SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 21:

    You have an Azure subscription. The subscription contains multiple Azure App Service web apps that are distributed across multiple Azure regions and are accessed via the internet.

    You need to ensure that all incoming requests to the apps are inspected for threats based on the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP). The solution must meet the following requirements:

    1. Support the use of Microsoft-managed X.509 certificates.

    2. Route users to the geographically closest app.

    3. Minimize administrative effort.

    What should you use?

    A. Azure Firewall Premium
    B. Azure Front Door with a web application firewall (WAF)
    C. Azure Firewall Standard
    D. Azure Application Gateway with a web application firewall (WAF)

  • Question 22:

    HOTSPOT

    You have a multi-cloud environment that contains an Azure subscription and an Amazon Web Services (AWS) account.

    You need to implement security services in Azure to manage the resources in both subscriptions. The solution must meet the following requirements:

    1. Automatically identify threats found in AWS CloudTrail events.

    2. Enforce security settings on AWS virtual machines by using Azure policies.

    What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 23:

    You have a Microsoft 365 subscription that contains 1,000 users. Each user is assigned a Microsoft 365 E5 license.

    The subscription uses sensitivity labels to classify corporate documents. All the users have Windows 11 devices that are onboarded to Microsoft Defender for Endpoint and are configured to sync files to Microsoft OneDrive.

    You need to prevent the users from uploading the documents from OneDrive to external websites.

    What should you include in the solution?

    A. Microsoft Purview Information Protection
    B. Microsoft Purview data loss prevention (DLP)
    C. web content filtering in Defender for Endpoint
    D. an endpoint security policy

  • Question 24:

    You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure.

    What should you recommend?

    A. unit testing
    B. penetration testing
    C. dependency checks
    D. threat modeling

  • Question 25:

    HOTSPOT

    You have an Azure subscription that contains an Azure key vault named Vault1.

    You plan to deploy multiple virtual machines that will host a custom app named App1. App1 will use secrets stored in Vault1. The virtual machines will be redeployed regularly based on the usage demands of App1.

    You need to recommend a solution that will enable App1 to access the secrets stored in Vault1. The solution must meet the following requirements:

    Minimize the number of security principals that can access Vault1. Minimize the storage of sensitive data on the virtual machines.

    Minimize administrative effort.

    Which type of endpoint should App1 use to access the secrets, and which type of identity should App1 use? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 26:

    You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

    The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

    You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

    Which security control should you recommend?

    A. Azure AD Conditional Access App Control policies
    B. Azure Security Benchmark compliance controls in Defender for Cloud
    C. app protection policies in Microsoft Endpoint Manager
    D. application control policies in Microsoft Defender for Endpoint

  • Question 27:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure subscription that has Microsoft Defender for Cloud enabled.

    You are evaluating the Azure Security Benchmark V3 report.

    In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

    You need to recommend configurations to increase the score of the Secure management ports controls.

    Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 28:

    HOTSPOT

    You have a Microsoft 365 subscription. The subscription contains Windows 11 devices that are protected by using Microsoft Defender XDR.

    You need to block access to file sharing sites from the devices. The solution must meet the following requirements:

    1. Identify file sharing sites to which users have connected during the last 90 days.

    2. Prevent the users from connecting to the identified file sharing sites.

    3. Minimize administrative effort.

    What should you use to identify the file sharing sites, and which Microsoft Defender service should you use to prevent the users from connecting to the sites? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 29:

    Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.

    You are informed about incidents that relate to compromised identities.

    You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.

    Which Defender for Identity feature should you include in the recommendation?

    A. sensitivity labels
    B. custom user tags
    C. standalone sensors
    D. honeytoken entity tags

  • Question 30:

    HOTSPOT

    You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and Microsoft Purview.

    You need to recommend a data protection solution. The solution must ensure that you can identify users that download atypical amounts of data from Microsoft SharePoint Online.

    Which service should you include in the recommendation, and which policy should be configured? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.