Microsoft SC-100 Practice Exams
Last updated on Apr 01,2025- Exam Code: SC-100
- Exam Name: Microsoft Cybersecurity Architect
- Certification Provider: Microsoft
- Latest update: Apr 01,2025
Your company is moving a big data solution to Azure.
The company plans to use the following storage workloads:
• Azure Storage blob containers
• Azure Data Lake Storage Gen2
• Azure Storage file shares
• Azure Disk Storage
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Azure Disk Storage
- B . Azure Storage blob containers
- C . Azure Storage file shares
- D . Azure Data Lake Storage Gen2
HOTSPOT
You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to recommend a solution to meet the security requirements for the virtual machines.
What should you include in the recommendation?
- A . an Azure Bastion host
- B . a network security group (NSG)
- C . just-in-time (JIT) VM access
- D . Azure Virtual Desktop
HOTSPOT
You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to recommend a solution to scan the application code. The solution must meet the application development requirements.
What should you include in the recommendation?
- A . Azure Key Vault
- B . GitHub Advanced Security
- C . Application Insights in Azure Monitor
- D . Azure DevTest Labs
Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)
Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?
- A . Azure Traffic Manager with priority traffic-routing methods
- B . Azure Application Gateway v2 with user-defined routes (UDRs).
- C . Azure Front Door with Azure Web Application Firewall (WAF)
- D . Azure Firewall with policy rule sets
You are evaluating an Azure environment for compliance.
You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.
Which effect should you use in Azure Policy?
- A . Deny
- B . Disabled
- C . Modify
- D . Append
You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure
to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?
- A . Azure Active Directory Domain Services (Azure AD DS)
- B . Azure Active Directory (Azure AD) B2C
- C . Azure Active Directory (Azure AD)
- D . Active Directory Domain Services (AD DS)
You need to design a solution to provide administrators with secure remote access to the virtual machines.
The solution must meet the following requirements:
• Prevent the need to enable ports 3389 and 22 from the internet.
• Only provide permission to connect the virtual machines when required.
• Ensure that administrators use the Azure portal to connect to the virtual machines.
Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
- B . Configure Azure VPN Gateway.
- C . Enable Just Enough Administration (JEA).
- D . Enable just-in-time (JIT) VM access.
- E . Configure Azure Bastion.
Your company plans to provision blob storage by using an Azure Storage account. The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account.
What should you recommend using to secure the blob storage?
- A . service tags in network security groups (NSGs)
- B . managed rule sets in Azure Web Application Firewall (WAF) policies
- C . inbound rules in network security groups (NSGs)
- D . firewall rules for the storage account
- E . inbound rules in Azure Firewall