Microsoft Cybersecurity Architect (SC-100) Sample Questions

  1. Home
  2. Microsoft Cybersecurity Architect (SC-100) Sample Questions
Microsoft Cybersecurity Architect (SC-100) Sample Questions

Candidates who possess in-depth skills and understanding in a variety of security engineering domains, including as identity and access, platform protection, security operations, data security, and application security, should take the SC-100: Microsoft Cybersecurity Architect exam. Additionally, they must have experience with cloud and hybrid implementation. The article provides a list of Microsoft Cybersecurity Architect (SC-100) Sample Questions that cover core exam topics including –

  • Design a Zero Trust strategy and architecture (30–35%)
  • Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)
  • Design security for infrastructure (20–25%)

Advanced Sample Questions

What would be the best solution to prevent a network breach by unauthorized users who have gained access through weak passwords?

  • A) Implement two-factor authentication
  • B) Enforce strong password policies
  • C) Install firewalls at all entry points
  • D) Regularly update anti-virus software

Answer: A) Implement two-factor authentication

Explanation: Two-factor authentication provides an extra layer of security by requiring users to provide a second factor, such as a fingerprint or a one-time code, in addition to their password. This makes it more difficult for unauthorized users to gain access, even if they have obtained the password through a weak password policy.

An organization’s security posture has been compromised and sensitive data has been stolen. What should be the first step to mitigate the damage?

  • A) Report the incident to the relevant authorities
  • B) Conduct a full forensic investigation
  • C) Notify all affected individuals
  • D) Implement new security measures

Answer: B) Conduct a full forensic investigation

Explanation: The first step in mitigating the damage of a security breach is to understand what has happened. This involves conducting a full forensic investigation to determine the extent of the breach, what data has been stolen, and how the attackers gained access. Only then can appropriate actions be taken to prevent further damage and implement new security measures.

An organization’s data is stored in the cloud and it is concerned about the security of this data. What steps can be taken to ensure the security of this data?

  • A) Use encryption for all data stored in the cloud
  • B) Implement two-factor authentication for all cloud users
  • C) Store data in multiple cloud locations
  • D) All of the above

Answer: D) All of the above

Explanation: Encrypting data before it is stored in the cloud, implementing two-factor authentication, and storing data in multiple cloud locations are all best practices to ensure the security of cloud-based data. By using these measures, organizations can ensure that their data is protected against unauthorized access, theft, and loss.

An organization is concerned about the security of its sensitive information and wants to prevent data theft. What can be done to prevent data theft?

  • A) Use strong encryption for all sensitive data
  • B) Train employees on security best practices
  • C) Conduct regular security audits
  • D) All of the above

Answer: D) All of the above

Explanation: To prevent data theft, organizations should take a comprehensive approach that includes strong encryption, employee training, and regular security audits. Encrypting sensitive data helps to prevent unauthorized access, while training employees on security best practices helps to reduce the risk of data breaches caused by human error. Regular security audits help to identify potential vulnerabilities and ensure that all security measures are in place and functioning properly.

An organization is concerned about the security of its mobile devices and wants to ensure that sensitive data is protected. What can be done to secure mobile devices?

  • A) Use strong passwords
  • B) Implement device encryption
  • C) Regularly update the operating system and installed apps
  • D) All of the above

Answer: D) All of the above

Explanation: To secure mobile devices, organizations should use strong passwords, implement device encryption, and regularly update the operating system and installed apps. Strong passwords help to prevent unauthorized access, while encryption helps to protect sensitive data stored on the device. Regularly updating the operating system and installed apps helps to ensure that any vulnerabilities are patched and the device remains secure against the latest threats.

An organization’s security posture has been compromised and it needs to quickly determine the extent of the breach. What should be the first step in responding to a security breach?

  • A) Disconnect all affected systems from the network
  • B) Conduct a full forensic investigation
  • C) Notify relevant authorities
  • D) Restore systems from backups

Answer: A) Disconnect all affected systems from the network

Explanation: Disconnecting all affected systems from the network is the first step in responding to a security breach. This helps to prevent further spread of the attack and prevent any additional data theft. Once the systems have been disconnected, a full forensic investigation can be conducted to determine the extent of the breach and the appropriate response can be taken.

An organization wants to implement security measures to protect against phishing attacks. What can be done to protect against phishing attacks?

