO

Here, you'll find everything you need to excel in Exam SC-100 and become a certified Microsoft Cybersecurity Architect. Access a wealth of resources including free test materials such as online exam questions, sample questions, and exam dumps. Our comprehensive exam questions and answers, along with mock exams and exam materials, ensure you're fully prepared for the certification journey. Stay ahead of the curve with our latest practice tests, meticulously crafted to mirror the real exam environment. As a Microsoft cybersecurity architect, it's crucial to translate cybersecurity strategies into effective capabilities that safeguard organizational assets, business, and operations. Trust SPOTO to provide the tools and support you need to succeed in your exam practice and beyond.
Take other online exams

Question #1
Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server. The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription. Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on
A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges
B. Implement Azure Firewall to restrict host pool outbound access
C. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations
D. Migrate from the Remote Desktop server to Azure Virtual Desktop
E. Deploy a Remote Desktop server to an Azure region located in France
View answer
Correct Answer: B
Question #2
You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD) The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment. What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
A. role-based authorization
B. Azure AD Privileged Identity Management (PIM)
C. resource-based authorization
D. Azure AD Multi-Factor Authentication
View answer
Correct Answer: AB
Question #3
Your company is moving all on-premises workloads to Azure and Microsoft 365. Vou need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements: ? Minimizes manual intervention by security operation analysts ? Supports Waging alerts within Microsoft Teams channels What should you include in the strategy?
A. data connectors
B. playbooks
C. workbooks
D. KQL
View answer
Correct Answer: A
Question #4
Azure subscription that uses Azure Storage. The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be t\me-Vim\ted. What should you include in the recommendation?
A. Create shared access signatures (SAS)
B. Share the connection string of the access key
C. Configure private link connections
D. Configure encryption by using customer-managed keys (CMKs)
View answer
Correct Answer: A
Question #5
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint. Does this meet the goal?
A. Yes
B. No
View answer
Correct Answer: BD
Question #6
Your company has Microsoft 365 E5 licenses and Azure subscriptions. The company plans to automatically label sensitive data stored in the following locations: ? Microsoft SharePoint Online ? Microsoft Exchange Online ? Microsoft Teams You need to recommend a strategy to identify and protect sensitive data. Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may be used once, more than once, or not at all. You may ne
A. Mastered
B. Not Mastered
View answer
Correct Answer: B
Question #7
Your company has a Microsoft 365 E5 subscription. The company wants to identify and classify data in Microsoft Teams, SharePoint Online, and Exchange Online. You need to recommend a solution to identify documents that contain sensitive information. What should you include in the recommendation?
A. data classification content explorer
B. data loss prevention (DLP)
C. eDiscovery
D. Information Governance
View answer
Correct Answer: D
Question #8
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components: ? Azure loT Edge devices ? AWS EC2 instances Which services should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
View answer
Correct Answer: B
Question #9
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorize
A. Azure Active Directory (Azure AD) Conditional Access App Control policies
B. OAuth app policies in Microsoft Defender for Cloud Apps
C. app protection policies in Microsoft Endpoint Manager
D. application control policies in Microsoft Defender for Endpoint
View answer
Correct Answer: D
Question #10
Your company has on-premises Microsoft SQL Server databases. The company plans to move the databases to Azure. You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs. What should you include in the recommendation?
A. Azure SQL Managed Instance
B. Azure Synapse Analytics dedicated SQL pools
C. Azure SQL Database
D. SQL Server on Azure Virtual Machines
View answer
Correct Answer: B
Question #11
You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For blob containers in Azure Storage, you recommend encryption that uses Microsoft-managed keys within an encryption scope. Does this meet the goal?
A. Yes
B. No
View answer
Correct Answer: D
Question #12
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Azure AD Conditional Access integration with user flows and custom policies
B. Azure AD workbooks to monitor risk detections
C. custom resource owner password credentials (ROPC) flows in Azure AD B2C
D. access packages in Identity Governance
E. smart account lockout in Azure AD B2C
View answer
Correct Answer: D
Question #13
Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?
A. data flow
B. system flow
C. process flow
D. network flow
View answer
Correct Answer: BE
Question #14
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
A. From Defender for Cloud, review the secure score recommendations
B. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector
C. From Defender for Cloud, review the Azure security baseline for audit report
D. From Defender for Cloud, add a regulatory compliance standard
View answer
Correct Answer: C
Question #15
Your company is moving a big data solution to Azure. The company plans to use the following storage workloads: ? Azure Storage blob containers ? Azure Data Lake Storage Gen2 ? Azure Storage file shares ? Azure Disk Storage Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Azure Disk Storage
B. Azure Storage blob containers
C. Azure Storage file shares
D. Azure Data Lake Storage Gen2
View answer
Correct Answer: AB
Question #16
You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs). Does this meet the goal?
A. Yes
B. No
View answer
Correct Answer: A
Question #17
You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements: ? Prevent the need to enable ports 3389 and 22 from the internet. ? Only provide permission to connect the virtual machines when required. ? Ensure that administrators use the Azure portal to connect to the virtual machines. Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selec
A. Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors
B. Configure Azure VPN Gateway
C. Enable Just Enough Administration (JEA)
D. Enable just-in-time (JIT) VM access
E. Configure Azure Bastion
View answer
Correct Answer: D
Question #18
You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (O/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure. What should you recommend?
A. unit testing
B. penetration testing
C. dependency checks
D. threat modeling
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: