Download Microsoft Cybersecurity Architect.SC-100.ExamTopics.2026-02-10.218q.vcex

Vendor: Microsoft
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Date: Feb 10, 2026
File Size: 9 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.
Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion1.
You need to ensure that the virtual machines can be accessed only by using bastion1. The solution must prevent the use of NSG rules to bypass bastion1.
What should you include in the solution?
  1. Azure Virtual Network Manager security admin rules
  2. Azure Virtual Network Manager connectivity configurations
  3. Azure Firewall application rules
  4. Azure Firewall network rules
Correct answer: A
Question 2
You have a Microsoft Entra tenant named contoso.com.
You have an external partner that has a Microsoft Entra tenant named fabnkam.com.
You need to recommend an identity governance solution for contoso.com that meets the following requirements:
  • Enables the users in contoso.com and fabrikam.com to communicate by using shared Microsoft Teams channels
  • Manages access to shared Teams channels in contoso.com by using groups in fabrikam.com
  • Supports single sign-on (SSO)
  • Minimizes administrative effort
  • Maximizes security
What should you include in the recommendation?
  1. Cross-tenant synchronization
  2. Microsoft Entra B2B collaboration
  3. B2B direct connect
  4. Microsoft Entra Connect Sync
Correct answer: C
Question 3
You have a multicloud environment that contains Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) subscriptions.
You need to discover and review role assignments across the subscriptions.
What should you use?
  1. Azure Lighthouse
  2. Microsoft Defender for Identity
  3. Microsoft Entra ID Governance
  4. Microsoft Entra Permissions Management
Correct answer: D
Question 4
You have an Azure subscription that contains two virtual machines named VM1 and VM2 and an Azure App Service Standard app named App1. VM1 is used to upload data to App1. App1 stores data on VM2.
You need to secure connectivity between the virtual machines and App1. The solution must minimize the risk of data exfiltration.
What should you use to manage connectivity for App1? To answer, select the options in the answer area.
NOTE: Each correct answer is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 5
Your company has offices in New York City and Los Angeles.
The New York City office contains an on-premises app named App1.
You have an Azure subscription. The subscription is linked to a Microsoft Entra tenant that is hosted in North America.
You plan to manage access to App1 for the users in the Los Angeles office by using Microsoft Entra Private Access. You will deploy Private Access by performing the following actions:
  • Provision an ExpressRoute circuit from the New York City office to the closest peering location.
  • Create an Azure virtual network named VNet1 in the East US Azure region.
  • Deploy a Microsoft Entra application proxy connector to VNet1.
You need to optimize the network for the planned deployment. The solution must meet the following requirements:
  • Maximize redundancy for connectivity to App1.
  • Minimize network latency when accessing App1.
  • Minimize complexity.
  • Minimize costs.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 6
You have an Azure subscription that contains SQL Server on Azure virtual machines located in the West US Azure region. The virtual machines are only accessible by using private IP addresses.
You plan to deploy a Windows-based Azure App Service web apps in the East US Azure region.
You need to recommend a solution to provide the web apps access to the SQL Server databases.
What should you include in the recommendation?
  1. an Azure VPN gateway
  2. a private endpoint
  3. a service endpoint
  4. an Azure Bastion host
Correct answer: A
Question 7
Your company has 10 branch offices. Each office has a local internet connection that uses a static IP address.
You have an Azure subscription. The subscription contains a storage account named storage1 that stores blobs.
Users in the branch offices access the blobs via the internet.
You need to recommend a solution to ensure that the data in storage1 is accessible only from the branch office static IP addresses. The solution must minimize costs.
What should include in the recommendation?
  1. Azure Private Link
  2. an Azure Firewall policy
  3. Azure Storage firewall rules
  4. a network security group (NSG)
Correct answer: C
Question 8
You have a Microsoft 365 subscription that contains 1,000 users. Each user is assigned a Microsoft 365 E5 license.
The subscription uses sensitivity labels to classify corporate documents. All the users have Windows 11 devices that are onboarded to Microsoft Defender for Endpoint and are configured to sync files to Microsoft OneDrive.
You need to prevent the users from uploading the documents from OneDrive to external websites.
What should you include in the solution?
  1. Microsoft Purview Information Protection
  2. Microsoft Purview data loss prevention (DLP)
  3. web content filtering in Defender for Endpoint
  4. an endpoint security policy
Correct answer: B
Question 9
You have a Microsoft 365 subscription that contains 1,000 users and two groups named Group1 and Group2. All the users have devices that are onboarded to Microsoft Intune and Microsoft Defender for Endpoint. Group1 manages Microsoft Entra and Microsoft 365 services. Group2 manages Intune and Defender for Endpoint.
You need to recommend a solution to prevent users from connecting to Microsoft 365 services from devices that have encryption disabled.
What should you recommend implementing for each group? To answer, select the options in the answer area.
NOTE: Each correct answer is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 10
You have a Microsoft 365 subscription that contains 1,000 users and a group named Group1. All the users have Windows 11 devices. The users sign in to their devices by using their Microsoft Entra account. The users do NOT have administrative rights to their devices.
The members of Group1 remotely assist the users by taking control of user sessions. The remote control sessions run in the security context of the users they are assisting.
You need to recommend a solution that will enable the Group1 members to run apps that require administrative rights to the users' devices. The solution must ensure that the apps are run in the context of each signed-in standard user.
What should you include in the recommendation?
  1. Windows Local Administrator Password Solution (Windows LAPS)
  2. Microsoft Entra Permissions Management
  3. Microsoft Intune Endpoint Privilege Management
  4. Privileged Identity Management (PIM) in Microsoft Entra ID
Correct answer: C
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!