Summer Certification Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Free Practice Questions for the Microsoft Certified: Cybersecurity Architect Expert SC-100 Exam (2026 Updated)

At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the Microsoft SC-100 exam. To support your certification journey, we have made a selection of our premium 2026 Microsoft Certified: Cybersecurity Architect Expert practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.

Questions 4

Your company plans to provision blob storage by using an Azure Storage account The blob storage will be accessible from 20 application sewers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?

Options:

A.

service tags in network security groups (NSGs)

B.

managed rule sets in Azure Web Application Firewall (WAF) policies

C.

inbound rules in network security groups (NSGs)

D.

firewall rules for the storage account

E.

inbound rules in Azure Firewall

Buy Now
Questions 5

You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

SC-100 Question 5

After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?

Options:

A.

Storage account public access should be disallowed

B.

Azure Key Vault Managed HSM should have purge protection enabled

C.

Storage accounts should prevent shared key access

D.

Storage account keys should not be expired

Buy Now

SC-100 Report Card

Questions 6

Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DS).

You need to recommend an identity security strategy that meets the following requirements:

• Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website

• Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned

The solution must minimize the need to deploy additional infrastructure components. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 6

Options:

Buy Now
Questions 7

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.

Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 8

You have a Microsoft 365 E5 subscription.

You need to recommend a security solution that meets the following requirements:

• Automatically identifies and stops external, brute force attacks against accounts in the subscription

• Automatically identifies and stops external attacks that use an internal account to exfiltrate data from Microsoft SharePoint Online sites in the subscription

What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 8

Options:

Buy Now
Questions 9

You have a Microsoft 365 E5 subscription and an Azure subscription.

You need to recommend a solution to enforce the Zero Trust principle of explicit verification for the subscriptions. The solution must be based on Zero Trust guidance in the Microsoft Cybersecurity Reference Architectures (MCRA).

What should you include in the recommendation?

Options:

A.

Microsoft Defender for Cloud

B.

Conditional Access

C.

Microsoft Entra ID Identity Governance

D.

Microsoft Defender for Identity

Buy Now
Questions 10

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.

You need to configure WS1 to meet the following requirements:

• Create custom dashboards to visualize the workload of security analysts that use Microsoft Sentinel.

• Enable automated responses for the security alerts generated by Microsoft Sentinel analytics rules.

What should you use for each requirement? To answer, select the options in the answer area.

NOTE: Each correct answer is worth one point.

SC-100 Question 10

Options:

Buy Now
Questions 11

You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 £5 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11.

You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks.

What should you include in the recommendation?

Options:

A.

Authenticated scan for Windows in Microsoft Defender Vulnerability Management

B.

Microsoft Secure Score for Devices in Defender for Endpoint

C.

attack surface reduction (ASR) rules in Defender for Endpoint

D.

security baselines assessments in Microsoft Defender Vulnerability Management

Buy Now
Questions 12

You have an Azure subscription that contains the resources shown in the following table.

SC-100 Question 12

You need to recommend a network security solution for App1. The solution must meet the following requirements:

• Only the virtual machines that are connected to Subnet1 must be able to connect to D81.

• DB1 must be inaccessible from the internet

• Costs must be minimized.

What should you include in the recommendation? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.

SC-100 Question 12

Options:

Buy Now
Questions 13

You have an Azure subscription that contains multiple network security groups (NSGs), multiple virtual machines, and an Azure Bastion host named bastion1.

Several NSGs contain rules that allow direct RDP access to the virtual machines by bypassing bastion!

You need to ensure that the virtual machines can be accessed only by using bastion! The solution must prevent the use of NSG rules to bypass bastion1.

What should you include in the solution?

Options:

A.

Azure Virtual Network Manager connectivity configurations

B.

Azure Virtual Network Manager security admin rules

C.

Azure Firewall application rules

D.

Azure Firewall network rules

Buy Now
Questions 14

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.

All on-premises Windows servers in the perimeter network are prevented from connecting directly to the internet.

The customer recently recovered from a tansomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend solutions to meet the following requirements:

• Ensure that the security operations team can access the security logs and the operation logs.

• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.

Which two solutions should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options:

A.

the Azure Monitor agent

B.

Microsoft Entra Conditional Access policies

C.

Windows Server event subscription

D.

resource-based role-based access control (RBAC)

Buy Now
Questions 15

You have multiple Azure subscriptions that each contains multiple resource groups.

You need to identify the privileged role assignments in each subscription and any associated security risks. The solution must minimize administrative effort.

What should you use?

Options:

A.

The Analytics dashboard in Microsoft Entra Permissions Management

B.

access reviews in Microsoft Entra ID Identity Governance

C.

access reviews in Privileged Identity Management (PIM)

D.

Microsoft Defender External Attack Surface Management (Defender EASM) discovery

Buy Now
Questions 16

You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

You need to recommend a security solution that meets the following requirements:

• Detects vulnerability scans of the apps

• Detects whether newly deployed apps are vulnerable to attack

What should you recommend using? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 16

Options:

Buy Now
Questions 17

You have an Azure subscription that contains a Microsoft Sentinel workspace named MSW1. MSW1 includes 50 scheduled analytics rules.

You need to design a security orchestration automated response (SOAR) solution by using Microsoft Sentinel playbooks. The solution must meet the following requirements:

• Ensure that expiration dates can be configured when a playbook runs.

• Minimize the administrative effort required to configure individual analytics rules.

