Valid SC-100 Dumps shared by ExamDiscuss.com for Helping Passing SC-100 Exam! ExamDiscuss.com now offer the newest SC-100 exam dumps, the ExamDiscuss.com SC-100 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-100 dumps with Test Engine here:

Access SC-100 Dumps Premium Version
(230 Q&As Dumps, 35%OFF Special Discount Code: freecram)

Online Access Free SC-100 Exam Questions

Exam Code:SC-100
Exam Name:Microsoft Cybersecurity Architect
Certification Provider:Microsoft
Free Question Number:82
Version:v2024-07-22
Rating:
# of views:370
# of Questions views:9168
Go To SC-100 Questions

Recent Comments (The most recent comments are at the top.)

sam - Jan 13, 2025

No.# Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.

sam - Jan 07, 2025

No.# GIT Workflow ---> Protected Branch
Secure Deployment credentials --> Keyvault
Ref : https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/best-practices/secure-devops

sam - Jan 07, 2025

No.# By using Microsoft 365 Defender, you can evaluate the security posture of Windows 11 devices managed by Microsoft Intune. This solution provides advanced threat protection, detection, and response capabilities for endpoints within the Microsoft 365 environment.

For the evaluation of Azure Storage accounts and Azure virtual machines, you should utilize Microsoft Defender for Cloud (formerly known as Azure Defender). It offers comprehensive threat protection and security monitoring for various Azure services, including Azure Storage accounts and Azure virtual machines. This will help you assess their security configurations, detect vulnerabilities, and receive security recommendations.


Microsoft 365 Defender includes both of those and quite a bit else.

https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide
"Here's a list of the different Microsoft 365 Defender products and solutions:
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender Vulnerability Management
Azure Active Directory Identity Protection
Microsoft Data Loss Prevention
App Governance
Microsoft Defender for Cloud"...

sam - Jan 07, 2025

No.# Data security:
Access keys stored in Azure Key Vault: This ensures that sensitive keys are securely stored and managed, reducing the risk of unauthorized access.
Network access control:
Azure Private Link with network service tags: This provides secure and private connectivity to Azure services, ensuring that data transfer occurs over a private network rather than the public internet.

sam - Jan 07, 2025

No.# D
Users can sign into Azure Virtual Desktop from anywhere using different devices and clients. However, there are certain measures you should take to help keep yourself and your users safe. Using Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) with Azure Virtual Desktop prompts users during the sign-in process for another form of identification in addition to their username and password. You can enforce MFA for Azure Virtual Desktop using Conditional Access, and can also configure whether it applies to the web client, mobile apps, desktop clients, or all clients.

sam - Jan 07, 2025

No.# To enable Azure AD authentication for App1, use Azure AD application
To implement access requests for App1, use an access package in identity governance

To enable Azure AD authentication for App1 and provide access security, the recommended solution is to use an Azure AD application. You should create an Azure AD application, configure the necessary permissions, and assign users and groups to the application.

An access package in identity governance should be used to implement access requests for App1. Identity Governance provides access packages that allow users to request access to specific applications, groups, or roles. The request is routed to the appropriate approver, who can either approve or reject the request. Access packages can be created, managed, and assigned in the Azure portal, and can be customized to include specific access policies and permissions. This provides a streamlined and secure way to manage access to App1, ensuring that only authorized users can access sensitive data or resources....

sam - Jan 07, 2025

No.# Segment Microsoft Sentinel workspaces by: Region and Azure AD tenant
Do that because the case study states "...mergers and acquisitions. The acquisitions include several companies based in France."

Relevant information from Microsoft is on this Best Practices page for workspace architecture:
https://docs.microsoft.com/en-us/azure/sentinel/best-practices-workspace-architecture#region-considerations

Lighthouse is correct for Box2

sam - Jan 07, 2025

No.# For the database administrators: Always Encrypted
For the operators: Dynamic Data Masking

Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national/regional identification numbers. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine.

https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver16

Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal effect on the application layer.

sam - Jan 07, 2025

No.# Branch policies in Azure Repos provide a way to enforce code review policies before a pull request can be completed and merged into a target branch. This ensures that all code changes are submitted through a pull request and reviewed by other members of the team before being deployed by the CI/CD workflow.

