Certs Club
Home
Oracle Microsoft Cisco CompTIA Salesforce Amazon AACE International Acams Anthropic Apple View All Vendors →
Login Register

Microsoft SC-100 - Microsoft Cybersecurity Architect Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

HOTSPOT You are evaluating the security of ClaimsApp. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.

A.
StatementsYesNo
FD1 can be used to protect all the instances of ClaimsApp.
FD1 must be configured to have a certificate for claims.fabrikam.com.
To block connections from North Korea to ClaimsApp, you require a custom rule in FD1.
Correct Answer: A
Explanation:
No
Yes
Yes 
Question #2 (Topic: demo questions)

HOTSPOT

What should you create in Azure AD to meet the Contoso developer requirements?

A.
Requirement / Scenario componentOptions
Account type for the developers:

A guest account in the contoso.onmicrosoft.com tenant


A guest account in the fabrikam.onmicrosoft.com tenant


A synced user account in the corp.fabrikam.com domain


A user account in the fabrikam.onmicrosoft.com tenant

Component in Identity Governance:

A connected organization


An access package


An access review


An Azure AD role


An Azure resource role

Correct Answer: A
Explanation:
Box 1: A synced user account Need to use a synched user account. Box 2: An access review
Question #3 (Topic: demo questions)

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

A.
Onboard the virtual machines to Microsoft Defender for Endpoint.
B.
Onboard the virtual machines to Azure Arc.
C.
Create a device compliance policy in Microsoft Endpoint Manager.
D.
Enable the Qualys scanner in Defender for Cloud.
Correct Answer: A, D
Explanation:

A. Onboard the virtual machines to Microsoft Defender for Endpoint
D. Enable the Qualys scanner in Defender for Cloud
Explanation
To resolve security and vulnerability issues on virtual machines:
  • A. Onboard the virtual machines to Microsoft Defender for Endpoint
  • This provides endpoint detection and response (EDR), threat protection, and security monitoring for the VMs.
  • D. Enable the Qualys scanner in Defender for Cloud
  • Qualys performs vulnerability assessments and identifies missing patches, security misconfigurations, and other vulnerabilities.
Why the others are incorrect
  • B. Onboard the virtual machines to Azure Arc
  • Azure Arc enables management of hybrid and multi-cloud resources but does not directly address vulnerability assessment or endpoint protection.
  • C. Create a device compliance policy in Microsoft Endpoint Manager
  • Compliance policies are primarily for managed user devices and do not resolve VM vulnerability assessment issues.
Final Answer: A and D.
Question #4 (Topic: demo questions)

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

A.
Azure Key Vault
B.
GitHub Advanced Security
C.
 Application Insights in Azure Monitor
D.
Azure DevTest Labs
Correct Answer: B
Explanation:

The requirement is to scan application code and meet application development security requirements.
GitHub Advanced Security provides:
  • Code scanning to detect security vulnerabilities in source code.
  • Secret scanning to identify exposed credentials, keys, and tokens.
  • Dependency scanning to find vulnerable open-source packages.
  • Security analysis integrated directly into the development workflow.
Why the others are incorrect
  • A. Azure Key Vault
  • Stores and manages secrets, certificates, and encryption keys; it does not scan code.
  • C. Application Insights in Azure Monitor
  • Monitors application performance and usage after deployment.
  • D. Azure DevTest Labs
  • Provides development and testing environments but does not perform code security scanning.
Correct Answer: B. GitHub Advanced Security.
Question #5 (Topic: demo questions)

You need to recommend a solution to meet the security requirements for the InfraSec group. What should you use to delegate the access?

A.
a subscription
B.
a custom role-based access control (RBAC) role
C.
 a resource group
D.
a management group
Correct Answer: B
Explanation:

When you need to delegate access while meeting specific security requirements, a custom RBAC role allows you to grant only the exact permissions required by the InfraSec group, following the principle of least privilege.
Why B is correct
  • Provides granular permissions tailored to the group's needs.
  • Prevents granting excessive access.
  • Supports secure delegation of Azure resources.
Why the others are incorrect
  • A. A subscription
  • A subscription is a billing and resource container, not a delegation mechanism.
  • C. A resource group
  • Organizes resources but does not define permissions by itself.
  • D. A management group
  • Used to organize subscriptions and apply governance at scale, not to define custom delegated permissions.
Correct Answer: B. a custom role-based access control (RBAC) role.
Download Exam
Page: 1 / 1
Next Page