SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 31:

    You have an Azure subscription and a Microsoft 365 subscription.

    Your company uses several software as a service (SaaS) applications.

    To align with Microsoft cloud security benchmark (MCSB) and Microsoft Cybersecurity Reference Architectures (MCRA), you plan to design a solution to provide visibility into user activity across the applications and detect potentially risky behavior in real time.

    Which service should you recommend?

    A. Microsoft Purview Information Protection
    B. Microsoft Defender for Cloud Apps
    C. Microsoft Defender for Endpoint
    D. Microsoft Sentinel

  • Question 32:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.

    You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.

    Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 33:

    HOTSPOT

    You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 stores documents that are based on a predefined form and include confidential employee information.

    You monitor access to Site1 by using a Microsoft Defender for Cloud Apps session policy.

    You need to ensure that step-up authentication is triggered when a user downloads documents that are based on the predefined form. The solution must minimize administrative effort.

    Which Microsoft Data Classification Service inspection method should you use, and which Conditional Access option should you add to the session policy? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 34:

    You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

    The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

    You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

    Which security control should you recommend?

    A. OAuth app policies in Microsoft Defender for Cloud Apps
    B. Azure Security Benchmark compliance controls in Defender for Cloud
    C. application control policies in Microsoft Defender for Endpoint
    D. app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

  • Question 35:

    You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server. The virtual machines are managed by using Azure Policy and Microsoft Defender for Servers.

    You need to enhance security on the virtual machines. The solution must meet the following requirements:

    1. Ensure that only apps on an allowlist can be run.

    2. Require administrators to confirm each app added to the allowlist.

    3. Automatically add unauthorized apps to a blocklist when an attempt is made to launch the app.

    4. Require administrators to approve an app before the app can be moved from the blocklist to the allowlist.

    What should you include in the solution?

    A. a compute policy in Azure Policy
    B. admin consent settings for enterprise applications in Azure AD
    C. adaptive application controls in Defender for Servers
    D. app governance in Microsoft Defender for Cloud Apps

  • Question 36:

    DRAG DROP

    Your company has Microsoft 365 E5 licenses and Azure subscriptions.

    The company plans to automatically label sensitive data stored in the following locations:

    1. Microsoft SharePoint Online

    2. Microsoft Exchange Online

    3. Microsoft Teams

    You need to recommend a strategy to identify and protect sensitive data.

    Which scope should you recommend for the sensitivity label policies? To answer, drag the appropriate scopes to the correct locations. Each scope may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    Select and Place:

  • Question 37:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

    You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.

    Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF).

    Does this meet the goal?

    A. Yes
    B. No

  • Question 38:

    HOTSPOT

    Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DS).

    You need to recommend an identity security strategy that meets the following requirements:

    1. Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website

    2. Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned

    The solution must minimize the need to deploy additional infrastructure components.

    What should you include in the recommendation? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 39:

    You have a customer that has a Microsoft 365 subscription and an Azure subscription.

    The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.

    You need to design a security solution to assess whether all the devices meet the customer's compliance rules.

    What should you include in the solution?

    A. Microsoft Sentinel
    B. Microsoft Purview Information Protection
    C. Microsoft Intune
    D. Microsoft Defender for Endpoint

  • Question 40:

    Your company has an on-premises network and an Azure subscription.

    The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure.

    You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.

    You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.

    What should you include in the recommendation?

    A. a private endpoint
    B. hybrid connections
    C. virtual network NAT gateway integration
    D. virtual network integration

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.