Microsoft SC-100 Exam Practice Test Instant Access

Question 1

You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1.

You plan to migrate DB1 to Azure.

You need to recommend an encrypted Azure database solution that meets the following requirements:

* Minimizes the risks of malware that uses elevated privileges to access sensitive data

* Prevents database administrators from accessing sensitive data

* Enables pattern matching for server-side database operations

* Supports Microsoft Azure Attestation

* Uses hardware-based encryption

What should you include in the recommendation?

ASQL Server on Azure Virtual Machines with virtualization-based security (VBS) enclaves

BAzure SQL Database with virtualization-based security (VBS) enclaves

CAzure SQL Managed Instance that has Always Encrypted configured

DAzure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves

Answer : D

Question 2

You have a Microsoft 365 subscription. You have an Azure subscription.

You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:

* Assign compliance policies to Microsoft 365 groups based on custom Microsoft Exchange Online attributes.

* Minimize the number of compliance policies

* Minimize administrative effort

What should you include in the solution?

AAzure AD Information Protection labels

BMicrosoft 365 Defender user tags

Cadaptive scopes

Dadministrative units

Answer : C

Question 3

You have an Azure subscription.

You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.

Developers use Azure DevOps to deploy web apps to App Service Environments- When a new app is deployed, a CNAME record for the app is registered in contoso.com.

You need to recommend a solution to secure the DNS record tor each web app. The solution must meet the following requirements:

* Ensure that when an app is deleted, the CNAME record for the app is removed also

* Minimize administrative effort.

What should you include in the recommendation?

AMicrosoft Defender for DevOps

BMicrosoft Defender foe App Service

CMicrosoft Defender for Cloud Apps

DMicrosoft Defender for DNS

Answer : C

Question 4

You have an on-premises network and a Microsoft 365 subscription.

You are designing a Zero Trust security strategy.

Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution.

NOTE: Each correct answer is worth one point.

ABlock sign-attempts from unknown location.

BAlways allow connections from the on-premises network.

CDisable passwordless sign-in for sensitive account.

DBlock sign-in attempts from noncompliant devices.

Answer : A, D

Question 5

You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications.

You need to recommend a deployment solution that includes network security groups (NSGs) Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure.

What should you include in the recommendation?

Athe Azure landing zone accelerator

Bthe Azure Will-Architected Framework

CAzure Security Benchmark v3

DAzure Advisor

Answer : A

Question 6

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised administrator account cannot be used to delete the backups

What should you do?

AFrom a Recovery Services vault generate a security PIN for critical operations.

BFrom Azure Backup, configure multi-user authorization by using Resource Guard.

CFrom Microsoft Azure Backup Setup, register MABS with a Recovery Services vault

DFrom Azure AD Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role.

Answer : B

Question 7

Your company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure.

You need to perform threat modeling by using a top-down approach based on the Microsoft Cloud Adoption Framework for Azure.

What should you use to start the threat modeling process?

Athe STRIDE model

Bthe DREAD model

COWASP threat modeling

Answer : C

Microsoft SC-100 Microsoft Cybersecurity Architect Exam Practice Test