  • A) Use anti-spam filters
  • B) Train employees on identifying phishing emails
  • C) Implement two-factor authentication
  • D) All of the above

Answer: D) All of the above

Explanation: To protect against phishing attacks, organizations should use anti-spam filters, train employees on identifying phishing emails, and implement two-factor authentication. Anti-spam filters help to prevent phishing emails from reaching employees, while training employees helps them to recognize and avoid phishing attacks. Two-factor authentication provides an extra layer of security by requiring users to provide a second factor, such as a one-time code or fingerprint, in addition to their password.

An organization wants to implement security measures to protect against malware attacks. What can be done to protect against malware attacks?

  • A) Use anti-virus software
  • B) Keep all software up to date
  • C) Conduct regular security audits
  • D) All of the above

Answer: D) All of the above

Explanation: To protect against malware attacks, organizations should use anti-virus software, keep all software up to date, and conduct regular security audits. Anti-virus software helps to prevent malware from infecting systems, while keeping all software up to date helps to ensure that vulnerabilities are patched and the risk of infection is reduced. Regular security audits help to identify potential vulnerabilities and ensure that all security measures are in place and functioning properly.

An organization wants to implement security measures to protect against ransomware attacks. What can be done to protect against ransomware attacks?

  • A) Regularly backup important data
  • B) Use anti-virus software
  • C) Train employees on identifying suspicious emails and attachments
  • D) All of the above

Answer: D) All of the above

Explanation: To protect against ransomware attacks, organizations should regularly backup important data, use anti-virus software, and train employees on identifying suspicious emails and attachments. Regular backups ensure that important data can be restored in the event of an attack, while anti-virus software helps to prevent ransomware from infecting systems. Employee training helps to reduce the risk of ransomware attacks by teaching employees how to identify and avoid suspicious emails and attachments.

An organization wants to implement security measures to protect against man-in-the-middle (MITM) attacks. What can be done to protect against MITM attacks?

  • A) Use encryption for all communications
  • B) Implement strong authentication methods
  • C) Use firewalls to control network access
  • D) All of the above

Answer: D) All of the above

Explanation: To protect against MITM attacks, organizations should use encryption for all communications, implement strong authentication methods, and use firewalls to control network access. 

Basic Sample Questions

Q1)Your business is a subscriber to Microsoft 365 ES. The Chief Compliance Officer wants to improve workplace privacy management. You must suggest a way to improve privacy management. The answer must adhere to the following criteria:

  • Identify underutilised personal data and give people the tools they need to handle data responsibly.
  • When a user sends personal information through Microsoft Teams, let users know and offer instructions.
  • Make suggestions to users on how to reduce privacy threats. What should the recommendation contain?
  • A. communication compliance in insider risk management
  • B. Microsoft Viva Insights
  • C. Privacy Risk Management in Microsoft Priva
  • D. Advanced eDiscovery

Correct Answer: C

Q2)You have a Microsoft Defender for Cloud subscription that is active. The Workload safeguards dashboard has started displaying alarms for suspicious authentication behaviour. You must suggest a method for analysing and fixing the alerts utilising process automation. The solution must reduce the amount of development work. What should the recommendation contain?

  • A. Azure Monitor webhooks
  • B. Azure Event Hubs
  • C. Azure Functions apps
  • D. Azure Logics Apps

Correct Answer: D

Q3)You have both an Azure subscription and a Microsoft 365 E5 subscription. Designing a Microsoft deployment is what you do. You must offer the security operations team a recommendation. Custom views and a dashboard for examining security events must be part of the solution. What should you suggest Microsoft Sentinel users use?

  • A. notebooks
  • B. playbooks
  • C. workbooks
  • D. threat intelligence

Correct Answer: C

Q4)Microsoft Defender for Identity is used by your firm, which has a Microsoft 365 subscription. You are alerted of incidents involving stolen identities. You must suggest a solution to make numerous accounts vulnerable to attack. An alert must be set off when the attackers try to use the accounts for their own gain. Which Defender for Identity feature ought to be mentioned in the suggestion in Microsoft Cybersecurity Architect (SC-100) ?

  • A. sensitivity labels
  • B. custom user tags
  • C. standalone sensors
  • D. honeytoken entity tags

Correct Answer: D

Q5)All on-premises workloads are being transferred by your firm to Azure and Microsoft 365. The following criteria must be met while creating a security orchestration, automation, and response (SOAR) plan in Microsoft Sentinel:
 reduces the need for security operation analysts to manually intervene in triaging alerts within Microsoft Teams channels is supported. What should the strategy contain in Microsoft Cybersecurity Architect (SC-100) ?

