DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master the Microsoft SC-100 Exam with Realistic Practice Tests

Preparing for the Microsoft SC-100 exam with SPOTO's resources offers several advantages for aspiring Microsoft Cybersecurity Architects. SPOTO's exam questions and answers are meticulously designed to cover the full spectrum of topics tested in the SC-100 exam, ensuring thorough preparation. The test questions provided by SPOTO mirror the format and difficulty level of the actual exam, enabling candidates to familiarize themselves with the exam structure and enhance their confidence. By leveraging SPOTO's exam preparation resources, candidates can increase their chances of passing the SC-100 exam successfully and excel in their Microsoft Cybersecurity Architect certification journey.
Take other online exams
Question #1
You have a customer that has a Microsoft 365 subscription and an Azure subscription.The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.You need to design a security solution to assess whether all the devices meet the customer's compliance rules.What should you include in the solution?
A. icrosoft Sentinel
B. icrosoft Purview Information Protection
C. icrosoft Intune
D. icrosoft Defender for Endpoint
View answer
Correct Answer: D
Question #2
You need to recommend a solution to meet the AWS requirements.What should you include in the recommendation? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #3
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Azure Policy, assign a built-in initiative that has a scope of the subscription
B. rom Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector
C. rom Defender for Cloud, review the Azure security baseline for audit report
D. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: A
Question #4
You have an Azure subscription that has Microsoft Defender for Cloud enabled.You need to enforce ISO 27001:2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically.What should you use?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #5
Your company has an Azure subscription that uses Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Defender for Cloud, enable Defender for Cloud plans
B. rom Defender for Cloud, review the Azure security baseline for audit report
C. rom Defender for Cloud, add a regulatory compliance standard
D. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: C
Question #6
HOTSPOT (Drag and Drop is not supported)You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:-Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.-Users will authenticate by using Azure Active Directory (Azure AD) user accounts.You need to recommend an access security architecture for App1.What should you include in the recommendation? To answer, select the appropriate op
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #7
You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)After remediating the threat, which policy definition should you assign to prevent the threat from reoccurring?
A. torage account public access should be disallowed
B. zure Key Vault Managed HSM should have purge protection enabled
C. torage accounts should prevent shared key access
D. torage account keys should not be expired
View answer
Correct Answer: A
Question #8
You have an Azure subscription that has Microsoft Defender for Cloud enabled.You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows.Which compliance control should you evaluate?
A. sset Management
B. osture and Vulnerability Management
C. ata Protection
D. ndpoint Security
E. ncident Response
View answer
Correct Answer: D
Question #9
Your company has on-premises network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server.The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription.Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the
A. ee Explanation section for answer
View answer
Correct Answer: CDE
Question #10
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Azure Policy, assign a built-in initiative that has a scope of the subscription
B. rom Azure Policy, assign a built-in policy definition that has a scope of the subscription
C. rom Defender for Cloud, review the Azure security baseline for audit report
D. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: A
Question #11
You need to recommend a solution to resolve the virtual machine issue.What should you include in the recommendation?
A. nable the Qualys scanner in Defender for Cloud
B. nboard the virtual machines to Microsoft Defender for Endpoint
C. reate a device compliance policy in Microsoft Endpoint Manager
D. nboard the virtual machines to Azure Arc
View answer
Correct Answer: B
Question #12
DRAG DROP (Drag and Drop is not supported)You have a Microsoft 365 subscription.You need to recommend a security solution to monitor the following activities:-User accounts that were potentially compromised-Users performing bulk file downloads from Microsoft SharePoint OnlineWhat should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar be
A. zure Policy
B. zure Network Watcher
C. zure Storage Analytics
D. icrosoft Sentinel
View answer
Correct Answer: A
Question #13
HOTSPOT (Drag and Drop is not supported)You are designing a privileged access strategy for a company named Contoso, Ltd. and its partner company named Fabrikam, Inc. Contoso has an Azure AD tenant named contoso.com. Fabrikam has an Azure AD tenant named fabrikam.com. Users at Fabrikam must access the resources in contoso.com.You need to provide the Fabrikam users with access to the Contoso resources by using access packages. The solution must meet the following requirements:•Ensure that the Fabrikam users c
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #14
Your company is moving all on-premises workloads to Azure and Microsoft 365.You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:-Minimizes manual intervention by security operation analysts-Supports triaging alerts within Microsoft Teams channelsWhat should you include in the strategy?
