Free Microsoft Cybersecurity Architect Exam SC-100 Exam Practice Test

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?

• From Defender for Cloud, review the Azure security baseline for audit report.
• From Defender for Cloud, review the secure score recommendations.
• From Azure Policy, assign a built-in initiative that has a scope of the subscription.
• From Defender for Cloud, enable Defender for Cloud plans.

Your company has on-premises Microsoft SQL Server databases. The company plans to move the databases to Azure.You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solutionmust minimize costs.What should you include in the recommendation?

• Azure SQL Managed Instance
• Azure Synapse Analytics dedicated SQL pools
• Azure SQL Database
• SQL Server on Azure Virtual Machines

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.What should you include in the recommendation?

• Apply read-only locks on the storage accounts.
• Set the AllowSharcdKeyAccess property to false.
• Set the AllowBlobPublicAcccss property to false.
• Configure automated key rotation.

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender andMicrosoft Defender for Cloud are enabled.The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.Which security control should you recommend?

• Azure Active Directory (Azure AD) Conditional Access App Control policies
• OAuth app policies in Microsoft Defender for Cloud Apps
• app protection policies in Microsoft Endpoint Manager
• application control policies in Microsoft Defender for Endpoint

You have an Azure subscription.Your company has a governance requirement that resources must be created in the West Europe or North Europe Azure regions.What should you recommend using to enforce the governance requirement?

• regulatory compliance standards in Microsoft Defender for Cloud
• custom Azure roles
• Azure Policy assignments
• Azure management groups

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune.You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.The Security Administrator role will be mapped to the privileged access security level.The users in Group1 will be assigned the Security Administrator role.The users in Group2 will manage the privileged access devices.You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.What should you include in the solution?

• Only add Group2 to the local Administrators group.
• Configure Windows Local Administrator Password Solution (Windows LAPS) in legacy Microsoft LAPS emulation mode.
• Add Group2 to the local Administrators group. Add the user that is assigned the Security Administrator role to the local Administrators group of the user's assigned privileged access device.

You have Microsoft Defender for Cloud assigned to Azure management groups. You have a Microsoft Sentinel deployment.During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

• workload protections in Defender for Cloud
• threat intelligence reports in Defender for Cloud
• Microsoft Sentinel notebooks
• Microsoft Sentinel threat intelligence workbooks

You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications.You need to recommend a deployment solution that includes network security groups (NSGs) Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure.What should you include in the recommendation?

• the Azure landing zone accelerator
• the Azure Will-Architected Framework
• Azure Security Benchmark v3
• Azure Advisor

A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer.You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score.Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• Configure auto provisioning.
• Assign regulatory compliance policies.
• Review the inventory.
• Add a workflow automation.
• Enable Defender plans.

You have a Microsoft 365 E5 subscription.You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared.Which two components should you include in the recommendation? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

• data loss prevention (DLP) policies
• sensitivity label policies
• retention label policies
• eDiscovery cases