合格目指せSC-100試験最新のSC-100試験問題集PDF 2025年更新
SC-100試験問題集、365日更新無料サンプル
Microsoft SC-100試験は、Microsoft認定サイバーセキュリティアーキテクトを目指すサイバーセキュリティプロフェッショナルの知識とスキルをテストするように設計されています。この試験は、サイバーセキュリティに経験があり、グローバルに認められた認定資格を取得してキャリアを進めたい個人を対象としています。
Microsoft SC-100認定試験は、サイバーセキュリティアーキテクチャにおける個人の知識とスキルをテストするように設計されています。この認定は、サイバーセキュリティでのキャリアを追求することに興味がある人や、すでに分野で働いており、スキルと知識を向上させたい人向けに設計されています。 Microsoft SC-100認定試験は、Microsoft Technologiesを使用して安全なソリューションの設計と実装に必要なスキルを検証します。
質問 # 93
Your company has a hybrid cloud infrastructure.
Data and applications are moved regularly between cloud environments.
The company's on-premises network is managed as shown in the following exhibit.
NOTE Each correct selection is worth one point.
- A. Azure Arc
- B. on-premises data gateway
- C. guest configuration in Azure Policy
- D. Azure Bastion
- E. Azure VPN Gateway
正解:A、B
質問 # 94
You have an Azure SQL database named DB1 that contains customer information.
A team of database administrators has full access to DB1.
To address customer inquiries, operators in the customer service department use a custom web app named App1 to view the customer information.
You need to design a security strategy for D81. The solution must meet the following requirements:
* When the database administrators access DB1 by using SQL management tools, they must be prevented from viewing the content of the Credit Card attribute of each customer record.
* When the operators view customer records in App1, they must view only the last four digits of the Credit Card attribute.
What should you include in the design? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 95
You have an Azure subscription that contains the resources shown in the following table.
You need to recommend a network security solution for App1. The solution must meet the following requirements:
* Only the virtual machines that are connected to Subnet1 must be able to connect to D81.
* DB1 must be inaccessible from the internet
* Costs must be minimized.
What should you include in the recommendation? To answer, select the options in the answer area. NOTE:
Each correct answer is worth one point.
正解:
解説:
Explanation:
質問 # 96
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
- A. Azure Monitor webhooks
- B. Azure Logics Apps
- C. Azure Functions apps
- D. Azure Event Hubs
正解:B
解説:
The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance. Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios.
質問 # 97
Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Key Vault to store credentials.
- A. Yes
- B. No
正解:B
解説:
When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.
質問 # 98
You have an Azure subscription and a Microsoft 365 subscription. All users are assigned Microsoft 365 E5 licenses. All computers run Windows 11 and are Microsoft Entra joined.
You need to recommend a solution to prevent computers that run early builds of Windows 11 from connecting to Microsoft 365 services.
Which two types of policies should you include in the recommendation? Each correct answer presents part of the solution.
- A. Microsoft Intune compliance policy
- B. Microsoft Entra ID Protection sign-in risk policy
- C. Microsoft Defender for Endpoint endpoint security policy
- D. Microsoft Defender for Cloud regulatory compliance policy
- E. Microsoft Entra Conditional Access policy
正解:A、E
質問 # 99
Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Key Vault to store credentials.
- A. Yes
- B. No
正解:B
解説:
When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.
質問 # 100
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.
You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements-.
* Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
* Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 101
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components:
* Azure loT Edge devices
* AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture
https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings
https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview#supported-cloud-operations
質問 # 102
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.
You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
正解:E
解説:
Explanation
https://docs.microsoft.com/en-us/azure/bastion/vnet-peering
https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure-bastion
質問 # 103
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components:
* Azure loT Edge devices
* AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer are
a. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 104
You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.
What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 105
You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11.
You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks.
What should you include in the recommendation?
- A. Authenticated scan for Windows in Microsoft Defender Vulnerability Management
- B. Microsoft Secure Score for Devices in Defender for Endpoint
- C. attack surface reduction (ASR) rules in Defender for Endpoint
- D. security baselines assessments in Microsoft Defender Vulnerability Management
正解:D
質問 # 106
You plan to automate the development and deployment of a Nodejs-based app by using GitHub.
