SC-100 Exam Details

  • Exam Code
    :SC-100
  • Exam Name
    :Microsoft Cybersecurity Architect
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :350 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft SC-100 Online Questions & Answers

  • Question 51:

    Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

    Communication between the on-premises network and Azure uses an ExpressRoute connection.

    You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.

    What should you include in the recommendation?

    A. Azure Traffic Manager with priority traffic-routing methods
    B. Azure Firewall with policy rule sets
    C. Azure Front Door with Azure Web Application Firewall (WAF)
    D. Azure Application Gateway v2 with user-defined routes (UDRs)

  • Question 52:

    HOTSPOT

    You have 500 Windows 11 devices and 200 macOS devices.

    The devices are managed by using Microsoft Intune and are subject to compliance policies.

    You plan to deploy the following Intune features:

    1. Security baselines

    2. Remote lock of noncompliant devices.

    Which feature will be supported by each platform? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point

  • Question 53:

    You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed.

    You plan to deploy the following configuration of Microsoft Entra Internet Access:

    1. Enable a baseline profile.

    2. Create a security profile named Profile1 that has a priority of 300 and contains a single web content filtering policy named WCFPolicy1.

    Configure WCFPolicy1 as follows: Set Action to allow.

    Include a single rule that has a fully qualified domain name (FQDN) destination of *.adatum.com.

    Link Profile1 to a Conditional Access policy named CAPolicy1, apply CAPolicy1 to all users, and grant access unless a user's device is noncompliant.

    You need to evaluate the impact of the planned deployment on traffic to the following resources:

    1. https://www.adatum.com:8433

    2. https://www.fabrikam.com

    Which two traffic scenarios will occur? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

    A. Traffic to https://www.fabrikam.com will be allowed from all the devices.
    B. Traffic to https://www.adatum.com:8433 will be blocked from all the devices.
    C. Traffic to https://www.adatum.com:8433 will be allowed from all the devices.
    D. Traffic to https://www.fabrikam.com will be allowed from compliant devices only.
    E. Traffic to https://www.adatum.com:8433 will be allowed from compliant devices only.
    F. Traffic to https://www.fabrikam.com will be blocked from noncompliant devices only.

  • Question 54:

    Your company has a main office and a branch office.

    The main office contains 20 on-premises servers that run Windows Server and host apps that are published by using Microsoft Entra application proxy. The main office contains 500 on-premises computers that run Windows 11. The branch office contains 100 on-premises computers that run Windows 11.

    All the main office computers are enrolled in Microsoft Intune. The branch office computers are NOT enrolled in Intune.

    You have a Microsoft 365 ES subscription.

    You have a Microsoft Entra tenant. You have a third-party software as a service (SaaS) app that is registered in the Microsoft Entra tenant.

    You plan to implement Global Secure Access.

    You are evaluating the use of compliant network check and Conditional Access.

    Which two scenarios are supported by compliant network check? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point

    A. connections to the third-party SaaS app
    B. connections from the branch office computers
    C. Continuous Access Evaluation for Microsoft Exchange Online
    D. connections to the on-premises apps

  • Question 55:

    HOTSPOT

    You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).

    You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.

    You need to recommend a security solution that meets the following requirements:

    1. Detects vulnerability scans of the apps

    2. Detects whether newly deployed apps are vulnerable to attack

    What should you recommend using? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

  • Question 56:

    You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named contoso.com. Sub1 contains 20 virtual networks named Sub1_VNet1 through Sub1_VNet20.

    You have an Azure subscription named Sub2 that is linked to a Microsoft Entra tenant named fabrikam.com. Sub2 contains 20 virtual networks named Sub2_VNet1 through Sub2_VNet20.

    You need to deploy an Azure Virtual Network Manager solution that meets the following requirements:

    1. Blocks SSH traffic on Sub1_VNet20 and Sub2_VNet20 by using network security groups (NSGs)

    2. Blocks SSH traffic on Sub1_VNet1 through Sub1_VNet19 and Sub2_VNet1 through Sub2_VNet19

    3. Allows SSH traffic on Sub1_VNet20 and Sub2_VNet20

    4. Blocks FTP traffic on all the virtual networks

    5. Minimizes administrative effort.

    What is minimum number of components required for the deployment?

    A. 1. Virtual Network Manager instance1. 1 rule collection2. 2 NSGs
    B. 2. Virtual Network Manager instances that each contains:1. NSG1. rule collection
    C. 2. Virtual Network Manager instances that each contains:2. NSGs2. rule collections
    D. 1. Virtual Network Manager instance1. 2 rule collections2. 2 NSGs

  • Question 57:

    HOTSPOT

    You have an Azure subscription.

    You need to use a federated model in Azure API Management to control access to your organization's APIs. The solution must meet the following requirements:

    Support the use of role-based access control (RBAC) to manage the APIs.

    Support the use of keys to control the consumption of the APIs.

    To which scope should you associate each control method? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 58:

    You need to recommend a solution to meet the security requirements for the virtual machines.

    What should you include in the recommendation?

    A. an Azure Bastion host
    B. a network security group (NSG)
    C. just-in-time (JIT) VM access
    D. Azure Virtual Desktop

  • Question 59:

    Your company is developing a modern application that will un as an Azure App Service web app.

    You plan to perform threat modeling to identity potential security issues by using the Microsoft Threat Modeling Tool.

    Which type of diagram should you create?

    A. data flow
    B. system flow
    C. process flow
    D. network flow

  • Question 60:

    HOTSPOT

    You have the Azure subscriptions shown in the following table.

    The tenants contain the groups shown in the following table.

    You perform the flowing actions:

    1. Configure multi-user authorization (MUA) for Vault1 by using a resource guard deployed to Sub2.

    2. Enable all available MUA controls for Vault1.

    3. In contoso.com, create a Privileged Identity Management (PIM) assignment named Assignment1.

    4. Configure Assignment1 to enable Group1 to activate the Contributor role for Vault1.

    For each of the following statements, select Yes if the statements is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-100 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.