SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 321:

    HOTSPOT

    You have three Microsoft Entra tenants named Tenant 1. Tenant2. and Tenant3.

    You have three Azure subscriptions named Sub1, Sub2, and Sub3. Each tenant is associated with multiple Azure subscriptions.

    Each subscription contains a single Microsoft Sentinel workspace as shown in the following table.

    You need to recommend a solution that meets the following requirements:

    1. Ensures that the users in Tenant1 can manage the resources in Sub2 and Sub3 without having to switch subscriptions or sign in to a different tenant

    2. Implements multiple workspace view for Sentinel2 and Sentinel3

    What should you use to delegate permissions, and which Microsoft Sentinel feature will users be able to manage in multiple workspace view? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 322:

    You have an Azure subscription that has Microsoft Defender for Cloud enabled.

    Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.

    You need to recommend a solution to evaluate and remediate the alerts by using a workflow automation feature of Microsoft Defender for Cloud.

    What should you include in the recommendation?

    A. Azure Monitor webhooks
    B. Azure Event Hubs
    C. Azure Functions apps
    D. Azure Logic Apps

  • Question 323:

    DRAG DROP

    You are designing a security operations strategy based on the Zero Trust framework.

    You need to increase the operational efficiency of the Microsoft Security Operations Center (SOC).

    Based on the Zero Trust framework, which three deployment objectives should you prioritize in sequence? To answer move the appropriate objectives from the list of objectives to the answer area and arrange them in the correct order.

    Select and Place:

  • Question 324:

    You need to recommend a solution to meet the security requirements for the InfraSec group.

    What should you use to delegate the access?

    A. a subscription
    B. a custom role-based access control (RBAC) role
    C. a resource group
    D. a management group

  • Question 325:

    Your company has a Microsoft 365 E5 subscription.

    Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating.

    The company identifies protected health information (PHI) within stored documents and communications.

    What should you recommend using to prevent the PHI from being shared outside the company?

    A. sensitivity label policies
    B. data loss prevention (DLP) policies
    C. insider risk management policies
    D. retention policies

  • Question 326:

    HOTSPOT

    You have an Azure subscription that contains App Service apps in four Azure regions. Users connect to the apps from the internet.

    You plan to block requests to the apps if the requests contain security threats specified in the Core Rule Set (CRS) of the Open Web Application Security Project (OWASP).

    You need to design a solution to block the requests. The solution must meet the following requirements:

    1. Maintain access to the apps in the event of a region outage.

    2. Minimize the number of resources required.

    What should you include in the design? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 327:

    You have an on-premises network with an Active Directory Domain Services (AD DS) domain named corp.contoso.com and an AD DS-integrated application named App1. Your perimeter network contains a server named Server1 running Windows Server. You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.

    You plan to implement a security solution with the following configurations:

    1. Manage access to App1 using Microsoft Entra Private Access.

    2. Deploy a Microsoft Entra application proxy connector to Server1.

    3. Implement single sign-on (SSO) for App1 using Kerberos constrained delegation.

    For Server1, you plan to configure the following rules in Windows Defender Firewall with Advanced Security:

    1. Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.

    2. Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.

    3. Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.

    4. Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.

    You need to maximize security for the planned implementation while minimizing the impact on the connector.

    Which rule should you remove?

    A. Rule1
    B. Rule2
    C. Rule3
    D. Rule4

  • Question 328:

    Your company is preparing for cloud adoption.

    You are designing security for Azure landing zones.

    Which two solutions should you include in the design to ensure that preventative controls are implemented to increase the secure score? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    A. Azure Web Application Firewall (WAF)
    B. Azure AD Privileged Identity Management (PIM)
    C. Microsoft Sentinel
    D. Azure Firewall
    E. Microsoft Defender for Cloud alerts

  • Question 329:

    HOTSPOT

    You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements.

    What should you recommend? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 330:

    You manage 10 Azure subscriptions, which collectively contain 100 role-based access control (RBAC) role assignments.

    You are planning to consolidate these role assignments.

    Your task is to recommend a solution to identify which role assignments have not been used in the last 90 days, with the goal of minimizing administrative effort.

    What solution should be included in your recommendation?

    A. Microsoft Defender for Cloud
    B. Microsoft Entra access reviews
    C. Microsoft Entra Privileged Identity Management (PIM)
    D. Microsoft Entra Permissions Management

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.