SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 341:

    You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements.

    What should you include in the recommendation?

    A. row-level security (RLS)
    B. Transparent Data Encryption (TDE)
    C. Always Encrypted
    D. data classification
    E. dynamic data masking

  • Question 342:

    HOTSPOT

    You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements.

    What should you include in the recommendation?

    To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

  • Question 343:

    Your company has an office in Seattle.

    The company has two Azure virtual machine scales sets hosted on different virtual networks.

    The company plans to contract developers in India.

    You need to recommend a solution to provide the developers with the ability to connect to the virtual machines over SSL from the Azure portal. The solution must meet the following requirements:

    1. Prevent exposing the public IP addresses of the virtual machines.

    2. Provide the ability to connect without using a VPN.

    3. Minimize costs.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Create a hub and spoke network by using virtual network peering.
    B. Deploy Azure Bastion to each virtual network.
    C. Enable just-in-time VM access on the virtual machines.
    D. Create NAT rules and network rules in Azure Firewall.
    E. Deploy Azure Bastion to one virtual network.

  • Question 344:

    You have a Microsoft 365 E5 subscription and an Azure subscription.

    You are designing a Microsoft deployment.

    You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events.

    What should you recommend using in Microsoft Sentinel?

    A. playbooks
    B. workbooks
    C. notebooks
    D. threat intelligence

  • Question 345:

    HOTSPOT

    You have a Microsoft 365 tenant.

    You need to recommend a Microsoft 365 Defender solution to enhance security for the tenant. The solution must meet the following requirements:

    1. Identify users that are downloading an unusually high number of files from Microsoft SharePoint Online sites and are possibly involved in a data exfiltration attempt.

    2. Block Microsoft Teams messages that contain potentially malicious content by using zero-hour auto purge (ZAP).

    What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

  • Question 346:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are designing the encryption standards for data at rest for an Azure resource.

    You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

    Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).

    Does this meet the goal?

    A. Yes
    B. No

  • Question 347:

    You have an Azure subscription.

    You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protected by using Microsoft Defender for Servers Plan 1.

    You have a Microsoft 365 subscription.

    You need to recommend a solution to identify which servers have outdated hardware drivers or firmware.

    What should you include in the recommendation?

    A. Change all the servers to Microsoft Defender for Servers Plan 2.
    B. Add the Microsoft Intune Suite add-on.
    C. Onboard all the servers to Azure Update Manager.
    D. Add Microsoft Defender Vulnerability Management add-ons.

  • Question 348:

    HOTSPOT

    You have an Azure subscription that contains multiple storage accounts, which include Azure Files shares and Azure Blob Storage containers. The accounts have encryption scopes and infrastructure encryption enabled.

    You need to implement customer-managed key-based encryption for the shares and containers. The solution must ensure that the encryption keys are applied at the most granular level.

    At which level should you apply the encryption keys?

    To answer, select the appropriate options in the answer area.

    Each correct selection is worth one point.

  • Question 349:

    Your company has the virtual machine infrastructure shown in the following table.

    The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines to Azure.

    You need to provide recommendations to increase the resiliency of the backup strategy to mitigate attacks such as ransomware.

    What should you include in the recommendation?

    A. Use geo-redundant storage (GRS).
    B. Implement Azure Site Recovery replication.
    C. Use customer-managed keys (CMKs) for encryption.
    D. Require PINs to disable backups.

  • Question 350:

    You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

    The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

    You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

    Which security control should you recommend?

    A. app registrations in Azure Active Directory (Azure AD)
    B. OAuth app policies in Microsoft Defender for Cloud Apps
    C. Azure Security Benchmark compliance controls in Defender for Cloud
    D. application control policies in Microsoft Defender for Endpoint

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.