New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Microsoft Certified: Cybersecurity Architect Expert SC-100 Passing Score

Page: 6 / 9
Question 24

You have a Microsoft 365 E5 subscription.

You plan to deploy Global Secure Access universal tenant restrictions v2.

Which authentication plane resources and which data plane resources will be protected? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 25

Your company, named Contoso. Ltd... has an Azure AD tenant namedcontoso.com. Contoso has a partner company named Fabrikam. Inc. that has an Azure AD tenant named fabrikam.com. You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso. The solution must meet the following requirements:

• Follow the principle of least privilege.

• Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 26

You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:

• Encrypt cardholder data by using encryption keys managed by the company.

• Encrypt insurance claim files by using encryption keys hosted on-premises.

Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.

B.

Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM

C.

Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.

D.

Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.

Question 27

You have a Microsoft 365 tenant.

Your company uses a third-party software as a service (SaaS) app named App1 that is integrated with an Azure AD tenant. You need to design a security strategy to meet the following requirements:

• Users must be able to request access to App1 by using a self-service request.

• When users request access to App1, they must be prompted to provide additional information about their request.

• Every three months, managers must verify that the users still require access to Appl.

What should you include in the design?

Options:

A.

Azure AD Application Proxy

B.

connected apps in Microsoft Defender for Cloud Apps

C.

Microsoft Entra Identity Governance

D.

access policies in Microsoft Defender for Cloud Apps

Page: 6 / 9
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Dec 22, 2024
Questions: 187
SC-100 pdf

SC-100 PDF

$28.5  $94.99
SC-100 Engine

SC-100 Testing Engine

$33  $109.99
SC-100 PDF + Engine

SC-100 PDF + Testing Engine

$43.5  $144.99