We offer the latest SC-100 practice test designed for free and effective online Microsoft Cybersecurity Architect certification preparation. It's a simulation of the real SC-100 exam experience, built to help you understand the structure, complexity, and topics you'll face on exam day.
Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?
Your company has the virtual machine infrastructure shown in the following table.
The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to
Azure.
You need to provide recommendations to increase the resiliency of the backup strategy to mitigate
attacks such as ransomware.
What should you include in the recommendation?
You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1
and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using
Microsoft Intune.
You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The
strategy will include the following configurations:
Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged
access device.
The Security Administrator role will be mapped to the privileged access security level.
The users in Group1 will be assigned the Security Administrator role.
The users in Group2 will manage the privileged access devices.
You need to configure the local Administrators group for each privileged access device. The solution
must follow the principle of least privilege.
What should you include in the solution?
You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)
Your on-premises network contains an Active Directory Domain Services (AD DS) domain named
corpxontoso.com and an AD DS-integrated application named App1.
Your perimeter network contains a server named Server1 that runs Windows Server.
You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.
You plan to implement a security solution that will include the following configurations:
Manage access to App1 by using Microsoft Entra Private Access.
Deploy a Microsoft Entra application proxy connector to Server1.
Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.
For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:
o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.
o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.
o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.
o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.
You need to maximize security for the planned implementation. The solution must minimize the
impact on the connector.
Which rule should you remove?
© Copyrights FreePDFQuestions 2025. All Rights Reserved
We use cookies to ensure that we give you the best experience on our website (FreePDFQuestions). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreePDFQuestions.
Full Access to 201 Questions