  • A. KQL
  • B. playbooks
  • C. data connectors
  • D. workbooks

Correct Answer: B

Q6)There are virtual machines, storage accounts, and Azure SQL databases included with your Azure subscription. Azure Backup is used to perform multiple daily backups of all resources. You are planning a defence against ransomware assaults. In order to guarantee that Azure Backup can be utilised to recover the resources in the event of a successful ransomware attack, you must advise which controls must be enabled. Which two controls ought to be suggested as part of the recommendation? Each accurate response offers an entire resolution in Microsoft Cybersecurity Architect (SC-100) .

  • A. Allow backups to use soft deletion.
  • B. PINs must be used for important operations.
  • C. Encrypt backups using keys that the customer manages (CMKs).
  • D. Create backups in Azure Data Box when offline.
  • E. When backup configurations change, use Azure Monitor notifications.

Correct Answer: B and E

Q7)Your business employs Microsoft Sentinel and Splunk as part of a third-party security information and event management (SIEM) system. You want to combine Splunk and Microsoft Sentinel. To submit security events from Microsoft Sentinel to Splunk, you must suggest a solution. What should the recommendation contain?

  • A. a Microsoft Sentinel data connector
  • B. Azure Event Hubs
  • C. a Microsoft Sentinel workbook
  • D. Azure Data Factory

Correct Answer: A

Q8) Each attempt to access a customer’s corporate apps is explicitly verified as they adhere to the Zero Trust approach. The customer finds that numerous endpoints have malware infections. Access attempts from the compromised endpoints are halted by the customer. The endpoints are free of malware. Which two requirements must be fulfilled in order for endpoint users to obtain access to corporate apps once more? Each right response offers a piece of the answer.

  • A. A new set of client access tokens is generated.
  • B. The endpoints are deemed compatible by Microsoft Intune.
  • C. A new Conditional Access policy for Azure Active Directory (Azure AD) is put into effect.
  • D. Endpoints are deemed compliant by Microsoft Defender for Endpoint.

Correct Answer: A and C

Q9)You have a customer who uses the free version of Azure Active Directory and has a Microsoft 365 subscription (Azure AD). The customer intends to buy a subscription to Azure and set up a number of Azure resources. You must assess the security environment of the client. What will make upgrading from Azure AD Free to Azure AD Premium necessary?

  • A. Azure AD Privileged Identity Management (PIM)
  • B. role-based authorization
  • C. resource-based authorization
  • D. Azure AD Multi-Factor Authentication

Correct Answer: D

Q10)You are creating the safety requirements for a fresh Azure environment. A privileged identification strategy built on the Zero Trust concept is required. Which framework ought you to use when making the design?

  • A. Microsoft Security Development Lifecycle (SDL)
  • B. Enhanced Security Admin Environment (ESAE)
  • C. Rapid Modernization Plan (RaMP)
  • D. Microsoft Operational Security Assurance (OSA)

Correct Answer: C

Q11)You are checking the compliance of an Azure environment. Design an Azure Policy implementation that can be used to assess compliance without modifying any resources, according to the requirements. Which effect in Azure Policy should you use?

  • A. Deny
  • B. Modify
  • C. Append
  • D. Disabled

Correct Answer: D

Q12)Check to see if Microsoft Defender for servers is set up on each Windows-based virtual machine. What compliance measure should you assess?

  • A. Asset Management
  • B. Posture and Vulnerability Management
  • C. Data Protection
  • D. Endpoint Security
  • E. Incident Response

Correct Answer: D

Q13)Microsoft Defender for Cloud’s increased security is activated on your company’s Azure subscription. The business enters into a deal with the US government. Reviewing the existing subscription is necessary to ensure NIST 800-53 compliance. What ought to you start with?

  • A. Select a built-in initiative with the subscription’s scope from the Azure Policy.
  • B. Set up the Microsoft Defender for Cloud data connector in Microsoft Sentinel.
  • C. Review the Azure security baseline for the audit report using Defender for Cloud.
  • D. Establish an access policy for cloud applications using Microsoft Defender for Cloud Apps.

Correct Answer: A

Q14)You have a Microsoft Defender for Cloud subscription that is active. You’ve implemented Amazon Web Services (AWS). You intend to incorporate the AWS deployment into the Azure security strategy. Azure Arc will NOT be used in the solution. Which three services are available for use in securing AWS resources? Each accurate response offers an entire resolution.

