Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

SC-100 Microsoft Cybersecurity Architect Questions and Answers

Questions 4

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 4

Options:

Buy Now
Questions 5

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 5

Options:

Buy Now
Questions 6

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 6

Options:

Buy Now
Questions 7

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Buy Now
Questions 8

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

SC-100 Question 8

Options:

Buy Now
Questions 9

You need to recommend a solution to meet the compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 9

Options:

Buy Now
Questions 10

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Buy Now
Questions 11

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Buy Now
Questions 12

You need to recommend a solution to meet the AWS requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 12

Options:

Buy Now
Questions 13

What should you create in Azure AD to meet the Contoso developer requirements?

SC-100 Question 13

Options:

Buy Now
Questions 14

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Buy Now
Questions 15

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Buy Now
Questions 16

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Buy Now
Questions 17

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 17

Options:

Buy Now
Questions 18

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Buy Now
Questions 19

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

SC-100 Question 19

Options:

Buy Now
Questions 20

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 20

Options:

Buy Now
Questions 21

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Buy Now
Questions 22

You have an Azure subscription that contains multiple Azure Data Lake Storage accounts.

You need to recommend a solution to encrypt the content of the accounts by using service-side encryption and customer-managed keys. The solution must ensure that individual encryption keys are applied at the most granular level.

At which level should you recommend the encryption be applied?

Options:

A.

account

B.

folder

C.

file

D.

container

Buy Now
Questions 23

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).

You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment

What should you include during the application design phase?

Options:

A.

static application security testing (SAST) by using SonarQube

B.

dynamic application security testing (DAST) by using Veracode

C.

threat modeling by using the Microsoft Threat Modeling Tool

D.

software decomposition by using Microsoft Visual Studio Enterprise

Buy Now
Questions 24

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Options:

A.

Azure Active Directory (Azure AD) Conditional Access App Control policies

B.

OAuth app policies in Microsoft Defender for Cloud Apps

C.

app protection policies in Microsoft Endpoint Manager

D.

application control policies in Microsoft Defender for Endpoint

Buy Now
Questions 25

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

SC-100 Question 25

Options:

Buy Now
Questions 26

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options:

A.

an Azure AD enterprise application

B.

a retying party trust in Active Directory Federation Services (AD FS)

C.

Azure AD Application Proxy

D.

Azure AD B2C

Buy Now
Questions 27

You have the Azure subscriptions shown in the following table.

SC-100 Question 27

The tenants contain the groups shown in the following table.

SC-100 Question 27

You perform the following actions:

• Configure multi-user authorization (MUA) for Vault1 by using a resource guard deployed to Sub2.

• Enable all available MUA controls for Vault1.

• In contoso.com, create a Privileged Identity Management (PIM) assignment named Assignment1.

• Configure Assignment1 to enable Group! to activate the Contributor role for Vault1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

SC-100 Question 27

Options:

Buy Now
Questions 28

You have a multicloud environment that contains Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) subscriptions.

You need to discover and review role assignments across the subscriptions.

What should you use?

Options:

A.

Microsoft Entra Permissions Management

B.

Microsoft Defender for Identity

C.

Azure Lighthouse

D.

Microsoft Entra ID Governance

Buy Now
Questions 29

You have a Microsoft 365 E5 subscription that uses Microsoft Exchange Online.

You need to recommend a solution to prevent malicious actors from impersonating the email addresses of internal senders.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 29

Options:

Buy Now
Questions 30

You are designing a privileged access strategy for a company named Contoso, Ltd. and its partner company named Fabrikam, Inc. Contoso has a Microsoft Entra tenant named contoso.com. Fabrikam has a Microsoft Entra tenant named fabrikam.com. Users at Fabrikam must access the resources in contoso.com.

You need to provide the Fabrikam users with access to the Contoso resources by using access packages. The solution must meet the following requirements:

• Ensure that the Fabrikam users can use the Contoso access packages without explicitly creating guest accounts in contoso.com.

• Allow non-administrative users in contoso.com to create the access packages.

What should you use for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 30

Options:

Buy Now
Questions 31

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.

What should you use?

Options:

A.

Azure Blueprints

B.

the regulatory compliance dashboard in Defender for Cloud

C.

Azure role-based access control (Azure RBAC)

D.

Azure Policy

Buy Now
Questions 32

Your company has on-premises Microsoft SQL Server databases.

The company plans to move the databases to Azure.

You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.

What should you include in the recommendation?

Options:

A.

Azure SQL Managed Instance

B.

Azure Synapse Analytics dedicated SQL pools

C.

