Microsoft SC-100 Exam Questions Instant Access

Question 1

You have a Microsoft 365 E5 subscription.

You need to recommend a solution to add a watermark to email attachments that contain sensitive data. What should you include in the recommendation?

AMicrosoft Defender for Cloud Apps

Binsider risk management

CMicrosoft Information Protection

DAzure Purview

Answer : C

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

You can use sensitivity labels to: Provide protection settings that include encryption and content markings. For example, apply a 'Confidential' label to a document or email, and that label encrypts the content and applies a 'Confidential' watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content. Protect content in Office apps across different platforms and devices. Supported by Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web. Supported on Windows, macOS, iOS, and Android. Protect content in third-party apps and services by using Microsoft Defender for Cloud Apps. With Defender for Cloud Apps, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.

Question 2

Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.

Solution: You recommend implementing Azure Key Vault to store credentials.

AYes

BNo

Answer : B

When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.

Question 3

You have a Microsoft 365 E5 subscription and an Azure subscription.

You need to recommend a solution to enforce the Zero Trust principle of explicit verification for the subscriptions. The solution must be based on Zero Trust guidance in the Microsoft Cybersecurity Reference Architectures (MCRA).

What should you include in the recommendation?

AMicrosoft Defender for Cloud

BConditional Access

CMicrosoft Entra ID Identity Governance

DMicrosoft Defender for Identity

Answer : B

Question 4

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.

You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?

AAzure Event Hubs

BAzure Data Factor

Ca Microsoft Sentinel workbook

Da Microsoft Sentinel data connector

Answer : D

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-side-by-side-with-splunk-via-eventhub/ba-p/2307029

Question 5

You have a Microsoft Entra tenant named contoso.com.

You have an external partner that has a Microsoft Entra tenant named fabrikam.com.

You need to recommend an identity governance solution for contoso.com that meets the following requirements:

Enables the users in contoso.com and fabrikam.com to communicate by using shared Microsoft Teams channels.

Manages access to shared Teams channels in contoso.com by using groups in fabrikam.com.

Supports single sign-on (SSO).

Minimizes administrative effort.

Maximizes security.

What should you include in the recommendation?

AMicrosoft Entra B2B collaboration

BMicrosoft Entra Connect Sync

CCross-tenant synchronization

DB2B direct connect

Answer : D

Question 6

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).

You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment

What should you include during the application design phase?

Astatic application security testing (SAST) by using SonarQube

Bdynamic application security testing (DAST) by using Veracode

Cthreat modeling by using the Microsoft Threat Modeling Tool

Dsoftware decomposition by using Microsoft Visual Studio Enterprise

Answer : C

https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling

Question 7

You have an Azure subscription that contains 100 virtual machines, a virtual network named VNet1, and 20 users. The virtual machines run Windows Server and are connected to VNet1. The users work remotely and access Azure resources from Linux workstations.

You need to ensure that the users can connect to the virtual machines from the workstations by using Secure Shell {SSH). The solution must meet the following requirements:

* Ensure that the users authenticate by using their Microsoft Entra credentials.

* Prevent the users from transferring files from the virtual machines by using SSH.

* Prevent the users from directly accessing the virtual machines by using the public IP address of the virtual machines.

What should you include in the solution?

AAzure Bastion

BAzure NAT Gateway

Cjust-in-time (JIT) VM access

DPoint-to-Site (P2S) VPN

Answer : A

Microsoft Cybersecurity Architect SC-100 Exam Questions