[2025年12月]更新のSC-100試験問題集、SC-100練習テスト問題
検証済みSC-100問題集PDF資料 [2025]
Microsoft SC-100認定は、サイバーセキュリティ分野でのキャリアを進歩させたい専門家にとって貴重な資格です。候補者は、機密情報とシステムを保護する安全なソリューションを設計および実装するために必要なスキルと知識を持っていることを雇用主に示しています。さらに、この認定は、雇用機会の増加、給与の増加、および雇用の安全性の向上につながる可能性があります。
質問 # 21
You have a Microsoft 365 subscription
You need to recommend a security solution to monitor the following activities:
* User accounts that were potentially compromised
* Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each Correct selection is worth one Point.
正解:
解説:
質問 # 22
You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11.
You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks.
What should you include in the recommendation?
- A. Microsoft Secure Score for Devices in Defender for Endpoint
- B. security baselines assessments in Microsoft Defender Vulnerability Management
- C. attack surface reduction (ASR) rules in Defender for Endpoint
- D. Authenticated scan for Windows in Microsoft Defender Vulnerability Management
正解:B
質問 # 23
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance.
What should you do first?
- A. From Defender for Cloud, review the Azure security baseline for audit report.
- B. From Defender for Cloud, add a regulatory compliance standard.
- C. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
- D. From Azure Policy, assign a built-in policy definition that has a scope of the subscription.
正解:B
質問 # 24
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?
- A. No
- B. Yes
正解:B
解説:
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-privileged-access#pa-2-avoid-standing-access-for-user-accounts-and-permissions
質問 # 25
What should you create in Azure AD to meet the Contoso developer requirements?
正解:
解説:
質問 # 26
Hotspot Question
You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.
What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-linkedin?pivots=b2c- user-flow
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
質問 # 27
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. Azure AD workbooks to monitor risk detections
- B. access packages in Identity Governance
- C. smart account lockout in Azure AD B2C
- D. custom resource owner password credentials (ROPC) flows in Azure AD B2C
- E. Azure AD Conditional Access integration with user flows and custom policies
正解:C、E
解説:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management
https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow
質問 # 28
Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DSV You need to recommend an identity security strategy that meets the following requirements:
* Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website
* Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned The solution must minimize the need to deploy additional infrastructure components. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 29
Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 30
Your on-premises network contains an e-commerce web app that was developed in Angular and Nodejs. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Key Vault to store credentials.
- A. No
- B. Yes
正解:A
解説:
When using Azure-provided PaaS services (e.g., Azure Storage, Azure Cosmos DB, or Azure Web App, use the PrivateLink connectivity option to ensure all data exchanges are over the private IP space and the traffic never leaves the Microsoft network.
質問 # 31
Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1.
Your perimeter network contains a server named Server1 that runs Windows Server.
You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.
You plan to implement a security solution that will include the following configurations:
* Manage access to App1 by using Microsoft Entra Private Access.
* Deploy a Microsoft Entra application proxy connector to Server1.
* Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.
* For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:
o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.
o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.
o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.
o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.
You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.
Which rule should you remove?
- A. Rule1
- B. Rule4
- C. Rule2
- D. Rule3
正解:D
質問 # 32
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation. You need to recommend a security posture management solution for the following components:
* Azure loT Edge devices
* AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
解説:

質問 # 33
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Segment Microsoft Sentinel workspaces by: Region and Azure AD tenant
Lighthouse subscription
質問 # 34
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
- A. From Defender for Cloud, enable Defender for Cloud plans.
- B. From Defender for Cloud, review the Azure security baseline for audit report.
- C. From Azure Policy, assign a built-in initiative that has a scope of the subscription.
- D. From Defender for Cloud, review the secure score recommendations.
正解:A
解説:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what- regulatory-compliance-standards-are-available-in-defender-for-cloud
質問 # 35
You have an Active Directory Domain Services (AD DS) domain that contains a virtual desktop infrastructure (VDI). The VDI uses non-persistent images and cloned virtual machine templates. VDI devices are members of the domain.
You have an Azure subscription that contains an Azure Virtual Desktop environment. The environment contains host pools that use a custom golden image. All the Azure Virtual Desktop deployments are members of a single Azure Active Directory Domain Services (Azure AD DS) domain.
You need to recommend a solution to deploy Microsoft Defender for Endpoint to the hosts. The solution must meet the following requirements:
* Ensure that the hosts are onboarded to Defender for Endpoint during the first startup sequence.
* Ensure that the Microsoft Defender 365 portal contains a single entry for each deployed VDI host.
* Minimize administrative effort.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 36
You have an Azure subscription.
You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar.
Developers use Azure DevOps to deploy web apps to App Service Environments- When a new app is deployed, a CNAME record for the app is registered in contoso.com.
You need to recommend a solution to secure the DNS record tor each web app. The solution must meet the following requirements:
* Ensure that when an app is deleted, the CNAME record for the app is removed also
* Minimize administrative effort.
What should you include in the recommendation?
- A. Microsoft Defender foe App Service
- B. Microsoft Defender for DNS
- C. Microsoft Defender for Cloud Apps
- D. Microsoft Defender for DevOps
正解:B
質問 # 37
You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
正解:
解説:
質問 # 38
Your company wants to optimize using Azure to protect its resources from ransomware.
You need to recommend which capabilities of Azure Backup and Azure Storage provide the strongest protection against ransomware attacks. The solution must follow Microsoft Security Best Practices.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:

質問 # 39
You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.
What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 40
You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE Each correct selection is worth one point.
正解:
解説:
質問 # 41
You have to Azure subscriptions that contain 100 role-based access control (RBAC) role assignments.
You plan to consolidate the role assignments.
You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort.
What should you include in the recommendation?
- A. Microsoft Entra Permissions Management
- B. Microsoft Entra Privileged Identity Management (PIM)
- C. Microsoft Defender for Cloud
- D. Microsoft Entra access reviews
正解:A
質問 # 42
You plan to automate the development and deployment of a Nodejs-based app by using GitHub.
You need to recommend a DevSecOps solution for the app. The solution must meet the following requirements:
* Automate the generation of pull requests that remediate identified vulnerabilities.
* Automate vulnerability code scanning for public and private repositories.
* Minimize administrative effort.
* Minimize costs.
What should you recommend using? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 43
You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)
After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?
- A. Storage accounts should prevent shared key access
- B. Storage account keys should not be expired
- C. Storage account public access should be disallowed
- D. Azure Key Vault Managed HSM should have purge protection enabled
正解:C
解説:
https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent
質問 # 44
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment.
The solution must meet the regulatory compliance requirements and the business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 45
......
Microsoft Cybersecurity Architect (SC-100) Exam は、サイバーセキュリティの分野における個人のスキルと知識を評価するために設計された認定試験です。この試験は、Microsoft 製品やサービスに対するセキュリティ上の脅威を特定し、軽減することに焦点を当てています。この認定資格は、サイバーセキュリティにおける専門知識を証明し、この分野でキャリアを進めたいプロフェッショナルを対象としています。
最新のSC-100実際の無料試験問題は更新された325問あります:https://jp.fast2test.com/SC-100-premium-file.html
無料SC-100試験ブレーン問題集認定ガイド問題と解答:https://drive.google.com/open?id=1hO7zpkC9m2n-xF9RJ3BprxwvLtDLBt5P