Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75
Pass the Microsoft Certified: Cybersecurity Architect Expert SC-100 Questions and answers with Dumpstech
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.
In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.
You have an Azure subscription and an on-premises datacenter. The datacenter contains 100 servers that run Windows Server. AJI the servers are backed up to a Recovery Services vault by using Azure Backup and the Microsoft Azure Recovery Services (MARS) agent.
You need to design a recovery solution for ransomware attacks that encrypt the on-premises servers. The solution must follow Microsoft Security Best Practices and protect against the following risks:
• A compromised administrator account used to delete the backups from Azure Backup before encrypting the servers
• A compromised administrator account used to disable the backups on the MARS agent before encrypting the servers
What should you use for each risk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions that allow traffic from the Front Door service tags.
Does this meet the goal?
You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.
You need to enhance security on the virtual machines. The solution must meet the following requirements:
• Ensure that only apps on an allowlist can be run.
• Require administrators to confirm each app added to the allowlist.
• Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.
• Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.
What should you include in the solution?
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 stores documents that are based on a predefined form and include confidential employee information.
You monitor access to Site1 by using a Microsoft Defender for Cloud Apps session policy.
You need to ensure that step-up authentication is triggered when a user downloads documents that are based on the predefined form. The solution must minimize administrative effort.
Which Microsoft Data Classification Service inspection method should you use, and which Conditional Access option should you add to the session policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).
You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.
You need to ensure that a compromised administrator account cannot be used to delete the backups
What should you do?
You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 hosts a Windows node pool named Pool1 and a Linux node pool named Pool2.
You are designing a pool update strategy for AKS1.
You need to recommend how often to replace the operating system images deployed to the nodes. The solution must meet the following requirements:
• Minimize how long it takes to apply operating system updates once the updates are released.
• Minimize administrative effort.
What should you recommend for each pool? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have on-premises servers and virtual machines that run Windows Server or Red Hat Enterprise Linux (RHEL).
You have an Azure subscription The subscription contains virtual machines that run Windows Server Datacentet: Azure Edition.
You need to recommend a solution to manage operating system updates for the on-premises servers and the virtual machines. The solution must meet the following requirements:
• Enable hotpatching for the Azure virtual machines.
• Enable the on demand inventory and deployment of updates.
• Enable the deployment of Extended Security Update (ESU) patches to the on-premises servers.
What should you include in the recommendation? To answer, select the options in the answer area.
NOTE: Each correct answer is worth one point.