  • A. Microsoft Defender for Containers
  • B. Microsoft Defender for servers
  • C. Azure Active Directory (Azure AD) Conditional Access
  • D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • E. Azure Policy

Correct Answer: A,C and E

Q15)Your business has an Azure subscription and an on-premises network in Seattle. A Remote Desktop server is part of the on-premises network. For the purpose of creating and deploying resources to the virtual machines housed in the Azure subscription, the organisation hires a French third-party development company. Currently, the company connects to the Remote Desktop server via RDP. The company can use specially installed administrative tools on the Remote Desktop server to access the virtual machines hosted in Azure from the Remote Desktop connection. A firewall intercepts all traffic to the Remote Desktop server and only permits certain connections from France to the server. You must provide a cutting-edge security measure based on the Zero Trust concept. Developers must experience as little latency as possible.Which three steps would you advise? Each right response offers a piece of the answer.

  • A. Set up network security groups (NSGs) to restrict access to only particular logical IP address range groupings.
  • B. Establish a Remote Desktop server in a French Azure area.
  • C. Switch from Azure Virtual Desktop to the Remote Desktop server.
  • D. Use Azure Firewall to limit outward access to the host pool.
  • E. Set up named locations with multi-factor authentication (MFA) conditional access in Azure Active Directory (Azure AD).

Correct Answer: C, D and E

Q16)Your business uses a hybrid cloud architecture. The business intends to quickly hire a number of temporary workers. The temporary workers will require access to the company’s on-premises network applications and data. Personal devices cannot access company data or applications due to company security policies. You must suggest a plan of action to grant the temporary worker access to corporate resources. The solution must be scalable as needed. What should the recommendation contain?

  • A. Install Microsoft Defender for Cloud Apps, Azure Virtual Desktop, and Azure Active Directory (Azure AD) Conditional Access.
  • B. Implement a split tunnel configuration while redesigning the VPN architecture.
  • C. Implement Azure Active Directory (Azure AD) Conditional Access and Microsoft Endpoint Manager.
  • D. Convert existing on-site applications to cloud-based ones.

Correct Answer: A

Q17)Your business is getting ready to utilise the cloud. You are creating landing zones for Azure security. What are the two preventative measures you may put in place to raise the secure score? Each accurate response offers a full resolution.

  • A. Azure Web Application Firewall (WAF)
  • B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • C. Microsoft Sentinel
  • D. Azure Firewall
  • E. Microsoft Defender for Cloud alerts

Correct Answer: B and C

Q18)You have a Microsoft Defender for Cloud subscription that is active. The subscription must adhere to ISO 27001:2013 criteria. Resources that are not compliant must be automatically remedied as part of the solution. Which should you employ?

  • A. Azure Policy
  • B. Azure Blueprints
  • C. the regulatory compliance dashboard in Defender for Cloud
  • D. Azure role-based access control (Azure RBAC)

Correct Answer: A

Q19)You have 50 subscriptions to Azure. You must keep an eye on the resource included in the subscriptions to make sure it complies with ISO 27001:2013 requirements. The solution must reduce the amount of work needed to change the subscribers’ list of monitored policy definitions. What are the two methods for achieving the aim? Each accurate response offers an entire resolution.

  • A. Assign an initiative to a management group.
  • B. Assign a policy to each subscription.
  • C. Assign a policy to a management group.
  • D. Assign an initiative to each subscription.
  • E. Assign a blueprint to each subscription.
  • F. Assign a blueprint to a management group

Correct Answer: A and F

Q20)You are a subscriber to both Azure and Microsoft 365. Microsoft Defender for Cloud and Microsoft 365 Defender are activated. There are 50 virtual machines with the Azure subscription. On Windows Server 2019, each virtual machine runs a different set of programmes. To guarantee that only approved apps can execute on the virtual machines, you must suggest a solution. Applications that are not authorised to execute or install must be automatically prevented until they are given permission by an administrator. Which security measure ought to you suggest?

  • A. Defender for Cloud’s adaptive application restrictions
  • B. Microsoft Endpoint Manager’s app protection policies
  • C. Microsoft Defender for Cloud Apps’s anomaly detection policies for app discovery
  • D. Defender for Cloud compliance measures for Azure Security Benchmark

Correct Answer: A

Microsoft Cybersecurity Architect (SC-100) free practice test
Menu