SC-100 無料問題集「Microsoft Cybersecurity Architect」
Hotspot Question
You have a multi-cloud environment that contains an Azure subscription and an Amazon Web Services (AWS) account.
You need to implement security services in Azure to manage the resources in both subscriptions.
The solution must meet the following requirements:
- Automatically identify threats found in AWS CloudTrail events.
- Enforce security settings on AWS virtual machines by using Azure
policies.
What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a multi-cloud environment that contains an Azure subscription and an Amazon Web Services (AWS) account.
You need to implement security services in Azure to manage the resources in both subscriptions.
The solution must meet the following requirements:
- Automatically identify threats found in AWS CloudTrail events.
- Enforce security settings on AWS virtual machines by using Azure
policies.
What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Your company is developing an invoicing application that will use Azure AD B2C. The application will be deployed as an App Service web app.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:A、B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
Your client interacts with its customers using custom-built mobile apps. Current authentication and authorization information is stored in individually maintained Azure-based databases. The client has asked you to design a solution that allows authentication and authorization to be centralized. You recommend that your client deploy Azure AD and implement OAuth 2.0 for authorization.
You need to help your client identify the process that is performed by each OAuth 2.0 party.
Which process should you identify for each of the roles? To answer, select the appropriate options from the drop-down menus.
Your client interacts with its customers using custom-built mobile apps. Current authentication and authorization information is stored in individually maintained Azure-based databases. The client has asked you to design a solution that allows authentication and authorization to be centralized. You recommend that your client deploy Azure AD and implement OAuth 2.0 for authorization.
You need to help your client identify the process that is performed by each OAuth 2.0 party.
Which process should you identify for each of the roles? To answer, select the appropriate options from the drop-down menus.
正解:
You are a security architect, and you are working with your software development team and defining a strategy for an application lifecycle management process, This process is based on the Microsoft Security Development Lifecycle Model.
What are the two phases in the threat modeling design phase?
What are the two phases in the threat modeling design phase?
正解:B、C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have a Microsoft Entra tenant named contoso.com. You have 30 Azure subscriptions that are linked to contoso.com. The tenant contains the management groups shown in the following table.
You need to design a governance solution to manage access to all the Azure Storage accounts across the subscriptions. The solution must meet the following requirements:
- Use custom role-based access control (RBAC) to provide granular
access to control plane and data plane operations.
- Minimize administrative effort.
At which scope should you assign the roles, and what is the minimum number of assignments per role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant named contoso.com. You have 30 Azure subscriptions that are linked to contoso.com. The tenant contains the management groups shown in the following table.
You need to design a governance solution to manage access to all the Azure Storage accounts across the subscriptions. The solution must meet the following requirements:
- Use custom role-based access control (RBAC) to provide granular
access to control plane and data plane operations.
- Minimize administrative effort.
At which scope should you assign the roles, and what is the minimum number of assignments per role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: ..Mgmt1 AND .. Mgmt2
For Microsoft Entra's two management groups, the appropriate scope for assigning roles is the management group level itself. This is because management groups are designed to be a broader scope for managing access and policies across multiple subscriptions.
Box 2: 2
Note:
Broadest Scope:
Management groups are the broadest scope in Azure, encompassing multiple subscriptions.
Reference:
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview
You are a security architect for a company with Microsoft Azure and Microsoft 365 subscriptions, and you recently had a ransomware attack.
After reviewing with the team, you found that while information was available to help remediate the attack, the information was not central to help contextualize the security incident, slowing down the remedial action.
Which tools can provide a central console to detect, investigate, remediate, hunt, utilize threat intelligence, and contextualize security incidents?
After reviewing with the team, you found that while information was available to help remediate the attack, the information was not central to help contextualize the security incident, slowing down the remedial action.
Which tools can provide a central console to detect, investigate, remediate, hunt, utilize threat intelligence, and contextualize security incidents?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have a Microsoft 365 subscription.
