Free Microsoft Cybersecurity Architect Exam SC-100 Exam Practice Test

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• Azure AD Conditional Access integration with user flows and custom policies
• Azure AD workbooks to monitor risk detections
• custom resource owner password credentials (ROPC) flows in Azure AD B2C
• access packages in Identity Governance
• smart account lockout in Azure AD B2C

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices:* Computers that run either Windows 10 or Windows 11* Tablets and phones that run either Android or iOSYou need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?

• eDiscovery
• retention policies
• Compliance Manager
• Microsoft Information Protection

You are designing the encryption standards for data at rest for an Azure resourceYou need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.Solution: For blob containers in Azure Storage, you recommend encryption that uses customer-managed keys (CMKs).Does this meet the goal?

• Yes
• No

You have an Azure subscription that has Microsoft Defender for Cloud enabled.You are evaluating the Azure Security Benchmark V3 report.In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.You need to recommend configurations to increase the score of the Secure management ports controls.Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.Does this meet the goal?

• Yes
• No

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

• an Azure AD enterprise application
• a retying party trust in Active Directory Federation Services (AD FS)
• Azure AD Application Proxy
• Azure AD B2C

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.Solution: You recommend access restrictions that allow traffic from the Front Door service tags.Does this meet the goal?

• Yes
• No

Azure subscription that uses Azure Storage.The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be t\me-Vim\ted. What should you include in the recommendation?

• Create shared access signatures (SAS).
• Share the connection string of the access key.
• Configure private link connections.
• Configure encryption by using customer-managed keys (CMKs)

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

• Security Assertion Markup Language (SAML)
• NTLMv2
• certificate-based authentication
• Kerberos

You have a Microsoft 365 tenant.Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:* Users must be able to request access to App1 by using a self-service request.* When users request access to App1, they must be prompted to provide additional information about their request.* Every three months, managers must verify that the users still require access to Appl.What should you include in the design?

• Azure AD Application Proxy
• connected apps in Microsoft Defender for Cloud Apps
• Microsoft Entra Identity Governance
• access policies in Microsoft Defender for Cloud Apps

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD)The customer plans to obtain an Azure subscription and provision several Azure resources.You need to evaluate the customer's security environment.What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

• role-based authorization
• Azure AD Privileged Identity Management (PIM)
• resource-based authorization
• Azure AD Multi-Factor Authentication