You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:
* Automate the generation of pull requests that remediate identified vulnerabilities.
* Automate vulnerability code scanning for public and private repositories.
* Minimize administrative effort.
* Minimize costs.
What should you recommend using? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 107
Hotspot Question
You have four Azure subscriptions named Sub1, Sub2, Sub3, and Sub4. Each subscription has a unique Microsoft Entra tenant that is linked to a Microsoft 365 subscription. Sub1 contains a user named User1.
You plan to implement Microsoft Sentinel.
You need to ensure that User1 can monitor Microsoft Entra ID events and Microsoft 365 events for Sub2, Sub3, and Sub4 by using Microsoft Sentinel.
The solution must minimize administrative effort.
What is the minimum number of Microsoft Sentinel workspaces you should create, and which Azure service should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Box 1: 3
Number of workspace
One for Sub2, one for Sub3, and one for Sub4.
Note: Extend Microsoft Sentinel across workspaces and tenants
When you onboard Microsoft Sentinel, your first step is to select your Log Analytics workspace.
While you can get the full benefit of the Microsoft Sentinel experience with a single workspace, in some cases, you might want to extend your workspace to query and analyze your data across workspaces and tenants.
Box 2: Azure Lighthouse
Service
Manage workspaces across tenants using Azure Lighthouse
As mentioned above, in many scenarios, the different Log Analytics workspaces enabled for Microsoft Sentinels can be located in different Microsoft Entra tenants. You can use Azure Lighthouse to extend all cross-workspace activities across tenant boundaries, allowing users in your managing tenant to work on workspaces across all tenants.
Once Azure Lighthouse is onboarded, use the directory + subscription selector on the Azure portal to select all the subscriptions containing workspaces you want to manage, in order to ensure that they'll all be available in the different workspace selectors in the portal.
When using Azure Lighthouse, it's recommended to create a group for each Microsoft Sentinel role and delegate permissions from each tenant to those groups.
Reference:
https://learn.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants
https://learn.microsoft.com/en-us/azure/sentinel/multiple-tenants-service-providers
質問 # 108
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 109
Hotspot Question
You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates.
VDI devices are members of the domain.
You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Microsoft Entra Domain Services domain.
You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:
- Ensure that the hosts are onboarded to Defender for Endpoint during
the first startup sequence.
- Ensure that the Microsoft Defender portal contains a single entry for each deployed VDI host.
- Minimize administrative effort.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
https://learn.microsoft.com/en-us/defender-endpoint/configure-endpoints-vdi
質問 # 110
You have an Azure subscription.
You plan to deploy enterprise-scale landing zones based on the Microsoft Cloud Adoption Framework for Azure. The deployment will include a single-platform landing zone for all shared services and three application landing zones that will each host a different Azure application.
You need to recommend which resource to deploy to each landing zone. The solution must meet the Cloud Adoption Framework best-practice recommendations for enterprise-scale landing zones.
What should you recommend?
- A. an Azure key vault
- B. an Azure firewall
- C. an Azure Private DNS zone
- D. an Azure virtual network gateway
正解:C
質問 # 111
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.
Does this meet the goal?
- A. Yes
- B. No
正解:B
質問 # 112
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.
You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
正解:B
解説:
https://docs.microsoft.com/en-us/azure/bastion/vnet-peering
https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure-bastion
質問 # 113
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 114
......
Microsoft SC-100認定試験は、セキュリティソリューションの設計と実装、ネットワークインフラストラクチャの保護、セキュリティ制御の実装など、サイバーセキュリティアーキテクチャに関連する幅広いトピックをカバーしています。この試験では、脅威管理、アイデンティティとアクセス管理、コンプライアンスとガバナンスなどのトピックについてもカバーしています。この試験は、Azure、Office 365、Windows 10などのMicrosoftテクノロジーを使用して安全なソリューションを設計および実装する個人の能力をテストするように設計されています。
SC-100問題集、あなたを合格させる認証試験:https://www.goshiken.com/Microsoft/SC-100-mondaishu.html
まもなくセール終了!リアルSC-100のPDF解答を使おう:https://drive.google.com/open?id=13OSpaHWEyYvyBoKn8MR-8Hhd9EIbgrUZ