Microsoft Cybersecurity Architect (SC-100) Free Practice Test
Question 1
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains 500 Windows 11 devices.
You have a Microsoft 365 subscription and an Azure subscription.
You have a Microsoft Entra tenant that syncs with the domain and is linked to the subscriptions. The devices are Microsoft Entra hybrid joined.
You plan to deploy a solution to mitigate attacks against privileged accounts. The solution will include Microsoft Sentinel rules that will detect attempts to use fake cached credentials.
You need to recommend a solution to create the fake cached credentials on client computers.
What should you recommend?
You have a Microsoft 365 subscription and an Azure subscription.
You have a Microsoft Entra tenant that syncs with the domain and is linked to the subscriptions. The devices are Microsoft Entra hybrid joined.
You plan to deploy a solution to mitigate attacks against privileged accounts. The solution will include Microsoft Sentinel rules that will detect attempts to use fake cached credentials.
You need to recommend a solution to create the fake cached credentials on client computers.
What should you recommend?
Correct Answer: B
Question 2
You have an Azure subscription that contains a resources group named RG1. RG1 contains multiple Azure Files shares.
You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:
* Prevent the deletion of backups and the vault used to store the backups.
* Prevent privilege escalation attacks against the backup solution.
* Prevent the modification of the backup retention period.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to recommend a solution to deploy a backup solution for the shares. The solution must meet the following requirements:
* Prevent the deletion of backups and the vault used to store the backups.
* Prevent privilege escalation attacks against the backup solution.
* Prevent the modification of the backup retention period.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
Question 3
You have an Azure Storage account named storage1.
You plan to secure storage1 by using a Bring Your Own Key (BYOK) strategy.
You create an Azure key vault named AKV1 and upload a compatible key.
You need to configure storage1 to use the key stored in AKV1 for encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You plan to secure storage1 by using a Bring Your Own Key (BYOK) strategy.
You create an Azure key vault named AKV1 and upload a compatible key.
You need to configure storage1 to use the key stored in AKV1 for encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
Question 4
You have 500 Windows 11 devices and 200 macOS devices. The devices are managed by using Microsoft Intune and are subject to compliance policies.
You plan to deploy the following Intune features:
* Security baselines
* Remote lock of noncompliant devices
Which feature will be supported by each platform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to deploy the following Intune features:
* Security baselines
* Remote lock of noncompliant devices
Which feature will be supported by each platform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Question 5
Your company has the virtual machine infrastructure shown in the following table.
The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.
You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.
What should you include in the recommendation?
The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.
You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.
What should you include in the recommendation?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 6
Your company has a hybrid cloud infrastructure.
Data and applications are moved regularly between cloud environments.
The company ' s on-premises network is managed as shown in the following exhibit.
You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements:
* Govern virtual machines and servers across multiple environments.
* Enforce standards for all the resources across all the environment across the Azure policy.
Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
Data and applications are moved regularly between cloud environments.
The company ' s on-premises network is managed as shown in the following exhibit.
You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements:
* Govern virtual machines and servers across multiple environments.
* Enforce standards for all the resources across all the environment across the Azure policy.
Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
Correct Answer: C,D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
You have a Microsoft 365 subscription.
You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
You need to recommend a solution that automatically restricts access to Microsoft Exchange Online.
SharePoint Online, and Teams m near-real-lime (NRT) in response to the following Azure AD events:
* A user account is disabled or deleted
* The password of a user is changed or reset.
* All the refresh tokens for a user are revoked
* Multi-factor authentication (MFA) is enabled for a user
Which two features should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
You need to recommend a solution that automatically restricts access to Microsoft Exchange Online.
SharePoint Online, and Teams m near-real-lime (NRT) in response to the following Azure AD events:
* A user account is disabled or deleted
* The password of a user is changed or reset.
* All the refresh tokens for a user are revoked
* Multi-factor authentication (MFA) is enabled for a user
Which two features should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer: A,C
Question 8
Your company has a main office and 10 branch offices. Each branch office contains an on-premises file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The devices are enrolled in Microsoft Intune.
You have a Microsoft Entra tenant.
You need to deploy Global Secure Access to implement web filtering for device traffic to the internet The solution must ensure that all the web traffic from the devices in the branch offices is controlled by using Global Secure Access.
What should you do first in each branch office?
You have a Microsoft Entra tenant.
You need to deploy Global Secure Access to implement web filtering for device traffic to the internet The solution must ensure that all the web traffic from the devices in the branch offices is controlled by using Global Secure Access.
What should you do first in each branch office?
Correct Answer: A
Question 9
You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.
You use Microsoft Defender XDR to manage the tenants of your company ' s customers.
You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:
* The Group1 users must only be assigned the Security Operator role for the customer tenants.
* The users in Group2 must be able to assign the Security Operators role to the Group1 users for the customer tenants.
* The use of guest accounts must be minimized.
* Administrative effort must be minimized.
What should you include in the solution?
You use Microsoft Defender XDR to manage the tenants of your company ' s customers.
You need to ensure that the users in Group1 can perform security tasks in the tenant of each customer. The solution must meet the following requirements:
* The Group1 users must only be assigned the Security Operator role for the customer tenants.
* The users in Group2 must be able to assign the Security Operators role to the Group1 users for the customer tenants.
* The use of guest accounts must be minimized.
* Administrative effort must be minimized.
What should you include in the solution?
Correct Answer: D
Question 10
You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Data Security = Access Keys stored in Azure Key Vault
Network access control = Azure Private Link with network service tags
https://docs.microsoft.com/en-us/azure/automation/automation-security-guidelines#data-security
Question 11
You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.
Correct Answer: A,E
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 12
You have a Microsoft 365 tenant.
Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:
* Users must be able to request access to App1 by using a self-service request.
* When users request access to App1, they must be prompted to provide additional information about their request.
* Every three months, managers must verify that the users still require access to Appl.
What should you include in the design?
Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:
* Users must be able to request access to App1 by using a self-service request.
* When users request access to App1, they must be prompted to provide additional information about their request.
* Every three months, managers must verify that the users still require access to Appl.
What should you include in the design?
Correct Answer: A