DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Updated Microsoft SC-100 Exam Questions – Your Path to Success

The SPOTO Microsoft SC-100 Exam Questions provide a comprehensive set of exam questions and answers, test questions, and exam questions tailored for effective exam preparation for the Microsoft Cybersecurity Architect certification. These study materials and exam resources are meticulously crafted to equip candidates with the knowledge and skills required to pass successfully and demonstrate their expertise in designing, implementing, and maintaining secure computing environments using Microsoft technologies and services. SPOTO's mock exams simulate the real exam environment, enabling candidates to assess their preparedness and identify areas for improvement. With SPOTO's exam resources, candidates can confidently tackle the SC-100 exam and achieve their certification goals, validating their expertise in cybersecurity architecture within the Microsoft ecosystem.
Take other online exams
Question #1
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Defender for Cloud, review the secure score recommendations
B. rom Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector
C. rom Defender for Cloud, review the Azure security baseline for audit report
D. rom Defender for Cloud, add a regulatory compliance standard
View answer
Correct Answer: D
Question #2
You have an Azure subscription that is used as an Azure landing zone for an application.You need to evaluate the security posture of all the workloads in the landing zone.What should you do first?
A. Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning
B. Obtain Azure AD Premium Plan 2 licenses
C. Add Microsoft Sentinel data connectors
D. Enable the Defender plan for all resource types in Microsoft Defender for Cloud
View answer
Correct Answer: D
Question #3
You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.What should you recommend as part of the landing zone deployment?
A. ocal network gateways
B. orced tunneling
C. ervice chaining
View answer
Correct Answer: C
Question #4
DRAG DROP (Drag and Drop is not supported)For a Microsoft cloud environment, you need to recommend a security architecture that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).Which security methodologies should you include in the recommendation? To answer, drag the appropriate methodologies to the correct principles. Each methodology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.Not
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #5
HOTSPOT (Drag and Drop is not supported)You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements.What should you recommend? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #6
You have a Microsoft 365 E5 subscription.You need to recommend a solution to add a watermark to email attachments that contain sensitive data.What should you include in the recommendation?
A. zure Firewall Premium
B. zure Traffic Manager and application security groups
C. zure Application Gateway Web Application Firewall (WAF)
D. etwork security groups (NSGs)
View answer
Correct Answer: A
Question #7
You have an Azure subscription.Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.What should you recommend using to enforce the governance requirement?
A. zure management groups
B. ustom Azure roles
C. zure Policy assignments
D. egulatory compliance standards in Microsoft Defender for Cloud
View answer
Correct Answer: C
Question #8
Your company has a Microsoft 365 E5 subscription.The company plans to deploy 45 mobile self-service kiosks that will run Windows 10.You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:-Ensure that only authorized applications can run on the kiosks.-Regularly harden the kiosks against new threats.Which two actions should you include in the recommendations? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. icrosoft Defender for Cloud Apps
B. icrosoft Information Protection
C. nsider risk management
D. zure Purview
View answer
Correct Answer: BE
Question #9
You are designing the security standards for a new Azure environment.You need to design a privileged identity strategy based on the Zero Trust model.Which framework should you follow to create the design?
A. icrosoft Security Development Lifecycle (SDL)
B. nhanced Security Admin Environment (ESAE)
C. apid Modernization Plan (RaMP)
D. icrosoft Operational Security Assurance (OSA)
View answer
Correct Answer: C
Question #10
You have an Azure subscription.Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.What should you recommend using to enforce the governance requirement?
A. Azure management groups
B. custom Azure roles
C. Azure Policy assignments
D. regulatory compliance standards in Microsoft Defender for Cloud
View answer
Correct Answer: C
Question #11
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Defender for Cloud, add a regulatory compliance standard
B. rom Azure Policy, assign a built-in policy definition that has a scope of the subscription
C. rom Defender for Cloud, review the Azure security baseline for audit report
D. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: A
Question #12
You have a Microsoft 365 E5 subscription and an Azure subscription.You are designing a Microsoft deployment.You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events.What should you recommend using in Microsoft Sentinel?
A. ensitivity labels
B. ustom user tags
C. tandalone sensors
D. oneytoken entity tags
View answer
Correct Answer: C
Question #13
You are evaluating the security of ClaimsApp.For each of the following statements, select Yes if the statement is true. Otherwise, select No.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #14
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 subscription that is protected by using Microsoft 365 Defender.You are designing a security operations strategy that will use Microsoft Sentinel to monitor events from Microsoft 365 and Microsoft 365 Defender.You need to recommend a solution to meet the following requirements:•Integrate Microsoft Sentinel with a third-party security vendor to access information about known malware.•Automatically generate incidents when the IP address of a comm
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #15
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.You plan to integrate Microsoft Sentinel with Splunk.You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.What should you include in the recommendation?
