Microsoft SC-100 Practice Exams
Last updated on Mar 31,2025- Exam Code: SC-100
- Exam Name: Microsoft Cybersecurity Architect
- Certification Provider: Microsoft
- Latest update: Mar 31,2025
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.
Does this meet the goal?
- A . Yes
- B . No
You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive data.
What should you include in the recommendation?
- A . Microsoft Defender for Cloud Apps
- B . insider risk management
- C . Microsoft Information Protection
- D . Azure Purview
Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States.
You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attach surface.
What should you include in the recommendation?
- A . Azure Firewall Premium
- B . Azure Application Gateway Web Application Firewall (WAF)
- C . network security groups (NSGs)
- D . Azure Traffic Manager and application security groups
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend configuring gateway-required virtual network integration.
Does this meet the goal?
- A . Yes
- B . No
Your company has a Microsoft 365 E5 subscription.
The Chief Compliance Officer plans to enhance privacy management in the working environment. You need to recommend a solution to enhance the privacy management.
The solution must meet the following requirements:
• Identify unused personal data and empower users to make smart data handling decisions.
• Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.
• Provide users with recommendations to mitigate privacy risks.
What should you include in the recommendation?
- A . Microsoft Viva Insights
- B . Advanced eDiscovery
- C . Privacy Risk Management in Microsoft Priva
- D . communication compliance in insider risk management
Your company is preparing for cloud adoption.
You are designing security for Azure landing zones.
Which two preventative controls can you implement to increase the secure score? Each NOTE: Each correct selection is worth one point.
- A . Azure Firewall
- B . Azure Web Application Firewall (WAF)
- C . Microsoft Defender for Cloud alerts
- D . Azure Active Directory (Azure AD Privileged Identity Management (PIM)
- E . Microsoft Sentinel
Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool.
Which type of diagram should you create?
- A . data flow
- B . system flow
- C . process flow
- D . network flow
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Azure AD Conditional Access integration with user flows and custom policies
- B . Azure AD workbooks to monitor risk detections
- C . custom resource owner password credentials (ROPC) flows in Azure AD B2C
- D . access packages in Identity Governance
- E . smart account lockout in Azure AD B2C
You need to design a strategy for securing the SharePoint Online and Exchange Online data. The solution must meet the application security requirements.
Which two services should you leverage in the strategy? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.
- A . Azure AD Conditional Access
- B . Microsoft Defender for Cloud Apps
- C . Microsoft Defender for Cloud
- D . Microsoft Defender for Endpoint
- E . access reviews in Azure AD
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers.
In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Linux containers deployed to Azure Container Registry
- B . Linux containers deployed to Azure Kubernetes Service (AKS)
- C . Windows containers deployed to Azure Container Registry
- D . Windows containers deployed to Azure Kubernetes Service (AKS)
- E . Linux containers deployed to Azure Container Instances