Microsoft Cybersecurity Architect SC-100 Exam Practice Test

Page: 1 / 14
Total 246 questions
Question 1

You are designing the security standards for a new Azure environment.

You need to design a privileged identity strategy based on the Zero Trust model.

Which framework should you follow to create the design?



Answer : C

https://docs.microsoft.com/en-us/security/compass/security-rapid-modernization-plan This rapid modernization plan (RAMP) will help you quickly adopt Microsoft's recommended privileged access strategy.


Question 2

A customer has a Microsoft 365 E5 subscription and an Azure subscription.

The customer wants to centrally manage security incidents, analyze log, audit activity, and search for potential threats across all deployed services.

You need to recommend a solution for the customer. The solution must minimize costs.

What should you include in the recommendation?



Answer : D


Question 3

You have a Microsoft 365 E5 subscription.

You need to recommend a solution to add a watermark to email attachments that contain sensitive data. What should you include in the recommendation?



Answer : C

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

You can use sensitivity labels to: Provide protection settings that include encryption and content markings. For example, apply a 'Confidential' label to a document or email, and that label encrypts the content and applies a 'Confidential' watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content. Protect content in Office apps across different platforms and devices. Supported by Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web. Supported on Windows, macOS, iOS, and Android. Protect content in third-party apps and services by using Microsoft Defender for Cloud Apps. With Defender for Cloud Apps, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.


Question 4

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?



Answer : C


Question 5

You have to Azure subscriptions that contain 100 role-based access control (RBAC) role assignments.

You plan to consolidate the role assignments.

You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort.

What should you include in the recommendation?



Answer : D


Question 6

You are designing the encryption standards for data at rest for an Azure resource

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).

Does this meet the goal?



Answer : B


Question 7

You have an Azure subscription.

You have a subscription to a third-party cloud provider. The subscription contains 100 virtual machines.

You manage cloud security for both subscriptions from the Azure subscription.

You need to recommend a solution to validate the security posture of the virtual machines.

Which two services should you include in the recommendation? Each correct answer presents part of the solution.



Answer : A, E


Page:    1 / 14   
Total 246 questions