A. Microsoft Sentinel data connector
B. zure Event Hubs
C. Microsoft Sentinel workbook
D. zure Data Factory
View answer
Correct Answer: B
Question #16
HOTSPOT (Drag and Drop is not supported)For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA).You need to protect against the following external threats of an attack chain:-An attacker attempts to exfiltrate data to external websites.-An attacker attempts lateral movement across domain-joined computers.What should you include in the recommendation for each threat? To answer, select the appropriate options in the answe
A. pplication registrations in Azure AD
B. anaged identities in Azure
C. zure service principals with usernames and passwords
D. evice registrations in Azure AD
E. zure service principals with certificate credentials
View answer
Correct Answer: A
Question #17
You have an Azure subscription that has Microsoft Defender for Cloud enabled.You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.What should you use?
A. Azure Blueprints
B. the regulatory compliance dashboard in Defender for Cloud
C. Azure Policy
D. Azure role-based access control (Azure RBAC)
View answer
Correct Answer: C
Question #18
HOTSPOT (Drag and Drop is not supported)What should you create in Azure AD to meet the Contoso developer requirements?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #19
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.What should you recommend? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #20
You are designing a security operations strategy based on the Zero Trust framework.You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.What should you do?
A. nable built-in compliance policies in Azure Policy
B. nable self-healing in Microsoft 365 Defender
C. utomate data classification
D. reate hunting queries in Microsoft 365 Defender
View answer
Correct Answer: B
Question #21
Your company has an office in Seattle.The company has two Azure virtual machine scale sets hosted on different virtual networks.The company plans to contract developers in India.You need to recommend a solution provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:-Prevent exposing the public IP addresses of the virtual machines.-Provide the ability to connect without using a VPN.-Minimize costs.Which two
A. ompliance Manager
B. icrosoft Defender for Cloud Apps
C. icrosoft Endpoint Manager
D. icrosoft Defender for Endpoint
View answer
Correct Answer: AC
Question #22
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.All on-premises servers in the perimeter network are prevented from connecting directly to the internet.The customer recently recovered from a ransomware attack.The customer plans to deploy Microsoft Sentinel.You need to recommend solutions to meet the following requirements:-Ensure that the security operations team can access the security logs and the operation logs.-Ensure that the IT opera
A. zure Active Directory (Azure AD) enterprise applications
B. n Azure App Service Environment (ASE)
C. zure service endpoints
D. n Azure Active Directory (Azure AD) application proxy
View answer
Correct Answer: BC
Question #23
HOTSPOT (Drag and Drop is not supported)You are designing the security architecture for a cloud-only environment.You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA).You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements:•Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #24
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription that uses Microsoft Purview, SharePoint Online, and OneDrive for Business.You need to recommend a ransomware protection solution that meets the following requirements:•Mitigates attacks that make copies of files, encrypt the copies, and then delete the original files•Mitigates attacks that encrypt files in place•Minimizes administrative effortWhat should you include in the recommendation? To answer, select the appropriate optio
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #25
HOTSPOT (Drag and Drop is not supported)Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains a server that runs Windows Server and hosts shared folders. The domain syncs with Azure AD by using Azure AD Connect. Azure AD Connect has group writeback enabled.You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.You have multiple project teams. Each team has an AD DS group that syncs with Azure AD.Each group has permissions to a unique S
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #26
For an Azure deployment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.You need to recommend a best practice for implementing service accounts for Azure API management.What should you include in the recommendation?
A. ocal Administrator Password Solution (LAPS)
B. zure AD Identity Protection
C. zure AD Privileged Identity Management (PIM)
D. rivileged Access Workstations (PAWs)
View answer
Correct Answer: B
Question #27
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Defender for Cloud, enable Defender for Cloud plans
B. rom Azure Policy, assign a built-in initiative that has a scope of the subscription
C. rom Defender for Cloud, review the secure score recommendations
D. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: B
Question #28
Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment.You need to recommend the top three modernization areas to prioritize as part of the plan.Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: ACE
Question #29
Your company has an Azure subscription that uses Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector
B. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications
C. From Defender for Cloud, enable Defender for Cloud plans
D. From Defender for Cloud, add a regulatory compliance standard
View answer
Correct Answer: D
Question #30
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription and an Azure subscription.You need to evaluate the existing environment to increase the overall security posture for the following components:-Windows 11 devices managed by Microsoft Intune-Azure Storage accounts-Azure virtual machinesWhat should you use to evaluate the components? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #31
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains an e-commerce web app that was developed in An
A. es
B. o
View answer
Correct Answer: B
Question #32
HOTSPOT (Drag and Drop is not supported)You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.What should you recommend? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #33
Your company is moving a big data solution to Azure.The company plans to use the following storage workloads:-Azure Storage blob containers-Azure Data Lake Storage Gen2-Azure Storage file shares-Azure Disk StorageWhich two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: CD
Question #34
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. From Defender for Cloud, enable Defender for Cloud plans
B. From Azure Policy, assign a built-in initiative that has a scope of the subscription
C. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications
D. From Azure Policy, assign a built-in policy definition that has a scope of the subscription
View answer
Correct Answer: B
Question #35
You need to recommend a solution to scan the application code. The solution must meet the application development requirements.What should you include in the recommendation?