Azure SQL Database

D.

SQL Server on Azure Virtual Machines

Buy Now
Questions 33

Your company has a Microsoft 365 E5 subscription.

The company plans to deploy 45 mobile self-service kiosks that will run Windows 10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements:

• Ensure that only authorized applications can run on the kiosks.

• Regularly harden the kiosks against new threats.

Which two actions should you include in the recommendations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

Onboard the kiosks to Azure Monitor.

B.

Implement Privileged Access Workstation (PAW) for the kiosks.

C.

Implement Automated Investigation and Remediation (AIR) in Microsoft Defender for Endpoint.

D.

Implement threat and vulnerability management in Microsoft Defender for Endpoint.

E.

Onboard the kiosks to Microsoft Intune and Microsoft Defender for Endpoint.

Buy Now
Questions 34

You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos.

You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos.

What should you include in the recommendation?

Options:

A.

Gatekeeper

B.

Dependency Tracker

C.

Dependency

D.

Flux

Buy Now
Questions 35

You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CO) workflows.

You need to recommend best practices to secure the stages of the CI/CD workflows based on the Microsoft Cloud Adoption Framework for Azure.

What should you include in the recommendation for each stage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 35

Options:

Buy Now
Questions 36

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 36

Options:

Buy Now
Questions 37

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a group named Group1 and five servers that run Windows Server. Each server contains a standalone app. Each app is used by the members of Group1.

You have a Microsoft Entra tenant that syncs with the domain.

You plan to manage access to the apps by deploying Global Secure Access. You will use a Conditional Access policy to enforce security controls for all connections to the apps.

You need to recommend a Global Secure Access app and Microsoft Entra private network connector configuration for the planned deployment. The solution must minimize administrative effort and be highly available.

What is the minimum number of Global Secure Access apps and private network connectors you should recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 37

Options:

Buy Now
Questions 38

You have a Microsoft 365 £5 subscription.

You plan to implement Microsoft Priva Subject Rights Requests for Microsoft 365 data.

You need to streamline the creation and processing of subject rights requests. The solution must minimize development effort.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 38

Options:

Buy Now
Questions 39

You have an Azure subscription that contains 100 virtual machines, a virtual network named VNet1, and 20 users. The virtual machines run Windows Server and are connected to VNet1. The users work remotely and access Azure resources from Linux workstations.

You need to ensure that the users can connect to the virtual machines from the workstations by using Secure Shell {SSH). The solution must meet the following requirements:

• Ensure that the users authenticate by using their Microsoft Entra credentials.

• Prevent the users from transferring files from the virtual machines by using SSH.

• Prevent the users from directly accessing the virtual machines by using the public IP address of the virtual machines.

What should you include in the solution?

Options:

A.

Azure Bastion

B.

Azure NAT Gateway

C.

just-in-time (JIT) VM access

D.

Point-to-Site (P2S) VPN

Buy Now
Questions 40

You have an Azure subscription and an Azure DevOps organization.

You need to recommend a solution for connecting Azure DevOps pipelines to the resources in the subscription by using Azure Resource Manager (ARM) service connections. The solution must align with Microsoft Cloud Adoption Framework for Azure best practices, including the principle of least privilege.

What should you include in the recommendation?

Options:

A.

workload identity federation and system-assigned managed identities

B.

service principals and secrets

C.

workload identity federation and user-assigned managed identities

D.

workload identity federation and service principals

Buy Now
Questions 41

You have an Azure subscription that contains multiple storage accounts. The accounts contain Azure Files shares and Azure Blob Storage containers. The accounts have encryption scopes and infrastructure encryption enabled.

You need to implement customer-managed key-based encryption for the shares and the containers. The solution must ensure that the encryption keys are applied at the most granular level.

At which level should you apply the encryption keys? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 41

Options:

Buy Now
Questions 42

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1.

Your perimeter network contains a server named Server1 that runs Windows Server.

You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.

You plan to implement a security solution that will include the following configurations:

• Manage access to App1 by using Microsoft Entra Private Access.

• Deploy a Microsoft Entra application proxy connector to Server1.

• Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.

• For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:

o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.

o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.

o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.

o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.

You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.

Which rule should you remove?

Options:

A.

Rule1

B.

Rule2

C.

Rule3

D.

Rule4

Buy Now
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Sep 3, 2025
Questions: 228

PDF + Testing Engine

$61.25  $174.99

Testing Engine

$47.25  $134.99
buy now SC-100 testing engine

PDF (Q&A)

$40.25  $114.99
buy now SC-100 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 03 Sep 2025