A. QL
B. laybooks
C. ata connectors
D. orkbooks
View answer
Correct Answer: B
Question #15
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes
A. pp registrations in Azure AD
B. zure AD Conditional Access App Control policies
C. pp discovery anomaly detection policies in Microsoft Defender for Cloud Apps
D. daptive application controls in Defender for Cloud
View answer
Correct Answer: D
Question #16
You have the following on-premises servers that run Windows Server:•Two domain controllers in an Active Directory Domain Services (AD DS) domain•Two application servers named Server1 and Server2 that run ASP.NET web apps•A VPN server named Served that authenticates by using RADIUS and AD DSEnd users use a VPN to access the web apps over the internet.You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follo
A. ublish the web apps by using Azure AD Application Proxy
B. onfigure the VPN to use Azure AD authentication
C. onfigure connectors and rules in Microsoft Defender for Cloud Apps
D. onfigure web protection in Microsoft Defender for Endpoint
View answer
Correct Answer: A
Question #17
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes
A. daptive application controls in Defender for Cloud
B. pp protection policies in Microsoft Endpoint Manager
C. pp discovery anomaly detection policies in Microsoft Defender for Cloud Apps
D. zure Security Benchmark compliance controls in Defender for Cloud
View answer
Correct Answer: A
Question #18
A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions.You are evaluating the security posture of the customer.You discover that the AKS resources are excluded from the secure score recommendations.You need to produce accurate recommendations and update the secure score.Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: BD
Question #19
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. From Defender for Cloud, enable Defender for Cloud plans
B. From Azure Policy, assign a built-in initiative that has a scope of the subscription
C. From Defender for Cloud, review the secure score recommendations
D. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: B
Question #20
You have legacy operational technology (OT) devices and IoT devices.You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. indows Defender Device Guard
B. icrosoft Defender for Endpoint
C. zure Files
D. itLocker Drive Encryption (BitLocker)
E. rotected folders
View answer
Correct Answer: BC
Question #21
You are designing a security operations strategy based on the Zero Trust framework.You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.What should you do?
A. nable built-in compliance policies in Azure Policy
B. nable self-healing in Microsoft 365 Defender
C. utomate data classification
D. reate hunting queries in Microsoft 365 Defender
View answer
Correct Answer: C
Question #22
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Defender for Cloud, enable Defender for Cloud plans
B. rom Azure Policy, assign a built-in initiative that has a scope of the subscription
C. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
D. rom Azure Policy, assign a built-in policy definition that has a scope of the subscription
View answer
Correct Answer: B
Question #23
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.What should you recommend?
A. n Azure AD user account that has a password stored in Azure Key Vault
B. group managed service account (gMSA)
C. n Azure AD user account that has role assignments in Azure AD Privileged Identity Management {PIM)
D. managed identity in Azure
View answer
Correct Answer: D
Question #24
Your company has an Azure subscription that uses Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. From Defender for Cloud, enable Defender for Cloud plans
B. From Defender for Cloud, review the Azure security baseline for audit report
C. From Defender for Cloud, add a regulatory compliance standard
D. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: C
Question #25
You need to recommend a solution to meet the security requirements for the virtual machines.What should you include in the recommendation?
A. n Azure Bastion host
B. network security group (NSG)
C. ust-in-time (JIT) VM access
D. zure Virtual Desktop
View answer
Correct Answer: D
Question #26
You have an Azure subscription that contains a Microsoft Sentinel workspace.Your on-premises network contains firewalls that support forwarding event logs m the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewallsYou need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.What should you include m the recommendation?
A. n Azure logic app
B. n on-premises Syslog server
C. n on-premises data gateway
D. zure Data Factory
View answer
Correct Answer: B
Question #27
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.You plan to deploy Azure virtual machines that will run Windows Server.You need to enable extended detection and response (EDR) and security orchestrati
A. zure AD Privileged Identity Management (PIM)
B. ole-based authorization
C. esource-based authorization
D. zure AD Multi-Factor Authentication
View answer
Correct Answer: A
Question #28
Your company has a Microsoft 365 ES subscription.The Chief Compliance Officer plans to enhance privacy management in the working environment.You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:? Identify unused personal data and empower users to make smart data handling decisions.? Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.? Provide users with recommendations to mitigate privacy risks.Wha
A. ommunication compliance in insider risk management
B. icrosoft Viva Insights
C. rivacy Risk Management in Microsoft Priva
D. dvanced eDiscovery
View answer
Correct Answer: C
Question #29
Your company has an Azure subscription that uses Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Defender for Cloud, review the Azure security baseline for audit report
B. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
C. rom Defender for Cloud, enable Defender for Cloud plans
D. rom Azure Policy, assign a built-in initiative that has a scope of the subscription
View answer
Correct Answer: D
Question #30
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.What should you recommend? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #31
You are evaluating an Azure environment for compliance.You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.Which effect should you use in Azure Policy?
A. eny
B. odify
C. ppend
D. isabled
View answer
Correct Answer: D
Question #32
You have a customer that has a Microsoft 365 subscription and an Azure subscription.The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.You need to design a security solution to assess whether all the devices meet the customer's compliance rules.What should you include in the solution?
