SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 291:

    DRAG DROP

    You have an Azure environment that contains multiple workloads deployed across multiple subscriptions.

    You need to recommend a solution to assess and improve the security posture of the workloads.

    The solution must meet the following requirements:

    1. Use the Microsoft Cloud Adoption Framework for Azure to evaluate compliance with cloud governance policies.

    2. Use the Azure Well-Architected Framework to secure individual workloads.

    What should you include in the recommendation for each requirement? To answer, drag the appropriate recommendations to the correct requirements. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    Select and Place:

  • Question 292:

    You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.

    You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.

    What should you include in the recommendation?

    A. Apply read-only locks on the storage accounts.
    B. Set the AllowSharcdKeyAccess property to false.
    C. Set the AllowBlobPublicAcccss property to false.
    D. Configure automated key rotation.

  • Question 293:

    Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

    After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

    You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices.

    You need to implement a solution that meets the following requirements:

    Allows user access to SaaS apps that Microsoft has identified as low risk.

    Blocks user access to Saas apps that Microsoft has identified as high risk.

    Solution: You configure app protection policies in Intune, and you create a Conditional Access policy.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 294:

    HOTSPOT

    You are designing a privileged access strategy for a company named Contoso, Ltd. and its partner company named Fabrikam, Inc. Contoso has an Azure AD tenant named contoso.com. Fabrikam has an Azure AD tenant named fabrikam.com. Users at Fabrikam must access the resources in contoso.com.

    You need to provide the Fabrikam users with access to the Contoso resources by using access packages. The solution must meet the following requirements:

    Ensure that the Fabrikam users can use the Contoso access packages without explicitly creating guest accounts in contoso.com.

    Allow non-administrative users in contoso.com to create the access packages.

    What should you use for each requirement? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 295:

    You are designing a ransomware response plan that follows Microsoft Security Best Practices.

    You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files.

    What should you include in the recommendation?

    A. Windows Defender Device Guard
    B. Microsoft Defender for Endpoint
    C. Azure Files
    D. BitLocker Drive Encryption (BitLocker)
    E. protected folders

  • Question 296:

    HOTSPOT

    Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders.

    The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled.

    You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.

    You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.

    You need to recommend an Azure AD identity Governance solution that meets the following requirements:

    1. Project managers must verify that their project group contains only the current members of their project team

    2. The members of each project team must only have access to the resources of the project to which they are assigned

    3. Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.

    4. Administrative effort must be minimized.

    What should you include in the recommendation? To answer select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 297:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure subscription that has Microsoft Defender for Cloud enabled.

    You are evaluating the Azure Security Benchmark V3 report.

    In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

    You need to recommend configurations to increase the score of the Secure management ports controls.

    Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 298:

    You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server and 50 virtual machines that run Linux.

    You need to perform vulnerability assessments on the virtual machines. The solution must meet the following requirements:

    1. Identify missing updates and insecure configurations.

    2. Use the Qualys engine.

    What should you use?

    A. Microsoft Defender for Servers
    B. Microsoft Defender Threat Intelligence (Defender TI)
    C. Microsoft Defender for Endpoint
    D. Microsoft Defender External Attack Surface Management (Defender EASM)

  • Question 299:

    HOTSPOT

    You have a Microsoft 365 E5 subscription that uses Microsoft Exchange Online.

    You need to recommend a solution to prevent malicious actors from impersonating the email addresses of internal senders.

    What should you include in the recommendation? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 300:

    You have the following on-premises servers that run Windows Server:

    1. Two domain controllers in an Active Directory Domain Services (AD DS) domain

    2. Two application servers named Server1 and Server2 that run ASP.NET web apps

    3. A VPN server named Served that authenticates by using RADIUS and AD DS

    4. End users use a VPN to access the web apps over the internet.

    You need to redesign a user access solution to increase the security of the connections to the web apps.

    The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

    What should you include in the recommendation?

    A. Publish the web apps by using Azure AD Application Proxy.
    B. Configure the VPN to use Azure AD authentication.
    C. Configure connectors and rules in Microsoft Defender for Cloud Apps.
    D. Configure web protection in Microsoft Defender for Endpoint.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.