Exam: SC-100: Microsoft Cybersecurity Architect

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.
You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.
What should you include in the recommendation?
A.
a Microsoft Sentinel data connector
B.
Azure Event Hubs
C.
a Microsoft Sentinel workbook
D.
Azure Data Factory

A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the endpoints.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
The client access tokens are refreshed.
B.
Microsoft Intune reports the endpoints as compliant.
C.
A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
D.
Microsoft Defender for Endpoint reports the endpoints as compliant.

HOTSPOT -
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender,
Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
A.
Azure AD Privileged Identity Management (PIM)
B.
role-based authorization
C.
resource-based authorization
D.
Azure AD Multi-Factor Authentication

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?
A.
Microsoft Security Development Lifecycle (SDL)
B.
Enhanced Security Admin Environment (ESAE)
C.
Rapid Modernization Plan (RaMP)
D.
Microsoft Operational Security Assurance (OSA)

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend solutions to meet the following requirements:
✑ Ensure that the security operations team can access the security logs and the operation logs.
✑ Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two solutions should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A.
a custom collector that uses the Log Analytics agent
B.
the Azure Monitor agent
C.
resource-based role-based access control (RBAC)
D.
Azure Active Directory (Azure AD) Conditional Access policies

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.
Question
You need to recommend a solution to isolate the compute components on an Azure virtual network.
What should you include in the recommendation?
A.
Azure Active Directory (Azure AD) enterprise applications
B.
an Azure App Service Environment (ASE)
C.
Azure service endpoints
D.
an Azure Active Directory (Azure AD) application proxy

HOTSPOT
You are planning the security levels for a security access strategy.
You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA).
Which security level should you configure for each job role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment.
You need to recommend the top three modernization areas to prioritize as part of the plan.
Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
data, compliance, and governance
B.
infrastructure and development
C.
user access and productivity
D.
operational technology (OT) and IoT
E.
modern security operations