Microsoft SC-100 Exam Practice Test Instant Access

Question 1

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Aan Azure AD enterprise application

Ba retying party trust in Active Directory Federation Services (AD FS)

CAzure AD Application Proxy

DAzure AD B2C

Answer : A

Question 2

You have an Azure subscription that contains a Microsoft Sentinel workspace.

Your on-premises network contains firewalls that support forwarding event logs m the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls

You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.

What should you include m the recommendation?

Aan Azure logic app

Ban on-premises Syslog server

Can on-premises data gateway

DAzure Data Factory

Answer : B

Question 3

For of an Azure deployment you are designing a security architecture based on the Microsoft Cloud Security Benchmark. You need to recommend a best practice for implementing service accounts for Azure API management What should you include in the recommendation?

Adevice registrations in Azure AD

Bapplication registrations m Azure AD

CAzure service principals with certificate credentials

DAzure service principals with usernames and passwords

Emanaged identities in Azure

Answer : E

Question 4

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.

You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.

What should you recommend?

Aan Azure AD user account that has a password stored in Azure Key Vault

Ba group managed service account (gMSA)

Can Azure AD user account that has role assignments in Azure AD Privileged Identity Management {PIM)

Da managed identity in Azure

Answer : D

Question 5

You are designing a security operations strategy based on the Zero Trust framework.

You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.

What should you do?

AEnable built-in compliance policies in Azure Policy.

BEnable self-healing in Microsoft 365 Defender.

CAutomate data classification.

DCreate hunting queries in Microsoft 365 Defender.

Answer : C

Question 6

You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS).

You need to define the recovery steps for a ransomware attack that encrypted data in the subscription The solution must follow Microsoft Security Best Practices.

What is the first step in the recovery plan?

ADisable Microsoft OneDnve sync and Exchange ActiveSync.

BRecover files to a cleaned computer or device.

CContact law enforcement.

DFrom Microsoft Defender for Endpoint perform a security scan.

Answer : A

Question 7

You have an Azure AD tenant that syncs with an Active Directory Domain Services {AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD.

You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.

You plan to remove all the domain accounts from the Administrators group on the Windows computers.

You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.

What should you include in the recommendation?

ALocal Administrator Password Solution (LAPS)

BPrivileged Access Workstations (PAWs)

CAzure AD Privileged Identity Management (PIM)

DAzure AD identity Protection

Answer : A

Microsoft SC-100 Microsoft Cybersecurity Architect Exam Practice Test