Exam SC-100: Microsoft Cybersecurity Architect
| Exam Number: SC-100 | Length of test: 120 mins |
| Exam Name: Microsoft Cybersecurity Architect | Number of questions in the actual exam: 40-60 |
| Format: PDF, VPLUS | Passing Score: 700/1000 |
|
Total Questions: 177 $30 Premium PDF file 2 months updates Last updated: March-2025 |
Total Questions: 177 FREE Premium VPLUS file Last updated: March-2025 |
Download practice test questions
| Title | Size | Hits | Download |
|---|---|---|---|
| Microsoft.SC-100.vSep-2024.by.Tany.102q | 4.43 MB | 87 | Download |
| Microsoft.SC-100.vSep-2024.by.Tany.102q | 8.56 MB | 64 | Download |
| Microsoft.SC-100.vFeb-2024.by.Hikita.95q | 3.93 MB | 96 | Download |
| Microsoft.SC-100.vNov-2023.by.Lan.58q | 2.46 MB | 85 | Download |
Study guide for Exam SC-100: Microsoft Cybersecurity Architect
Audience profile
As a Microsoft cybersecurity architect, you translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. You design, guide the implementation of, and maintain security solutions that follow Zero Trust principles and best practices, including security strategies for identity, devices, data, AI, applications, network, infrastructure, and DevOps. Plus, you design solutions for Governance and Risk Compliance (GRC), security operations, and security posture management.
As a cybersecurity architect, you continuously collaborate with leaders and practitioners in security, privacy, engineering, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of an organization.
As a candidate for this exam, you have experience implementing or administering solutions in the following areas: identity and access, platform protection, security operations, data and AI security, application security, and hybrid and multicloud infrastructures. You should have expert skills in at least one of those areas, and you should have experience designing security solutions that include Microsoft security technologies.
Skills at a glance
Design solutions that align with security best practices and priorities (20–25%)
- Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices
- Design solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)
- Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework
Design security operations, identity, and compliance capabilities (25–30%)
- Design solutions for security operations
- Design solutions for identity and access management
- Design solutions for securing privileged access
- Design solutions for regulatory compliance
Design security solutions for infrastructure (25–30%)
- Design solutions for security posture management in hybrid and multicloud environments
- Specify requirements for securing server and client endpoints
- Specify requirements for securing SaaS, PaaS, and IaaS services
- Evaluate solutions for network security and Security Service Edge (SSE)
Design security solutions for applications and data (20–25%)
- Evaluate solutions for securing Microsoft 365
- Design solutions for securing applications
- Design solutions for securing an organization’s data
Some new sample questions:
Question:
You have a Microsoft 365 tenant that uses Microsoft SharePoint Online and Microsoft Purview. Microsoft Purview has a sensitivity label named Label1 that is applied to the files stored on SharePoint Online sites.
You need to recommend a Microsoft Purview Data Loss Prevention (DLP) policy that meets the following requirements:
* Prevents users from uploading the files to third-party external websites
* Allows users to upload the files to Microsoft OneDrive for Business
To which location should you apply the DLP policy?
A. Devices
B. OneDrive accounts
C. SharePoint sites
D. Microsoft Defender for Cloud Apps
Question:
Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1.
Your perimeter network contains a server named Server1 that runs Windows Server.
You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.
You plan to implement a security solution that will include the following configurations:
* Manage access to App1 by using Microsoft Entra Private Access.
* Deploy a Microsoft Entra application proxy connector to Server1.
* Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.
* For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:
o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.
o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.
o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.
o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.
You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.
Which rule should you remove?
A. Rule1
B. Rule2
C. Rule3
D. Rule4
Question:
You have a Microsoft Entra tenant. The tenant contains 500 Windows devices that have the Global Secure Access client deployed.
You have a third-party software as a service (SaaS) app named App1.
You plan to implement Global Secure Access to manage access to App1.
You need to recommend a solution to manage connections to App1. The solution must ensure that users authenticate by using their Microsoft Entra credentials before they can connect to App1.
What should you include the recommendation?
A. a Global Secure Access app
B. a private access traffic forwarding profile
C. an internet access traffic forwarding profile
D. a Quick Access app
Question:
You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.
You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.
What should you recommend?
A. The AKS cluster version must be upgraded.
B. The updates must first be applied to the image used to provision the nodes.
C. The nodes must restart after the updates are applied.
…………
Is the premium file 100% valid?
Hi,
Exam SC-100 valid +95%.
Thanks
Some new questons:
Q
You design cloud-based software as a service (SaaS) solutions.
You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend doing first?
A. Implement data protection.
B. Develop a privileged access strategy.
C. Prepare a recovery plan.
D. Develop a privileged identity strategy.
Q
HOTSPOT
You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG)
You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:
* Ensure that each time the support staff connects to a jump server; they must request access to the server.
* Ensure that only authorized support staff can initiate SSH connections to the jump servers.
* Maximize protection against brute-force attacks from internal networks and the internet.
* Ensure that users can only connect to the jump servers from the internet.
* Minimize administrative effort
What should you include in the solution? To answer, select the appropriate options in the answer area.
Q
You have legacy operational technology (OT) devices and loT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
A. passive traffic monitoring
B. active scanning
C. threat monitoring
D. software patching
Q
You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.
You need to enhance security on the virtual machines. The solution must meet the following requirements:
* Ensure that only apps on an allowlist can be run.
* Require administrators to confirm each app added to the allowlist.
* Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.
* Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.
What should you include in the solution?
A. a compute policy in Azure Policy
B. admin consent settings for enterprise applications in Azure AD
C. adaptive application controls in Defender for Servers
D. app governance in Microsoft Defender for Cloud Apps
Q
HOTSPOT
You plan to automate the development and deployment of a Nodejs-based app by using GitHub.
You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:
* Automate the generation of pull requests that remediate identified vulnerabilities.
* Automate vulnerability code scanning for public and private repositories.
* Minimize administrative effort.
* Minimize costs.
What should you recommend using? To answer, select the appropriate options in the answer area.
Q
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.
What should you use?
A. Azure Blueprints
B. the regulatory compliance dashboard in Defender for Cloud
C. Azure role-based access control (Azure RBAC)
D. Azure Policy
…………….