Curious about Actual Microsoft Cybersecurity Architect Expert (SC-100) Exam Questions?

You have legacy operational technology (OT) devices and loT devices.

You need to recommend best practices for applying Zero Trust principles to the OT and loT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.

Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point

You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.

You need to enhance security on the virtual machines. The solution must meet the following requirements:

* Ensure that only apps on an allowlist can be run.

* Require administrators to confirm each app added to the allowlist.

* Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.

* Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.

What should you include in the solution?

You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server and 50 virtual machines that run Linux. You need to perform vulnerability assessments on the virtual machines. The solution must meet the following requirements:

* Identify missing updates and insecure configurations.

* Use the Qualys engine.

What should you use?

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:

* Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.

* The Security Administrator role will be mapped to the privileged access security level.

* The users in Group1 will be assigned the Security Administrator role.

* The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.

What should you include in the solution?

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.

What should you use?