Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-100

Microsoft SC-100 Exam Questions
Microsoft Cybersecurity Architect (Page 7 )

Updated On: 17-Feb-2026
Page 7 of 64
PDF with 327 Questions

Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment.

You need to recommend the top three modernization areas to prioritize as part of the plan.

Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. data, compliance, and governance
  2. infrastructure and development
  3. user access and productivity
  4. operational technology (OT) and IoT
  5. modern security operations

Answer(s): A,C,E

Explanation:

RaMP initiatives for Zero Trust
To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives.
Critical security modernization initiatives:
(C) User access and productivity
1. Explicitly validate trust for all access requests
Identities
Endpoints (devices)
Apps
Network
(A) Data, compliance, and governance
2. Ransomware recovery readiness
3. Data
(E) Modernize security operations
4. Streamline response
5. Unify visibility
6. reduce manual effort

Incorrect:
As needed
Additional initiatives based on Operational Technology (OT) or IoT usage, on-premises and cloud adoption, and security for in-house app development:
* (not D) OT and Industrial IoT
Discover
Protect
Monitor
* Datacenter & DevOps Security
Security Hygiene
Reduce Legacy Risk
DevOps Integration
Microsegmentation


Reference:

https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview



HOTSPOT (Drag and Drop is not supported)

For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA).

You need to protect against the following external threats of an attack chain:

An attacker attempts to exfiltrate data to external websites.

An attacker attempts lateral movement across domain-joined computers.

What should you include in the recommendation for each threat? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Microsoft Defender for Identity
An attacker attempts to exfiltrate data to external websites.

Exfiltration alerts
Typically, cyberattacks are launched against any accessible entity, such as a low-privileged user, and then quickly move laterally until the attacker gains access to valuable assets. Valuable assets can be sensitive accounts, domain administrators, or highly sensitive data. Microsoft Defender for Identity identifies these advanced threats at the source throughout the entire attack kill chain and classifies them into the following phases:

Reconnaissance
Compromised credentials
Lateral Movements
Domain dominance
Exfiltration

Box 2: Microsoft Defender for Identity
An attacker attempts lateral movement across domain-joined computers.

Microsoft Defender for Identity Lateral Movement Paths (LMPs) Lateral movement is when an attacker uses non-sensitive accounts to gain access to sensitive accounts throughout your network. Lateral movement is used by attackers to identify and gain access to the sensitive accounts and machines in your network that share stored sign-in credentials in accounts, groups and machines. Once an attacker makes successful lateral moves towards your key targets, the attacker can also take advantage and gain access to your domain controllers. Lateral movement attacks are carried out using many of the methods described in Microsoft Defender for Identity Security Alerts.

A key component of Microsoft Defender for Identity's security insights are Lateral Movement Paths or LMPs. Defender for Identity LMPs are visual guides that help you quickly understand and identify exactly how attackers can move laterally inside your network.


Reference:

https://learn.microsoft.com/en-us/defender-for-identity/exfiltration-alerts



For an Azure deployment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.

You need to recommend a best practice for implementing service accounts for Azure API management.

What should you include in the recommendation?

  1. application registrations in Microsoft Entra ID
  2. managed identities in Azure
  3. Azure service principals with usernames and passwords
  4. device registrations in Microsoft Entra ID
  5. Azure service principals with certificate credentials

Answer(s): B

Explanation:

IM-3: Manage application identities securely and automatically Features
Managed Identities
Description: Data plane actions support authentication using managed identities.
Configuration Guidance: Use a Managed Service Identity generated by Microsoft Entra ID to allow your API Management instance to easily and securely access other Microsoft Entra ID-protected resources, such as Azure Key Vault instead of using service principals. Managed identity credentials are fully managed, rotated, and protected by the platform, avoiding hard-coded credentials in source code or configuration files.


Reference:

https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/api-management-security- baseline



You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid-joined to Microsoft Entra.

You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.

You plan to remove all the domain accounts from the Administrators groups on the Windows computers.

You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.

What should you include in the recommendation?

  1. Local Administrator Password Solution (LAPS)
  2. Microsoft Entra Identity Protection
  3. Microsoft Entra Privileged Identity Management (PIM)
  4. Privileged Access Workstations (PAWs)

Answer(s): A

Explanation:

Microsoft's "Local Administrator Password Solution" (LAPS) provides management of local administrator account passwords for domain-joined computers. Passwords are randomized and stored in Microsoft Entra ID, protected by ACLs, so only eligible users can read it or request its reset.
Microsoft LAPS is short for Microsoft Local Administrator Password Solution.
When installed and enabled on domain-joined computers it takes over the management of passwords of local accounts. Passwords are automatically changed to random characters that meet the domain's password policy requirements at a frequency that you define through Group Policy.
The passwords are stored in a protected "confidential" attribute on the Computer object in AD. Unlike most other attributes which can be read by all domain users by default, the confidential attributes require extra privileges to be granted in order to read them, thus securing the managed passwords.

Incorrect:
Not B: Integrate on-premises Microsoft Entra domains with Microsoft Entra ID Validate security configuration and policy, Actively monitor Microsoft Entra ID for signs of suspicious activity Consider using Microsoft Entra ID P2 edition, which includes Microsoft Entra ID Protection. Identity Protection uses adaptive machine learning algorithms and heuristics to detect anomalies and risk events that may indicate that an identity has been compromised. For example, it can detect potentially unusual activity such as irregular sign-in activities, sign-ins from unknown sources or from IP addresses with suspicious activity, or sign-ins from devices that may be infected. Identity Protection uses this data to generate reports and alerts that enable you to investigate these risk events and take appropriate action.
Not C: Microsoft Entra PIM is a service in Microsoft Entra ID that enables you to manage, control, and monitor access to resources in Microsoft Entra ID, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.
Not D: Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the- Hash, and Pass-The-Ticket.


Reference:

https://craighays.com/microsoft-laps/
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad



DRAG DROP (Drag and Drop is not supported)

For a Microsoft cloud environment, you need to recommend a security architecture that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

Which security methodologies should you include in the recommendation? To answer, drag the appropriate methodologies to the correct principles. Each methodology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Note: Each correct selection is worth one point.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Segment access
Assume breach
Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

Box 2: Data classification
Verify explicitly
Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

Box 3: Just-in-time (JIT) access
Use least-privilege access
Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.


Reference:

https://www.microsoft.com/en-us/security/business/zero-trust






Post your Comments and Discuss Microsoft SC-100 exam dumps with other Community members:

Join the SC-100 Discussion