作者: admin

SC-100:Microsoft Cybersecurity Architect真题练习
1.Your company has a Microsoft 365 ES subscription.The Chief Compliance Ocer plans to enhance privacy management in the working environment.
You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:
✑ Identify unused personal data and empower users to make smart data handling decisions.
✑ Provide users with notications and guidance when a user sends personal data in Microsoft Teams.
✑ Provide users with recommendations to mitigate privacy risks.What should you include in the recommendation?
A. communication compliance in insider risk management 
B. Microsoft Viva Insights
C. Privacy Risk Management in Microsoft Priva
D. Advanced eDiscovery
答案：C

2.You have an Azure subscription that has Microsoft Defender for Cloud enabled.Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workow automation. The solution must minimize development effort.What should you include in the recommendation?
A. Azure Monitor webhooks 
B. Azure Event Hubs
C. Azure Functions apps
D. Azure Logics Apps
答案：D

3.Your company is moving a big data solution to Azure.The company plans to use the following storage workloads: 
✑ Azure Storage blob containers
✑ Azure Data Lake Storage Gen2Azure Storage le shares –
✑ Azure Disk StorageWhich two storage workloads support authentication by using Azure Active Directory (Azure AD)?
Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. Azure Storage le shares 
B. Azure Disk Storage
C. Azure Storage blob containers
D. Azure Data Lake Storage Gen2
答案：CD

4.You have a Microsoft 365 E5 subscription and an Azure subscription.You are designing a Microsoft deployment.You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events.What should you recommend using in Microsoft Sentinel?
A. notebooks 
B. playbooks
C. workbooks
D. threat intelligence
答案：C

5.Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.Which Defender for Identity feature should you include in the recommendation?
A. sensitivity labels
B. custom user tags 
C. standalone sensors
D. honeytoken entity tags
答案：D

6.You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases.All resources are backed up multiple times a day by using Azure Backup.You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Enable soft delete for backups. Most Voted
B. Require PINs for critical operations.
C. Encrypt backups by using customer-managed keys (CMKs). 
D. Perform oine backups to Azure Data Box.
E. Use Azure Monitor notications when backup congurations change.
答案：BE

7.Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.
You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.What should you include in the recommendation? 
A. a Microsoft Sentinel data connector
B. Azure Event Hubs Most Voted
C. a Microsoft Sentinel workbook 
D. Azure Data Factory
答案：A

8.A customer follows the Zero Trust model and explicitly veries each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.The customer suspends access attempts from the infected endpoints.
The malware is removed from the endpoints.Which two conditions must be met before endpoint users can access the corporate applications again?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. The client access tokens are refreshed
B. Microsoft Intune reports the endpoints as compliant. Most Voted
C. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced
D.Microsoft Defender for Endpoint reports the endpoints as compliant.
答案：AC

9.You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer’s security environment.What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
A. Azure AD Privileged Identity Management (PIM) Most Voted 
B. role-based authorization
C. resource-based authorization
D. Azure AD Multi-Factor Authentication
答案：D

10.You are designing the security standards for a new Azure environment.You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?
A. Microsoft Security Development Lifecycle (SDL) 
B. Enhanced Security Admin Environment (ESAE)
C. Rapid Modernization Plan (RaMP)
D. Microsoft Operational Security Assurance (OSA)
答案：C

11.A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.You need to recommend solutions to meet the following requirements:
✑ Ensure that the security operations team can access the security logs and the operation logs.
✑ Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two solutions should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a custom collector that uses the Log Analytics agent
B. the Azure Monitor agent
C. resource-based role-based access control (RBAC)
D. Azure Active Directory (Azure AD) Conditional Access policies
答案：BC