What should you use to invoke the playbooks, and which type of Microsoft Sentinel trigger should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 17

Options:

Buy Now
Questions 18

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure.

You plan to deploy Azure virtual machines that will run Windows Server.

You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.

How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 18

Options:

Buy Now
Questions 19

Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.

You receive the following recommendations in Defender for Cloud

• Access to storage accounts with firewall and virtual network configurations should be restricted,

• Storage accounts should restrict network access using virtual network rules.

• Storage account should use a private link connection.

• Storage account public access should be disallowed.

You need to recommend a service to mitigate identified risks that relate to the recommendations. What should you recommend?

Options:

A.

Azure Storage Analytics

B.

Azure Network Watcher

C.

Microsoft Sentinel

D.

Azure Policy

Buy Now
Questions 20

You have two on-premises servers named Server! and Server2 that run Windows Server. Server1 contains an app named App1 and is isolated from the internet.

You have a Microsoft Entra tenant

You plan to deploy Global Secure Access to provide remote access to App1.

You need to configure the tenant and Server2 to support the planned deployment. The solution must ensure that when users attempt to access App1, they must authenticate by using their Microsoft Entra credentials.

What should you create in the tenant, and what should you install on Server2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 20

Options:

Buy Now
Questions 21

Your company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure.

You need to perform threat modeling by using a top-down approach based on the Microsoft Cloud Adoption Framework for Azure.

What should you use to start the threat modeling process?

Options:

A.

the STRIDE model

B.

the DREAD model

C.

OWASP threat modeling

Buy Now
Questions 22

You have an Azure subscription.

You need to use a federated model in Azure API Management to control access to your organization ' s APIs. The solution must meet the following requirements:

• Support the use of role-based access control (RBAC) to manage the APIs.

• Support the use of keys to control the consumption of the APIs.

To which scope should you associate each control method? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 22

Options:

Buy Now
Questions 23

Your company, named Contoso. Ltd... has an Azure AD tenant namedcontoso.com. Contoso has a partner company named Fabrikam. Inc. that has an Azure AD tenant named fabrikam.com. You need to ensure that helpdesk users at Fabrikam can reset passwords for specific users at Contoso. The solution must meet the following requirements:

• Follow the principle of least privilege.

• Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 23

Options:

Buy Now
Questions 24

You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 24

Options:

Buy Now
Questions 25

You need to recommend a solution to meet the requirements for connections to ClaimsDB.

What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 25

Options:

Buy Now
Questions 26

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

SC-100 Question 26

Options:

Buy Now
Questions 27

You need to recommend a multi-tenant and hybrid security solution that meets to the business requirements and the hybrid requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

SC-100 Question 27

Options:

Buy Now
Questions 28

You need to recommend an identity security solution for the Azure AD tenant of Litware. The solution must meet the identity requirements and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 28

Options:

Buy Now
Questions 29

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements.

What should you configure for each landing zone?

Options:

A.

Azure DDoS Protection Standard

B.

an Azure Private DNS zone

C.

Microsoft Defender for Cloud

D.

an ExpressRoute gateway

Buy Now
Questions 30

You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.

Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

Options:

A.

Azure AD Conditional Access

B.

Microsoft Defender for Cloud Apps

C.

Microsoft Defender for Cloud

D.

Microsoft Defender for Endpoint

E.

access reviews in Azure AD

Buy Now
Questions 31

You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-100 Question 31

Options:

Buy Now
Questions 32

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

SC-100 Question 32

Options:

Buy Now
Questions 33

To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Security Assertion Markup Language (SAML)

B.

NTLMv2

C.

certificate-based authentication

D.

Kerberos

Buy Now
Questions 34

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation? (Choose Two)

Options:

A.

Onboard the virtual machines to Microsoft Defender for Endpoint.

B.

Onboard the virtual machines to Azure Arc.

C.

Create a device compliance policy in Microsoft Endpoint Manager.

D.

Enable the Qualys scanner in Defender for Cloud.

Buy Now
Questions 35

What should you create in Azure AD to meet the Contoso developer requirements?

SC-100 Question 35

Options:

Buy Now
Questions 36

You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

What should you include in the recommendation?

Options:

A.

Transparent Data Encryption (TDE)

B.

Always Encrypted

C.

row-level security (RLS)

D.

dynamic data masking

E.

data classification

Buy Now
Questions 37

You are evaluating the security of ClaimsApp.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

SC-100 Question 37

Options:

Buy Now
Questions 38

You need to recommend a solution to meet the security requirements for the virtual machines.

What should you include in the recommendation?

Options:

A.

an Azure Bastion host

B.

a network security group (NSG)

C.

just-in-time (JIT) VM access

D.

Azure Virtual Desktop

Buy Now
Questions 39

You need to recommend a solution to meet the security requirements for the InfraSec group.

What should you use to delegate the access?

Options:

A.

a subscription

B.

a custom role-based access control (RBAC) role

C.

a resource group

D.

a management group

Buy Now
Questions 40

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

Options:

A.

Azure Key Vault

B.

GitHub Advanced Security

C.

Application Insights in Azure Monitor

D.

Azure DevTest Labs

Buy Now
Exam Code: SC-100
Exam Name: Microsoft Cybersecurity Architect
Last Update: Jul 1, 2026
Questions: 296

PDF + Testing Engine

$64.99   $185.69

Testing Engine

$49.99   $142.83

PDF (Q&A)

$54.99   $157.11