You have an Azure subscription.
You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:
- Assign compliance policies to Microsoft 365 groups based on custom
Microsoft Exchange Online attributes.
- Minimize the number of compliance policies.
- Minimize administrative effort.
What should you include in the solution?
You have an Azure subscription.
You need to implement a Microsoft Purview communication compliance solution for Microsoft Teams and Yammer. The solution must meet the following requirements:
- Assign compliance policies to Microsoft 365 groups based on custom
Microsoft Exchange Online attributes.
- Minimize the number of compliance policies.
- Minimize administrative effort.
What should you include in the solution?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases.
All resources are backed up multiple times a day by using Azure Backup.
You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
All resources are backed up multiple times a day by using Azure Backup.
You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:A、E
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have a customer that has a Microsoft 365 subscription and uses the Free edition of Microsoft Entra ID.
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Microsoft Entra Free edition to the Premium edition?
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Microsoft Entra Free edition to the Premium edition?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have multiple Azure subscriptions that each contains multiple resource groups.
You need to identify the privileged role assignments in each subscription and any associated security risks. The solution must minimize administrative effort.
What should you use?
You need to identify the privileged role assignments in each subscription and any associated security risks. The solution must minimize administrative effort.
What should you use?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment.
You need to recommend the top three modernization areas to prioritize as part of the plan.
Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to recommend the top three modernization areas to prioritize as part of the plan.
Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:A、C、E
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have a Microsoft Entra tenant. The tenant contains a security group named Group1. Group1 contains the members of your company's IT support team.
You have an Azure subscription. The subscription contains 800 Windows devices that are Microsoft Entra joined and 200 Windows devices that are Microsoft Entra registered.
You have 200 standalone macOS devices.
You deploy 10 Windows devices that are Microsoft Entra joined and have the Microsoft Entra ExtensionAttribute1 value set to SecureWorkstation.
You need to recommend a Conditional Access solution that meets the following requirements:
- Only allows access to Microsoft Entra resources from devices that run Windows 10 or Windows 11
- Restricts Windows Azure Service Management API access to the
following users:
- The members of Group1
- Users that authenticate by using multifactor authentication (MFA)
- Users that connect from a device that has the SecureWorkstation
ExtensionAttribute1
The solution must minimize the number of required policies and maximize security.
What should include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant. The tenant contains a security group named Group1. Group1 contains the members of your company's IT support team.
You have an Azure subscription. The subscription contains 800 Windows devices that are Microsoft Entra joined and 200 Windows devices that are Microsoft Entra registered.
You have 200 standalone macOS devices.
You deploy 10 Windows devices that are Microsoft Entra joined and have the Microsoft Entra ExtensionAttribute1 value set to SecureWorkstation.
You need to recommend a Conditional Access solution that meets the following requirements:
- Only allows access to Microsoft Entra resources from devices that run Windows 10 or Windows 11
- Restricts Windows Azure Service Management API access to the
following users:
- The members of Group1
- Users that authenticate by using multifactor authentication (MFA)
- Users that connect from a device that has the SecureWorkstation
ExtensionAttribute1
The solution must minimize the number of required policies and maximize security.
What should include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: 2
* Only allows access to Microsoft Entra resources from devices that run Windows 10 or Windows
11
Create one Conditional Access policy that uses one include device filter which includes only Windows 10 and Windows 11.
* Restricts Windows Azure Service Management API access to the following users:
The members of Group1
Users that authenticate by using multifactor authentication (MFA)
Users that connect from a device that has the SecureWorkstation ExtensionAttribute1 Create a second Conditional Access policy that includes Group1, requires MFA, and one include device for devices that has the SecureWorkstation ExtensionAttribute1. Grant access to Windows Azure Service Management API.
Box 2: Two include device filters
Reference:
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-filters-for- devices
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort.
What should you include in the recommendation?
What should you include in the recommendation?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)