Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Q52-Q76] TestSimulate SC-100 Real Exam Question Answers Updated [Jan 22, 2023]

[Q52-Q76] TestSimulate SC-100 Real Exam Question Answers Updated [Jan 22, 2023]

Share

TestSimulate SC-100 Real Exam Question Answers Updated [Jan 22, 2023]

Easily To Pass New Microsoft SC-100 Dumps with 119 Questions


Schedule exam

Languages: English

Retirement date: none

This exam measures your ability to accomplish the following technical tasks: design a Zero Trust strategy and architecture; evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies; design security for infrastructure; and design a strategy for data and applications.


What is Microsoft SC-100 Certification Exam

The Microsoft Certified Cybersecurity Architect (Beta) certification validates your ability to design, architect, and implement an enterprise-scale, secure information technology architecture for use in the cloud. The certification is targeted at architects with experience designing enterprise-scale systems, who are responsible for the security of that system.

The exam tests your ability to understand how security considerations should be integrated into IT architecture design and implementation. You'll need a deep understanding of how to integrate security into an IT solution that has been designed from the ground up with security as a primary objective. You will also need to demonstrate knowledge of how to build secure systems using cloud technologies such as Azure Stack. There are a number of ways to mitigate threats to security engineering solutions. Baseline encryption service advanced platform products privacy can be translated into many different languages, so that it can be understood by anyone who wishes to read it. Mitigating threats solution must meet to highly recommend checking correct selection. Wide benchmarks zone includes priorities container store. Microsoft SC-100 exam dumps are the most trusted and affordable way to pass your Microsoft certification exams and get certified.

 

NEW QUESTION 52
Your company has on-premises Microsoft SQL Server databases.
The company plans to move the databases to Azure.
You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.
What should you include in the recommendation?

  • A. Azure SQL Managed Instance
  • B. Azure SQL Database
  • C. Azure Synapse Analytics dedicated SQL pools
  • D. SQL Server on Azure Virtual Machines

Answer: D

 

NEW QUESTION 53
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 54
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 55
You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?

  • A. Storage account public access should be disallowed
  • B. Storage accounts should prevent shared key access
  • C. Azure Key Vault Managed HSM should have purge protection enabled
  • D. Storage account keys should not be expired

Answer: A

Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent

 

NEW QUESTION 56
Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 57
You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).
Does this meet the goal?

  • A. No
  • B. Yes

Answer: B

 

NEW QUESTION 58
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
* User accounts that were potentially compromised
* Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.

Answer:

Explanation:

Explanation
Graphical user interface, application Description automatically generated

 

NEW QUESTION 59
Your company has the virtual machine infrastructure shown in the following table.

The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.
You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.
What should you include in the recommendation?

  • A. Require PINs to disable backups.
  • B. Implement Azure Site Recovery replication.
  • C. Use geo-redundant storage (GRS).
  • D. Use customer-managed keys (CMKs) for encryption.

Answer: A

 

NEW QUESTION 60
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
* User accounts that were potentially compromised
* Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.

Answer:

Explanation:

 

NEW QUESTION 61
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components:
* Azure loT Edge devices
* AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 62
You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

  • A. Enable the Qualys scanner in Defender for Cloud.
  • B. Create a device compliance policy in Microsoft Endpoint Manager.
  • C. Onboard the virtual machines to Microsoft Defender for Endpoint.
  • D. Onboard the virtual machines to Azure Arc.

Answer: A,C

 

NEW QUESTION 63
You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.

  • A. Assign an initiative to a management group.
  • B. Assign a blueprint to each subscription.
  • C. Assign a blueprint to a management group.
  • D. Assign an initiative to each subscription.
  • E. Assign a policy to each subscription.
  • F. Assign a policy to a management group.

Answer: C,E

 

NEW QUESTION 64
You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer are
a. NOTE; Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 65
Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud
* Access to storage accounts with firewall and virtual network configurations should be restricted,
* Storage accounts should restrict network access using virtual network rules.
* Storage account should use a private link connection.
* Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

  • A. Azure Network Watcher
  • B. Microsoft Sentinel
  • C. Azure Storage Analytics
  • D. Azure Policy

Answer: D

 

NEW QUESTION 66
You have Windows 11 devices and Microsoft 365 E5 licenses.
You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites. What should you include in the recommendation?

  • A. Microsoft Defender for Cloud Apps
  • B. Microsoft Endpoint Manager
  • C. Compliance Manager
  • D. Microsoft Defender for Endpoint

Answer: D

Explanation:
Explanation
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-wo

 

NEW QUESTION 67
Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation?

  • A. custom user tags
  • B. sensitivity labels
  • C. standalone sensors
  • D. honeytoken entity tags

Answer: D

Explanation:
Explanation
https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide#honeytoken-activity The Sensitive tag is used to identify high value assets.(user / devices / groups)Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. and Defender for Identity considers Exchange servers as high-value assets and automatically tags them as Sensitive

 

NEW QUESTION 68
You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 69
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
* User accounts that were potentially compromised
* Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.

Answer:

Explanation:

 

NEW QUESTION 70
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening. Does this meet the goal?

  • A. No
  • B. Yes

Answer: B

 

NEW QUESTION 71
You are designing an auditing solution for Azure landing zones that will contain the following components:
* SQL audit logs for Azure SQL databases
* Windows Security logs from Azure virtual machines
* Azure App Service audit logs from App Service web apps
You need to recommend a centralized logging solution for the landing zones. The solution must meet the following requirements:
* Log all privileged access.
* Retain logs for at least 365 days.
* Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 72
You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (O/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure. What should you recommend?

  • A. unit testing
  • B. threat modeling
  • C. dependency checks
  • D. penetration testing

Answer: C

 

NEW QUESTION 73
Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud
* Access to storage accounts with firewall and virtual network configurations should be restricted,
* Storage accounts should restrict network access using virtual network rules.
* Storage account should use a private link connection.
* Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

  • A. Azure Network Watcher
  • B. Microsoft Sentinel
  • C. Azure Storage Analytics
  • D. Azure Policy

Answer: D

Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline

 

NEW QUESTION 74
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 75
You are creating the security recommendations for an Azure App Service web app named App1.
App1 has the following specifications:
* Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
* Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer are
a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 76
......

Latest SC-100 Study Guides 2023 - With Test Engine PDF: https://www.testsimulate.com/SC-100-study-materials.html

Related Blogs

more
Go To SC-100 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.