A. icrosoft Defender for Endpoint
B. icrosoft Endpoint Manager
C. icrosoft Information Protection
D. icrosoft Sentinel
View answer
Correct Answer: B
Question #33
You have an Azure subscription that has Microsoft Defender for Cloud enabled.Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort.What should you include in the recommendation?
A. zure Monitor webhooks
B. zure Event Hubs
C. zure Functions apps
D. zure Logics Apps
View answer
Correct Answer: D
Question #34
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that has Microsoft Defender for Cloud enabled.You
A. es
B. o
View answer
Correct Answer: B
Question #35
DRAG DROP (Drag and Drop is not supported)You have a hybrid Azure AD tenant that has pass-through authentication enabled.You are designing an identity security strategy.You need to minimize the impact of brute force password attacks and leaked credentials of hybrid identities.What should you include in the design? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to vi
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #36
You have 50 Azure subscriptions.You need to monitor the resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.What are two ways to achieve the goal? Each correct answer presents a complete solution.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: AF
Question #37
DRAG DROP (Drag and Drop is not supported)You are designing a security operations strategy based on the Zero Trust framework.You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #38
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.The customer discovers that several endpoints are infected with malware.The customer suspends access attempts from the infected endpoints.The malware is removed from the endpoints.Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: AC
Question #39
Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States.You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attack surface.What should you include in the recommendation?
A. es
B. o
View answer
Correct Answer: C
Question #40
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains an e-commerce web app that was developed in An
A. es
B. o
View answer
Correct Answer: B
Question #41
HOTSPOT (Drag and Drop is not supported)Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII).The company plans to use Microsoft Information Protection for the PII data store in Azure.You need to recommend a solution to discover PII data at risk in the Azure resources.What should you include in the recommendation? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. otebooks
B. laybooks
C. orkbooks
D. hreat intelligence
View answer
Correct Answer: A
Question #42
HOTSPOT (Drag and Drop is not supported)You open Microsoft Defender for Cloud as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.Note: Each correct selection is worth one point.
A. es
B. o
View answer
Correct Answer: A
Question #43
You have an Azure subscription that has Microsoft Defender for Cloud enabled.Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort.What should you include in the recommendation?
A. zure Monitor webhooks
B. zure Event Hubs
C. zure Functions apps
D. zure Logics Apps
View answer
Correct Answer: D
Question #44
You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.What should you configure for each landing zone?
A. n ExpressRoute gateway
B. icrosoft Defender for Cloud
C. n Azure Private DNS zone
D. zure DDoS Protection Standard
View answer
Correct Answer: A
Question #45
You are designing security for an Azure landing zone.Your company identifies the following compliance and privacy requirements:-Encrypt cardholder data by using encryption keys managed by the company.-Encrypt insurance claim files by using encryption keys hosted on-premises.Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. zure Policy
B. zure Blueprints
C. he regulatory compliance dashboard in Defender for Cloud
D. zure role-based access control (Azure RBAC)
View answer
Correct Answer: CD
Question #46
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes
A. pp discovery anomaly detection policies in Microsoft Defender for Cloud Apps
B. zure Security Benchmark compliance controls in Defender for Cloud
C. pp registrations in Azure AD
D. pplication control policies in Microsoft Defender for Endpoint
View answer
Correct Answer: D
Question #47
You need to recommend a solution to meet the compliance requirements.What should you recommend? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #48
Your company has a Microsoft 365 ES subscription.The Chief Compliance Officer plans to enhance privacy management in the working environment.You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:-Identify unused personal data and empower users to make smart data handling decisions.-Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.-Provide users with recommendations to mitigate privacy risks.What s
A. ommunication compliance in insider risk management
B. icrosoft Viva Insights
C. rivacy Risk Management in Microsoft Priva
D. dvanced eDiscovery
View answer
Correct Answer: C
Question #49
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains an e-commerce web app that was developed in An
A. es
B. o
View answer
Correct Answer: A
Question #50
You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements.What should you include in the recommendation? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #51
Your company is moving a big data solution to Azure.The company plans to use the following storage workloads:? Azure Storage blob containers? Azure Data Lake Storage Gen2Azure Storage file shares -? Azure Disk StorageWhich two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. zure Storage file shares
B. zure Disk Storage
C. zure Storage blob containers
D. zure Data Lake Storage Gen2
View answer
Correct Answer: CD
Question #52
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.What should you recommend?
A. managed identity in Azure
B. n Azure AD user account that has role assignments in Azure AD Privileged Identity Management (PIM)
C. group managed service account (gMSA)
D. n Azure AD user account that has a password stored in Azure Key Vault
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.