Branch policies can be configured to require specific reviewers, require a minimum number of approvals, and block direct pushes to the target branch. This helps to ensure that code changes are thoroughly reviewed and meet the established standards before being merged into the target branch.

sam - Jan 07, 2025

No.# This rapid modernization plan (RAMP) will help you quickly adopt Microsoft's recommended privileged access strategy.

sam - Jan 07, 2025

No.# 1️⃣ What is Multi-User Authorization (MUA) with Resource Guard?
Multi-User Authorization (MUA) is a feature provided by Azure Backup that ensures critical operations (like deleting backups or changing security configurations) require multiple authorized users.
Resource Guard is used to enforce this multi-user approval mechanism, making it harder for a single compromised administrator account to perform destructive actions.
2️⃣ Why Resource Guard is the Best Choice:
Prevents a single point of failure: If an admin account is compromised, the attacker cannot delete backups without additional authorization.
Separation of Duties (SoD): Resource Guard enforces strict role-based access control (RBAC) to ensure that only authorized users can approve sensitive backup operations.
Immutable Backups: Protects your backups from accidental or malicious deletion.

sam - Jan 07, 2025

No.# C
Among the options provided, C. Enable self-healing in Microsoft 365 Defender is the one that aligns most closely with this goal.

Self-healing capabilities in Microsoft 365 Defender can automatically detect, investigate, and remediate security threats, which would otherwise require manual intervention by SOC analysts. By automating these processes, you can minimize the operational load on Tier 1 analysts and allow them to focus on more complex security issues.

Options A, B, and D are relevant to various aspects of security and compliance but don't specifically target the operational load on Tier 1 SOC analysts in the same way that option B does. Therefore, the correct answer is:
B. Enable self-healing in Microsoft 365 Defender.

sam - Jan 07, 2025

No.# • Project managers must verify that their project group contains only the current members of their project team.
This means access reviews, Lifecycle Workflow would do all of this automatically based on the user attributes (such as department or team)

You have multiple project teams. Each team has an **AD DS group** that **syncs with Azure AD.** (these being the key to find the correct answer)
Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.

The correct answer is "Enable group write back for the existing synced group."

sam - Jan 07, 2025

No.# Exfiltration of data - Defender for Cloud Apps
Data across domains - Defender for Identity
Reference: MCRA Slide 15

sam - Jan 07, 2025

No.# A read-only lock on a storage account prevents users from listing the account keys ----> https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

sam - Jan 07, 2025

No.# Hybrid Connections is a feature in Azure App Service that provides a way to access application resources in other networks. It uses a secure, outbound-only connection that doesn’t require opening inbound ports to your on-premises network. This makes it a suitable choice for accessing on-premises databases without exposing additional internet-accessible endpoints.

sam - Jan 07, 2025

No.# A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually on-demand on entities (in preview - see below) and alerts, or set to run automatically in response to specific alerts or incidents, when triggered by an automation rule.

sam - Jan 07, 2025

No.# Azure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves
This recommendation meets all the specified requirements:
Minimizes risks of malware using elevated privileges: Always Encrypted with Intel SGX enclaves protects sensitive data from high-privilege users and malware in the database environment3.
Prevents database administrators from accessing sensitive data: Always Encrypted provides separation between those who own the data and those who manage it but should have no access3.
Enables pattern matching for server-side database operations: Intel SGX enclaves support rich confidential queries, including pattern matching, on encrypted data8.
Supports Microsoft Azure Attestation: Intel SGX enclaves in Azure SQL Database work with Azure Attestation for verifying the authenticity of the secure enclave6.
Uses hardware-based encryption: Intel SGX is a hardware-based technology that provides stronger security guarantees compared to virtualization-based security (VBS) enclaves4.
Additionally, Intel SGX enclaves offer the highest level of data protection among the options, as they are resistant to attacks from the host operating system...

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Other Version
263 viewsMicrosoft.SC-100.v2025-05-07.q82
363 viewsMicrosoft.SC-100.v2025-02-04.q82
371 viewsMicrosoft.SC-100.v2024-09-30.q71
350 viewsMicrosoft.SC-100.v2024-09-03.q74
409 viewsMicrosoft.SC-100.v2024-04-25.q80
539 viewsMicrosoft.SC-100.v2023-11-14.q69
531 viewsMicrosoft.SC-100.v2023-10-17.q66
512 viewsMicrosoft.SC-100.v2023-08-18.q114
668 viewsMicrosoft.SC-100.v2023-04-18.q118
698 viewsMicrosoft.SC-100.v2023-02-14.q41
497 viewsMicrosoft.SC-100.v2023-02-04.q36
537 viewsMicrosoft.SC-100.v2023-01-21.q38
495 viewsMicrosoft.SC-100.v2022-12-28.q40
633 viewsMicrosoft.SC-100.v2022-11-29.q38
668 viewsMicrosoft.SC-100.v2022-10-25.q35
554 viewsMicrosoft.SC-100.v2022-10-17.q34
798 viewsMicrosoft.SC-100.v2022-10-12.q37
576 viewsMicrosoft.SC-100.v2022-10-10.q38
1210 viewsMicrosoft.SC-100.v2022-07-06.q35
Exam Question List
Question 1: You need to recommend an identity security solution for the ...
3 commentQuestion 2: You have a Microsoft 365 subscription. You need to design a ...
Question 3: You have an Azure subscription. The subscription contains an...
1 commentQuestion 4: You are planning the security requirements for Azure Cosmos ...
1 commentQuestion 5: For of an Azure deployment you are designing a security arch...
1 commentQuestion 6: You need to recommend a solution to meet the requirements fo...
1 commentQuestion 7: Your company is migrating data to Azure. The data contains P...
1 commentQuestion 8: You have Microsoft Defender for Cloud assigned to Azure mana...
1 commentQuestion 9: You have an on-premises network that has several legacy appl...
1 commentQuestion 10: You are designing a ransomware response plan that follows Mi...
1 commentQuestion 11: You have an Azure subscription. The subscription contains 50...
1 commentQuestion 12: You need to design a solution to provide administrators with...
Question 13: Your company has an on-premises network, an Azure subscripti...
Question 14: You have an Azure AD tenant that syncs with an Active Direct...
1 commentQuestion 15: Your company finalizes the adoption of Azure and is implemen...
1 commentQuestion 16: Your company is developing a new Azure App Service web app. ...
Question 17: Your company has a Microsoft 365 E5 subscription. The Chief ...
1 commentQuestion 18: You need to recommend a multi-tenant and hybrid security sol...
1 commentQuestion 19: You need to recommend a strategy for securing the litware.co...
Question 20: Your company wants to optimize ransomware incident investiga...
1 commentQuestion 21: You plan to automate the development and deployment of a Nod...
Question 22: You need to recommend a solution to resolve the virtual mach...
Question 23: You design cloud-based software as a service (SaaS) solution...
Question 24: Note: This question is part of a series of questions that pr...
1 commentQuestion 25: Your company has a Microsoft 365 E5 subscription. The compan...
Question 26: Your company has an Azure App Service plan that is used to d...
Question 27: A customer has a Microsoft 365 E5 subscription and an Azure ...
1 commentQuestion 28: Your company is developing a modern application that will ru...
Question 29: Your company has an on-premise network in Seattle and an Azu...
1 commentQuestion 30: Your company is designing an application architecture for Az...
1 commentQuestion 31: A customer uses Azure to develop a mobile app that will be c...
1 commentQuestion 32: You are designing the encryption standards for data at rest ...
2 commentQuestion 33: Your company has on-premises Microsoft SQL Server databases....
Question 34: You have an Azure AD tenant that syncs with an Active Direct...
1 commentQuestion 35: You have a hybrid cloud infrastructure. You plan to deploy t...
1 commentQuestion 36: Your company plans to provision blob storage by using an Azu...
Question 37: You are designing the encryption standards for data at rest ...
1 commentQuestion 38: Your company has the virtual machine infrastructure shown in...
1 commentQuestion 39: You have an Azure subscription that is used as an Azure land...
1 commentQuestion 40: Your on-premises network contains an e-commerce web app that...
1 commentQuestion 41: You have legacy operational technology (OT) devices and loT ...
1 commentQuestion 42: Your company wants to optimize using Azure to protect its re...
1 commentQuestion 43: You have a customer that has a Microsoft 365 subscription an...
2 commentQuestion 44: Your company has an Azure subscription that has enhanced sec...
1 commentQuestion 45: A customer has a hybrid cloud infrastructure that contains a...
Question 46: A customer has a hybrid cloud infrastructure that contains a...
1 commentQuestion 47: You need to recommend a strategy for App Service web app con...
1 commentQuestion 48: Your company plans to deploy several Azure App Service web a...
Question 49: You plan to deploy a dynamically scaling, Linux-based Azure ...
1 commentQuestion 50: You have a hybrid Azure AD tenant that has pass-through auth...
Question 51: You have a Microsoft 365 tenant. Your company uses a third-p...
Question 52: You have a Microsoft 365 E5 subscription and an Azure subscr...
Question 53: You have a Microsoft 365 E5 subscription. You are designing ...
Question 54: Your on-premises network contains an e-commerce web app that...
1 commentQuestion 55: You have an on-premises server that runs Windows Server and ...
Question 56: You have an Azure AD tenant that contains 10 Windows 11 devi...
1 commentQuestion 57: You have a Microsoft 365 subscription and an Azure subscript...
Question 58: A customer is deploying Docker images to 10 Azure Kubernetes...
1 commentQuestion 59: Your company has an on-premises network and an Azure subscri...
1 commentQuestion 60: You have an Azure subscription that contains several storage...
1 commentQuestion 61: For a Microsoft cloud environment, you are designing a secur...
1 commentQuestion 62: Your network contains an on-premises Active Directory Domain...
Question 63: You have an Azure subscription. Your company has a governanc...
Question 64: You need to recommend a solution to meet the compliance requ...
Question 65: You need to recommend a solution to scan the application cod...
1 commentQuestion 66: You are designing a security operations strategy based on th...
1 commentQuestion 67: You have an Azure AD tenant that syncs with an Active Direct...
1 commentQuestion 68: You are designing the security standards for a new Azure env...
1 commentQuestion 69: Your company uses Azure Pipelines and Azure Repos to impleme...
1 commentQuestion 70: You have an Azure SQL database named DB1 that contains custo...
Question 71: You have an Azure subscription that has Microsoft Defender f...
1 commentQuestion 72: You need to recommend a SIEM and SOAR strategy that meets th...
2 commentQuestion 73: You are creating the security recommendations for an Azure A...
1 commentQuestion 74: Your company has a hybrid cloud infrastructure. The company ...
Question 75: Your company has a Microsoft 365 E5 subscription, an Azure s...
Question 76: You are designing the encryption standards for data at rest ...
Question 77: Your company is moving all on-premises workloads to Azure an...
1 commentQuestion 78: You are designing security for a runbook in an Azure Automat...
1 commentQuestion 79: You have a Microsoft 365 E5 subscription and an Azure subscr...
Question 80: Your company has an office in Seattle. The company has two A...
1 commentQuestion 81: You use Azure Pipelines with Azure Repos to implement contin...
1 commentQuestion 82: Your company develops several applications that are accessed...