SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 41:

    HOTSPOT

    You have an Azure subscription.

    You have a Microsoft 365 subscription.

    You need to assess regulatory compliance of the subscriptions.

    The solution must meet the following requirements:

    1. Identify whether data stored in Azure and Microsoft 365 complies with General Data Protection Regulation (GDPR) regulations.

    2. Identify whether Azure resources comply with National Institute of Standards and Technology (NIST) standards.

    3. Provide recommendations on controls to improve compliance.

    What should you use? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 42:

    You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts.

    You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts.

    Which two configurations should you include in the recommendation? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.
    B. Enable Microsoft Defender for Identity.
    C. Send the Azure Cosmos DB logs to a Log Analytics workspace.
    D. Disable local authentication for Azure Cosmos DB.
    E. Enable Microsoft Defender for Cosmos DB.

  • Question 43:

    Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription.

    The company uses the following devices:

    1. Computers that run either Windows 10 or Windows 11

    2. Tablets and phones that run either Android or iOS

    You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored.

    What should you include in the recommendation?

    A. eDiscovery
    B. Microsoft Information Protection
    C. Compliance Manager
    D. retention policies

  • Question 44:

    HOTSPOT

    You use Azure Policy with Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows.

    You need to recommend best practices to secure the stages of the CI/CD workflows based on the Microsoft Cloud Adoption Framework for Azure.

    What should you include in the recommendation for each stage? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 45:

    A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.

    You need to design an identity strategy for the app. The solution must meet the following requirements:

    1. Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.

    2. Be managed separately from the identity store of the customer.

    3. Support fully customizable branding for each app.

    Which service should you recommend to complete the design?

    A. Azure Active Directory (Azure AD) B2B
    B. Azure Active Directory Domain Services (Azure AD DS)
    C. Azure Active Directory (Azure AD) B2C
    D. Azure AD Connect

  • Question 46:

    Your company has on-premises Microsoft SQL Server databases.

    The company plans to move the databases to Azure.

    You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs.

    What should you include in the recommendation?

    A. Azure SQL Managed Instance
    B. Azure Synapse Analytics dedicated SQL pools
    C. Azure SQL Database
    D. SQL Server on Azure Virtual Machines

  • Question 47:

    HOTSPOT

    You have an Azure DevOps organization that is used to manage the development and deployment of internal apps to multiple Azure subscriptions.

    You are developing a DevSecOps strategy.

    You need to apply DevSecOps controls for the secure code stage and the secure operations stage.

    The solution must be based on Microsoft Cloud Adoption Framework for Azure principles.

    What should you apply for each stage? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 48:

    You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications.

    You need to recommend a deployment solution that includes network security groups (NSGs), Azure Firewall, Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure.

    What should you include in the recommendation?

    A. the Azure landing zone accelerator
    B. the Azure Well-Architected Framework
    C. Azure Security Benchmark v3
    D. Azure Advisor

  • Question 49:

    HOTSPOT

    You have an Azure subscription that contains a virtual network named VNet1. VNet1 includes a 10-node virtual machine scale set hosting a web search app named App1. Customers access App1 from the internet, and the nodes establish outbound HTTP and HTTPS connections to the internet.

    You need to recommend a network security solution for App1 that meets the following requirements:

    1. Inbound connections to App1 that contain security threats specified in the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP) must be blocked.

    2. Outbound HTTP and HTTPS connections from the virtual machine scale set that contain security threats identified by the Microsoft Defender Threat Intelligence (Defender TI) feed must be blocked.

    What should you include in the recommendation?

    To answer, select the options in the answer area. Each correct answer is worth one point.

  • Question 50:

    Your company has an Azure subscription that uses Microsoft Defender for Cloud.

    The company signs a contract with the United States government.

    You need to review the current subscription for NIST 800-53 compliance.

    What should you do first?

    A. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.
    B. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
    C. From Defender for Cloud, enable Defender for Cloud plans.
    D. From Defender for Cloud, add a regulatory compliance standard.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.