Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :251 Q&As
  • Last Updated
    :Mar 31, 2025

Microsoft Microsoft Certifications SC-100 Questions & Answers

  • Question 71:

    You have a Microsoft 365 E5 subscription.

    You are designing a solution to protect confidential data in Microsoft SharePoint Online sites that contain more than one million documents.

    You need to recommend a solution to prevent Personally Identifiable Information (Pll) from being shared.

    Which two components should you include in the recommendation? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. data loss prevention (DLP) policies

    B. retention label policies

    C. eDiscovery cases

    D. sensitivity label policies

  • Question 72:

    You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD)

    The customer plans to obtain an Azure subscription and provision several Azure resources.

    You need to evaluate the customer's security environment.

    What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

    A. Azure AD Privileged Identity Management (PIM)

    B. role-based authorization

    C. resource-based authorization

    D. Azure AD Multi-Factor Authentication

  • Question 73:

    Reference: https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure subscription that has Microsoft Defender for Cloud enabled.

    You are evaluating the Azure Security Benchmark V3 report.

    In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

    You need to recommend configurations to increase the score of the Secure management ports controls.

    Solution: You recommend enabling adaptive network hardening.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 74:

    Your company has devices that run either Windows 10, Windows 11, or Windows Server.

    You are in the process of improving the security posture of the devices.

    You plan to use security baselines from the Microsoft Security Compliance Toolkit.

    What should you recommend using to compare the baselines to the current device configurations?

    A. Microsoft Intune

    B. Local Group Policy Object (LGPO)

    C. Windows Autopilot

    D. Policy Analyzer

  • Question 75:

    You have an Azure subscription that has Microsoft Defender for Cloud enabled.

    You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

    You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows. Which compliance control should you evaluate?

    A. Asset Management

    B. Posture and Vulnerability Management

    C. Data Protection

    D. Endpoint Security

    E. Incident Response

  • Question 76:

    You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?

    A. Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.

    B. Obtain Azure AD Premium Plan 2 licenses.

    C. Add Microsoft Sentinel data connectors.

    D. Enable the Defender plan for all resource types in Microsoft Defender for Cloud.

  • Question 77:

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

    You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

    Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 78:

    Your company plans to provision blob storage by using an Azure Storage account. The blob storage will be accessible from 20 application servers on the internet.

    You need to recommend a solution to ensure that only the application servers can access the storage account.

    What should you recommend using to secure the blob storage?

    A. managed rule sets in Azure Web Application Firewall (WAF) policies

    B. inbound rules in network security groups (NSGs)

    C. firewall rules for the storage account

    D. inbound rules in Azure Firewall

    E. service tags in network security groups (NSGs)

  • Question 79:

    Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.

    The company signs a contract with the United States government.

    You need to review the current subscription for NIST 800-53 compliance.

    What should you do first?

    A. From Defender for Cloud, review the secure score recommendations.

    B. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.

    C. From Defender for Cloud, review the Azure security baseline for audit report.

    D. From Defender for Cloud, add a regulatory compliance standard.

  • Question 80:

    You have a Microsoft 365 E5 subscription.

    You need to recommend a solution to add a watermark to email attachments that contain sensitive data.

    What should you include in the recommendation?

    A. Microsoft Defender for Cloud Apps

    B. insider risk management

    C. Microsoft Information Protection

    D. Azure Purview

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.