Free Microsoft SC-100 Exam Questions
Try our Free Demo Practice Tests for Comprehensive SC-100 Exam Preparation
-
Microsoft SC-100 Exam Questions
-
Provided By: Microsoft
- Exam: Microsoft Cybersecurity Architect
- Certification: Microsoft Certified Cybersecurity Architect Expert
-
Total Questions: 271
-
Updated On: May 23, 2026
-
Rated: 4.9 |
-
Online Users: 542
-
Question 1
-
Your company is developing a modern application that will run as an Azure App Service web app. You
plan to perform threat modeling to identify potential security issues by using the Microsoft Threat
Modeling Tool. Which type of diagram should you create?
Answer: A
-
Your company is developing a modern application that will run as an Azure App Service web app. You
plan to perform threat modeling to identify potential security issues by using the Microsoft Threat
Modeling Tool. Which type of diagram should you create?
-
Question 2
-
Your on-premises network contains an Active Directory Domain Services (AD DS) domain namedcorpxontoso.com and an AD DS-integrated application named App1.Your perimeter network contains a server named Server1 that runs Windows Server.You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.You plan to implement a security solution that will include the following configurations:Manage access to App1 by using Microsoft Entra Private Access.Deploy a Microsoft Entra application proxy connector to Server1.Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation. For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.You need to maximize security for the planned implementation. The solution must minimize theimpact on the connector.Which rule should you remove?
Answer: C
-
Your on-premises network contains an Active Directory Domain Services (AD DS) domain namedcorpxontoso.com and an AD DS-integrated application named App1.Your perimeter network contains a server named Server1 that runs Windows Server.You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.You plan to implement a security solution that will include the following configurations:Manage access to App1 by using Microsoft Entra Private Access.Deploy a Microsoft Entra application proxy connector to Server1.Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation. For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.You need to maximize security for the planned implementation. The solution must minimize theimpact on the connector.Which rule should you remove?
-
Question 3
-
You have a Microsoft 365 subscription that contains 500 users. Each user is assigned a Microsoft 365
E5 license and uses a Windows device. Microsoft Purview data loss prevention (DLP) policies are
applied to Microsoft Exchange Online email and SharePoint Online sites. You plan to monitor the
usage of third-party generative Al apps by using Microsoft Purview Data Security Posture
Management for Al (DSPM for Al). What should you do first?
Answer: B
-
You have a Microsoft 365 subscription that contains 500 users. Each user is assigned a Microsoft 365
E5 license and uses a Windows device. