Valid SC-100 Dumps shared by ExamDiscuss.com for Helping Passing SC-100 Exam! ExamDiscuss.com now offer the newest SC-100 exam dumps, the ExamDiscuss.com SC-100 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-100 dumps with Test Engine here:
Access SC-100 Dumps Premium Version
(230 Q&As Dumps, 35%OFF Special Discount Code: freecram)
Online Access Free SC-100 Exam Questions
| Exam Code: | SC-100 |
| Exam Name: | Microsoft Cybersecurity Architect |
| Certification Provider: | Microsoft |
| Free Question Number: | 74 |
| Version: | v2024-09-03 |
| Rating: | |
| # of views: | 350 |
| # of Questions views: | 8274 |
| Go To SC-100 Questions | |
- Other Version
- 262 viewsMicrosoft.SC-100.v2025-05-07.q82
- 362 viewsMicrosoft.SC-100.v2025-02-04.q82
- 370 viewsMicrosoft.SC-100.v2024-09-30.q71
- 369 viewsMicrosoft.SC-100.v2024-07-22.q82
- 409 viewsMicrosoft.SC-100.v2024-04-25.q80
- 539 viewsMicrosoft.SC-100.v2023-11-14.q69
- 531 viewsMicrosoft.SC-100.v2023-10-17.q66
- 512 viewsMicrosoft.SC-100.v2023-08-18.q114
- 668 viewsMicrosoft.SC-100.v2023-04-18.q118
- 698 viewsMicrosoft.SC-100.v2023-02-14.q41
- 497 viewsMicrosoft.SC-100.v2023-02-04.q36
- 537 viewsMicrosoft.SC-100.v2023-01-21.q38
- 495 viewsMicrosoft.SC-100.v2022-12-28.q40
- 633 viewsMicrosoft.SC-100.v2022-11-29.q38
- 668 viewsMicrosoft.SC-100.v2022-10-25.q35
- 554 viewsMicrosoft.SC-100.v2022-10-17.q34
- 798 viewsMicrosoft.SC-100.v2022-10-12.q37
- 576 viewsMicrosoft.SC-100.v2022-10-10.q38
- 1210 viewsMicrosoft.SC-100.v2022-07-06.q35
- Exam Question List
- Question 1: You have an Azure AD tenant that syncs with an Active Direct...
- 1 commentQuestion 2: Your company has an Azure subscription that has enhanced sec...
- Question 3: You have an Azure AD tenant that syncs with an Active Direct...
- Question 4: You open Microsoft Defender for Cloud as shown in the follow...
- Question 5: You are designing the encryption standards for data at rest ...
- 1 commentQuestion 6: You use Azure Pipelines with Azure Repos to implement contin...
- Question 7: You are evaluating the security of ClaimsApp. For each of th...
- Question 8: You have an Azure subscription that contains a Microsoft Sen...
- Question 9: Your company has an office in Seattle. The company has two A...
- 1 commentQuestion 10: Your company has devices that run either Windows 10, Windows...
- 1 commentQuestion 11: You have an Azure subscription that contains virtual machine...
- Question 12: A customer has a hybrid cloud infrastructure that contains a...
- Question 13: You have an operational model based on the Microsoft Cloud A...
- Question 14: You have an Azure subscription that has Microsoft Defender f...
- Question 15: You have a Microsoft 365 subscription and an Azure subscript...
- 1 commentQuestion 16: Your company has a multi-cloud environment that contains a M...
- 1 commentQuestion 17: Your company plans to evaluate the security of its Azure env...
- Question 18: You have legacy operational technology (OT) devices and loT ...
- 1 commentQuestion 19: You have an Azure subscription. The subscription contains 10...
- 1 commentQuestion 20: Your company plans to follow DevSecOps best practices of the...
- Question 21: You plan to deploy a dynamically scaling, Linux-based Azure ...
- 1 commentQuestion 22: What should you create in Azure AD to meet the Contoso devel...
- 2 commentQuestion 23: You have an Azure subscription that has Microsoft Defender f...
- 1 commentQuestion 24: You are designing a security operations strategy based on th...
- Question 25: You are designing security for a runbook in an Azure Automat...
- Question 26: You have an Azure subscription that has Microsoft Defender f...
- Question 27: You need to recommend a solution to meet the security requir...
- Question 28: Your company uses Microsoft Defender for Cloud and Microsoft...
- Question 29: A customer follows the Zero Trust model and explicitly verif...
- Question 30: Your company is preparing for cloud adoption. You are design...
- 1 commentQuestion 31: You have a customer that has a Microsoft 365 subscription an...
- Question 32: You have an on-premises server that runs Windows Server and ...
- 1 commentQuestion 33: You are designing a security operations strategy based on th...
- 1 commentQuestion 34: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 35: You have an Azure subscription. The subscription contains an...
- Question 36: Your company has an on-premises network, an Azure subscripti...
- 1 commentQuestion 37: Your company is designing an application architecture for Az...
- 1 commentQuestion 38: You use Azure Pipelines with Azure Repos to implement contin...
- Question 39: You are creating the security recommendations for an Azure A...
- Question 40: Note: This question is part of a series of questions that pr...
- Question 41: Your company is moving all on-premises workloads to Azure an...
- 1 commentQuestion 42: You are designing a new Azure environment based on the secur...
- 1 commentQuestion 43: Your company, named Contoso. Ltd... has an Azure AD tenant n...
- 1 commentQuestion 44: Your company plans to deploy several Azure App Service web a...
- 2 commentQuestion 45: Your company plans to follow DevSecOps best practices of the...
- Question 46: You need to recommend a solution to meet the compliance requ...
- 1 commentQuestion 47: You have a multi-cloud environment that contains an Azure su...
- 1 commentQuestion 48: You have an Azure subscription and an on-premises datacenter...
- 1 commentQuestion 49: For a Microsoft cloud environment, you are designing a secur...
- 1 commentQuestion 50: You have a Microsoft 365 E5 subscription and an Azure subscr...
- Question 51: Your company plans to apply the Zero Trust Rapid Modernizati...
- 1 commentQuestion 52: Your company is developing an invoicing application that wil...
- Question 53: Your company has a Microsoft 365 E5 subscription. The Chief ...
- 1 commentQuestion 54: Your company is migrating data to Azure. The data contains P...
- Question 55: You have an Azure subscription that contains several storage...
- Question 56: You need to recommend an identity security solution for the ...
- 1 commentQuestion 57: You need to recommend a solution to evaluate regulatory comp...
- 1 commentQuestion 58: You have a Microsoft 365 subscription and an Azure subscript...
- Question 59: You have an Azure AD tenant that contains 10 Windows 11 devi...
- Question 60: You need to design a solution to provide administrators with...
- 1 commentQuestion 61: You have Windows 11 devices and Microsoft 365 E5 licenses. Y...
- Question 62: You have a hybrid cloud infrastructure. You plan to deploy t...
- Question 63: You need to design a strategy for securing the SharePoint On...
- 1 commentQuestion 64: Your company wants to optimize using Microsoft Defender for ...
- Question 65: You have an Azure subscription. Your company has a governanc...
- 1 commentQuestion 66: You are designing the security standards for a new Azure env...
- 1 commentQuestion 67: You have an Azure subscription that has Microsoft Defender f...
- Question 68: You are designing the encryption standards for data at rest ...
- 1 commentQuestion 69: Your company develops several applications that are accessed...
- Question 70: You are designing the encryption standards for data at rest ...
- Question 71: A customer has a hybrid cloud infrastructure that contains a...
- 1 commentQuestion 72: You are designing a security strategy for providing access t...
- Question 73: Your company develops several applications that are accessed...
- Question 74: You have a Microsoft 365 tenant. Your company uses a third-p...
Recent Comments (The most recent comments are at the top.)
The SC-100 exam dump contains a good set of questions. I passed my certification with it last month. It proved to be a helpful resource for clearing the SC-100 exam. Thank you so much!
No.# Still Soft Delete is for workloads running in Azure only - not on-prem server backups with MARS agents
https://learn.microsoft.com/en-us/azure/backup/backup-azure-security-feature
For Deleted Backups:
A Security PIN for Critical Operations
Why?
For on-premises workloads backed up with the MARS agent, the Security PIN adds an additional layer of protection for critical operations, including deleting backup data.
Even if an administrator account is compromised, a Security PIN must be entered before backups can be deleted, reducing the risk of ransomware attacks deleting the backups.
For Disabled Backups:
Multi-user Authorization by Using Resource Guard
Why?
Resource Guard ensures that disabling backups or modifying critical backup settings requires multi-user authorization (MUA).
This prevents a single compromised administrator account from disabling backups on the MARS agent, ensuring backups remain operational.
No.# Microsoft Cloud Adoption Framework and Threat Modeling:
The Microsoft Cloud Adoption Framework for Azure emphasizes secure development practices, which include threat modeling as an integral part of DevSecOps.
Threat modeling identifies potential threats early in the development process, allowing teams to address them proactively.
Why STRIDE?
The STRIDE model is recommended by Microsoft for threat modeling because it provides a top-down approach to identifying threats. STRIDE stands for:
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
STRIDE is particularly effective in cloud environments for identifying and mitigating risks at various levels of the architecture.
Why Not the Others?
B. DREAD model:
The DREAD model is a risk-ranking framework used to prioritize threats based on Damage, Reproducibility, Exploitability, Affected users, and Discoverability.
While useful for ranking risks, it is not used for initiating threat modeling in a top-down approach.
