Exam SC-100: Microsoft Cybersecurity Architect
Exam Number: SC-100 | Length of test: 120 mins |
Exam Name: Microsoft Cybersecurity Architect | Number of questions in the actual exam: 40-60 |
Format: PDF, VPLUS | Passing Score: 700/1000 |
Total Questions: 177 $30 Premium PDF file 2 months updates Last updated: November-2024 |
Total Questions: 177 FREE Premium VPLUS file Last updated: November-2024 |
Download practice test questions
Title | Size | Hits | Download |
---|---|---|---|
Microsoft.SC-100.vSep-2024.by.Tany.102q | 4.43 MB | 58 | Download |
Microsoft.SC-100.vSep-2024.by.Tany.102q | 8.56 MB | 41 | Download |
Microsoft.SC-100.vFeb-2024.by.Hikita.95q | 3.93 MB | 75 | Download |
Microsoft.SC-100.vNov-2023.by.Lan.58q | 2.46 MB | 61 | Download |
Study guide for Exam SC-100: Microsoft Cybersecurity Architect
Audience profile
As a Microsoft cybersecurity architect, you translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. You design, guide the implementation of, and maintain security solutions that follow Zero Trust principles and best practices, including security strategies for identity, devices, data, AI, applications, network, infrastructure, and DevOps. Plus, you design solutions for Governance and Risk Compliance (GRC), security operations, and security posture management.
As a cybersecurity architect, you continuously collaborate with leaders and practitioners in security, privacy, engineering, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of an organization.
As a candidate for this exam, you have experience implementing or administering solutions in the following areas: identity and access, platform protection, security operations, data and AI security, application security, and hybrid and multicloud infrastructures. You should have expert skills in at least one of those areas, and you should have experience designing security solutions that include Microsoft security technologies.
Skills at a glance
Design solutions that align with security best practices and priorities (20–25%)
- Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices
- Design solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)
- Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework
Design security operations, identity, and compliance capabilities (25–30%)
- Design solutions for security operations
- Design solutions for identity and access management
- Design solutions for securing privileged access
- Design solutions for regulatory compliance
Design security solutions for infrastructure (25–30%)
- Design solutions for security posture management in hybrid and multicloud environments
- Specify requirements for securing server and client endpoints
- Specify requirements for securing SaaS, PaaS, and IaaS services
- Evaluate solutions for network security and Security Service Edge (SSE)
Design security solutions for applications and data (20–25%)
- Evaluate solutions for securing Microsoft 365
- Design solutions for securing applications
- Design solutions for securing an organization’s data
Some new questons:
Q
You design cloud-based software as a service (SaaS) solutions.
You need to recommend ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend doing first?
A. Implement data protection.
B. Develop a privileged access strategy.
C. Prepare a recovery plan.
D. Develop a privileged identity strategy.
Q
HOTSPOT
You plan to deploy a dynamically scaling, Linux-based Azure Virtual Machine Scale Set that will host jump servers. The jump servers will be used by support staff who connect f personal and kiosk devices via the internet. The subnet of the jump servers will be associated to a network security group (NSG)
You need to design an access solution for the Azure Virtual Machine Scale Set. The solution must meet the following requirements:
* Ensure that each time the support staff connects to a jump server; they must request access to the server.
* Ensure that only authorized support staff can initiate SSH connections to the jump servers.
* Maximize protection against brute-force attacks from internal networks and the internet.
* Ensure that users can only connect to the jump servers from the internet.
* Minimize administrative effort
What should you include in the solution? To answer, select the appropriate options in the answer area.
Q
You have legacy operational technology (OT) devices and loT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
A. passive traffic monitoring
B. active scanning
C. threat monitoring
D. software patching
Q
You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.
You need to enhance security on the virtual machines. The solution must meet the following requirements:
* Ensure that only apps on an allowlist can be run.
* Require administrators to confirm each app added to the allowlist.
* Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.
* Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.
What should you include in the solution?
A. a compute policy in Azure Policy
B. admin consent settings for enterprise applications in Azure AD
C. adaptive application controls in Defender for Servers
D. app governance in Microsoft Defender for Cloud Apps
Q
HOTSPOT
You plan to automate the development and deployment of a Nodejs-based app by using GitHub.
You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:
* Automate the generation of pull requests that remediate identified vulnerabilities.
* Automate vulnerability code scanning for public and private repositories.
* Minimize administrative effort.
* Minimize costs.
What should you recommend using? To answer, select the appropriate options in the answer area.
Q
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.
What should you use?
A. Azure Blueprints
B. the regulatory compliance dashboard in Defender for Cloud
C. Azure role-based access control (Azure RBAC)
D. Azure Policy
…………….