DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Microsoft SC-100 Certification Pracatice Questions & Mock Tests, Microsoft Cybersecurity Architect | SPOTO

Access free test materials such as online exam questions, sample questions, and exam dumps to enhance your exam practice. Dive deeper into preparation with our comprehensive collection of exam questions and answers, supplemented by mock exams and exam materials, ensuring thorough coverage of exam topics. Stay ahead of the curve with our latest practice tests, designed to simulate the real exam environment and boost your confidence. As a Microsoft cybersecurity architect, mastering the translation of cybersecurity strategies into protective capabilities is paramount. Trust SPOTO to provide the tools and support needed to succeed in your certification exam and advance your career in cybersecurity.
Take other online exams
Question #1
Your company has a Microsoft 365 E5 subscription.Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating.The company identifies protected health information (PHI) within stored documents and communications.What should you recommend using to prevent the PHI from being shared outside the company?
A. sensitivity label policies
B. data loss prevention (DLP) policies
C. insider risk management policies
D. retention policies
View answer
Correct Answer: A
Question #2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that has Microsoft Defender for Cloud enabled.You
A. Yes
B. No
View answer
Correct Answer: A
Question #3
Your company has an on-premises network and an Azure subscription. The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure. You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network. You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet- accessible endpoints to the on-premises network. What should you
A. a private endpoint
B. hybrid connections
C. virtual network NAT gateway integration
D. virtual network integration
View answer
Correct Answer: A
Question #4
You have an on-premises network and a Microsoft 365 subscription. You are designing a Zero Trust security strategy. Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution. NOTE: Each correct answer is worth one point.
A. lock sign-attempts from unknown location
B. lways allow connections from the on-premises network
C. isable passwordless sign-in for sensitive account
D. lock sign-in attempts from noncompliant devices
View answer
Correct Answer: AD
Question #5
You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune. You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations: * Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device. * The Security Administrator role will be
A. nly add Group2 to the local Administrators group
B. onfigure Windows Local Administrator Password Solution (Windows LAPS) in legacy Microsoft LAPS emulation mode
C. dd Group2 to the local Administrators group
View answer
Correct Answer: C
Question #6
You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1. You plan to migrate DB1 to Azure. You need to recommend an encrypted Azure database solution that meets the following requirements: * Minimizes the risks of malware that uses elevated privileges to access sensitive data * Prevents database administrators from accessing sensitive data * Enables pattern matching for server-side database operations * Supports Microsoft Azure Attestation * Uses
A. QL Server on Azure Virtual Machines with virtualization-based security (VBS) enclaves
B. zure SQL Database with virtualization-based security (VBS) enclaves
C. zure SQL Managed Instance that has Always Encrypted configured
D. zure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves
View answer
Correct Answer: D
Question #7
You are designing a ransomware response plan that follows Microsoft Security Best Practices.You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.What should you include in the recommendation?
A. device compliance policies
B. Privileged Access Workstations (PAWs)
C. Customer Lockbox for Microsoft Azure
D. emergency access accounts
View answer
Correct Answer: B
Question #8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains an e-commerce web app that was developed in An
A. Yes
B. No
View answer
Correct Answer: B
Question #9
You have Windows 11 devices and Microsoft 365 E5 licenses.You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites.What should you include in the recommendation?
A. Compliance Manager
B. Microsoft Defender for Cloud Apps
C. Microsoft Endpoint Manager
D. Microsoft Defender for Endpoint
View answer
Correct Answer: D
Question #10
You have a Microsoft 365 subscription. You need to design a solution to block file downloads from Microsoft SharePoint Online by authenticated users on unmanaged devices. Which two services should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. icrosoft Defender for Cloud Apps
B. zure AD Application Proxy
C. zure Data Catalog
D. zure AD Conditional Access
E. icrosoft Purview Information Protection
View answer
Correct Answer: AD
Question #11
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.You need to ensure that a compromised administrator account cannot be used to delete the backups.What should you do?
A. From Azure Backup, configure multi-user authorization by using Resource Guard
B. From Microsoft Azure Backup Setup, register MABS with a Recovery Services vault
C. From a Recovery Services vault, generate a security PIN for critical operations
D. From Azure AD Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role
View answer
Correct Answer: C
Question #12
You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.Which two services should you leverage in the strategy? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. Azure AD Conditional Access
B. access reviews in Azure AD
C. Microsoft Defender for Cloud
D. Microsoft Defender for Cloud Apps
E. Microsoft Defender for Endpoint
View answer
Correct Answer: BD
Question #13
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components: ? Windows 11 devices managed by Microsoft Intune ? Azure Storage accounts ? Azure virtual machines What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
View answer
Correct Answer: BE
Question #14
Your company has on-premises Microsoft SQL Server databases.The company plans to move the databases to Azure.You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.What should you include in the recommendation?
A. Azure SQL Managed Instance
B. Azure Synapse Analytics dedicated SQL pools
C. Azure SQL Database
D. SQL Server on Azure Virtual Machines
View answer
Correct Answer: A
Question #15
You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys. You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications. What should you include in the recommendation?
A. Apply read-only locks on the storage accounts
B. Set the AllowSharcdKeyAccess property to false
C. Set the AllowBlobPublicAcccss property to false
D. Configure automated key rotation
View answer
Correct Answer: A
Question #16
Your company has the virtual machine infrastructure shown in the following table.The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.What should you include in the recommendation?
A. Use geo-redundant storage (GRS)
B. Maintain multiple copies of the virtual machines
C. Encrypt the backups by using customer-managed keys (CMKS)
D. Require PINs to disable backups
View answer
Correct Answer: D
Question #17
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks. You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successtu\ ransonvwaTe attack. Which two controls should you include in the recommendation? Each correct answer presents a comple
A. Use Azure Monitor notifications when backup configurations change
B. Require PINs for critical operations
C. Perform offline backups to Azure Data Box
D. Encrypt backups by using customer-managed keys (CMKs)
E. Enable soft delete for backups
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.