C. OWASP threat modeling:
OWASP provides excellent resources and frameworks for secure development, but Microsoft's recommendation for threat modeling in Azure environments specifically emphasizes the STRIDE model as a starting point....
No.# B. the STRIDE model
No.# D. Azure Firewall with policy rule sets
No.# Establish Visibility
Enable Automation
Enable additional protection and detection controls
first chars. of last words "V-A-C"
No.# You recommend access restrictions that allow traffic from the Front Door service tags.
No.# Conditional Access Policy
No.# Azure Active Directory (Azure AD) Conditional Access
Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Microsoft Defender for Containers
No.# Rapid Modernization Plan (RaMP) checklist helps you establish a security perimeter for cloud applications and mobile devices that uses identity as the control plane and explicitly validates trust for user accounts and devices before allowing access, for both public and private networks -
No.# . Machine Isolation
This is a crucial step in containing the breach. Isolating the compromised machines from the network prevents the spread of ransomware and other malicious activities.
No.# D confirmed
Tried the below steps
Note: Turn on web content filtering
From the left-hand navigation in Microsoft 365 Defender portal, select Settings > Endpoints > General > Advanced Features. Scroll down until you see the entry for Web content filtering. Switch the toggle to On and Save preferences.
No.# To ensure that only authorized applications can run on the virtual machines and to block unauthorized applications automatically until an administrator authorizes them, you should recommend:
D. Application control policies in Microsoft Defender for Endpoint
Microsoft Defender for Endpoint provides application control policies that allow you to define which applications are allowed or blocked on your Windows machines. You can create rules specifying which applications are authorized to run, and any application that doesn't match these rules can be automatically blocked. This provides a strong layer of security and control over the applications running on your virtual machines.
No.# 1. Azure Policy initiatives to MG
2. Azure Arc
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/initiative-definition-structure
Initiatives enable you to group several related policy definitions to simplify assignments and management because you work with a group as a single item. For example, you can group related tagging policy definitions into a single initiative. Rather than assigning each policy individually, you apply the initiative.
https://learn.microsoft.com/en-us/azure/azure-arc/overview
Azure Arc simplifies governance and management by delivering a consistent multicloud and on-premises management platform.
No.# Purview and Defender for Cloud; "The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data.
Classifications and labels applied to data resources in Microsoft Purview are ingested into Microsoft Defender for Cloud, which provides valuable context for protecting resources. Microsoft Defender for Cloud uses the resource classifications and labels to identify potential attack paths and security risks related to sensitive data. The resources in the Defender for Cloud's Inventory and Alerts pages are also enriched with the classifications and labels discovered by Microsoft Purview, so your security teams can filter and focus to prioritize protecting your most sensitive assets."
Defender for Cloud collects, analyzes, and integrates log data from your Azure, hybrid, and multicloud resources, the network, and connected partner solutions, such as firewalls and endpoint agents. Defender for Cloud uses the log data to detect real threats and reduce false positives. A list of prioritized security alerts is shown in Defender for Cloud along with the information you need to quickly investigate the problem and the steps to take to remediate an attack....
No.# Role to assign the Fabrikam helpdesk users for contoso.com:
Password Administrator
This role allows users to reset passwords for non-administrative accounts in the directory, aligning with the principle of least privilege.
To restrict the scope of the role assignments for the Fabrikam helpdesk users, use:
An administrative unit
Administrative units allow you to scope role assignments to specific subsets of users or resources, ensuring access is limited to only the required accounts at Contoso.
Role to assign to the Fabrikam helpdesk users to reset the Contoso user passwords:
Password Administrator
The Password Administrator role is specifically designed for resetting passwords for non-administrative users.
No.# B. Azure AD Privileged Identity Management (PIM)
No.# I recommend configuring Azure AD Conditional Access and using smart account lockout in Azure AD B2C.
Azure AD Conditional Access allows you to set policies that determine when and how users can access your application. By integrating Azure AD Conditional Access with user flows and custom policies, you can define rules that ensure only authenticated users can access the application, and you can also set up multifactor authentication for additional security.
Smart account lockout in Azure AD B2C is a feature that helps protect against brute-force attacks by temporarily locking out accounts after a certain number of failed login attempts. This can help prevent unauthorized access to the application by preventing attackers from guessing login credentials.
No.# Selection 1: Microsoft 365 Defender (Microsoft Defender for Endpoint is part of it).
Selection 2: Microsoft Defender for Cloud.
Selection 3: Microsoft Defender for Cloud.
Microsoft 365 Defender includes both of those and quite a bit else.
https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide
"Here's a list of the different Microsoft 365 Defender products and solutions:
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender Vulnerability Management
Azure Active Directory Identity Protection
Microsoft Data Loss Prevention
App Governance
Microsoft Defender for Cloud"
No.# Exfiltration of data - Defender for Cloud Apps
Data across domains - Defender for Identity
Reference: MCRA Slide 15