A. itHub Advanced Security
B. zure Key Vault
C. zure DevTest Labs
D. pplication Insights in Azure Monitor
View answer
Correct Answer: A
Question #36
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that has Microsoft Defender for Cloud enabled.You
A. es
B. o
View answer
Correct Answer: A
Question #37
You need to recommend a solution to meet the security requirements for the InfraSec group.What should you use to delegate the access?
A. subscription
B. custom role-based access control (RBAC) role
C. resource group
D. management group
View answer
Correct Answer: B
Question #38
HOTSPOT (Drag and Drop is not supported)Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation.You need to recommend a security posture management solution for the following components:-Azure IoT Edge devices-AWS EC2 instancesWhich services should you include in the recommendation? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. eploy Azure Virtual Desktop, Azure Active Directory (Azure AD) Conditional Access, and Microsoft Defender for Cloud Apps
B. edesign the VPN infrastructure by adopting a split tunnel configuration
C. eploy Microsoft Endpoint Manager and Azure Active Directory (Azure AD) Conditional Access
D. igrate the on-premises applications to cloud-based applications
View answer
Correct Answer: A
Question #39
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. From Azure Policy, assign a built-in initiative that has a scope of the subscription
B. From Azure Policy, assign a built-in policy definition that has a scope of the subscription
C. From Defender for Cloud, review the Azure security baseline for audit report
D. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications
View answer
Correct Answer: A
Question #40
Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit. You need to recommend a solution to isolate the compute components on an Azure virtual network.What should you include in the recommendation?
A. ee Explanation section for answer
View answer
Correct Answer: B
Question #41
Your company has devices that run either Windows 10, Windows 11, or Windows Server.You are in the process of improving the security posture of the devices.You plan to use security baselines from the Microsoft Security Compliance Toolkit.What should you recommend using to compare the baselines to the current device configurations?
A. icrosoft Intune
B. ocal Group Policy Object (LGPO)
C. indows Autopilot
D. olicy Analyzer
View answer
Correct Answer: D
Question #42
You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.What should you recommend?
A. he nodes must restart after the updates are applied
B. he updates must first be applied to the image used to provision the nodes
C. he AKS cluster version must be upgraded
View answer
Correct Answer: B
Question #43
You have an Azure subscription that is used as an Azure landing zone for an application.You need to evaluate the security posture of all the workloads in the landing zone.What should you do first?
A. onfigure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning
B. btain Azure AD Premium Plan 2 licenses
C. dd Microsoft Sentinel data connectors
D. nable the Defender plan for all resource types in Microsoft Defender for Cloud
View answer
Correct Answer: D
Question #44
You have an Azure subscription that has Microsoft Defender for Cloud enabled.You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.What should you use?
A. zure Blueprints
B. he regulatory compliance dashboard in Defender for Cloud
C. zure Policy
D. zure role-based access control (Azure RBAC)
View answer
Correct Answer: C
Question #45
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that has Microsoft Defender for Cloud enabled.You
A. es
B. o
View answer
Correct Answer: B
Question #46
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your on-premises network contains an e-commerce web app that was developed in An
A. es
B. o
View answer
Correct Answer: B
Question #47
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements.What should you recommend? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #48
Your company has an Azure subscription that uses Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. From Defender for Cloud, review the Azure security baseline for audit report
B. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications
C. From Defender for Cloud, enable Defender for Cloud plans
D. From Azure Policy, assign a built-in initiative that has a scope of the subscription
View answer
Correct Answer: D
Question #49
For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management What should you include in the recommendation?
A. evice registrations in Azure AD
B. pplication registrations m Azure AD
C. zure service principals with certificate credentials
D. zure service principals with usernames and passwords
E. anaged identities in Azure
View answer
Correct Answer: E
Question #50
You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?
A. n Azure AD enterprise application
B. retying party trust in Active Directory Federation Services (AD FS)
C. zure AD Application Proxy
D. zure AD B2C
View answer
Correct Answer: A
Question #51
Your company has an Azure subscription that uses Microsoft Defender for Cloud.The company signs a contract with the United States government.You need to review the current subscription for NIST 800-53 compliance.What should you do first?
A. rom Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector
B. rom Microsoft Defender for Cloud Apps, create an access policy for cloud applications
C. rom Defender for Cloud, enable Defender for Cloud plans
D. rom Defender for Cloud, add a regulatory compliance standard
View answer
Correct Answer: D
Question #52
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription that uses Microsoft Exchange Online.You need to recommend a solution to prevent malicious actors from impersonating the email addresses of internal senders.What should you include in the recommendation? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #53
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases.All resources are backed up multiple times a day by using Azure Backup.You are developing a strategy to protect against ransomware attacks.You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.Which two controls should you include in the recommendation? Each correct answer presents a complete so
A. ee Explanation section for answer
View answer
Correct Answer: BE

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.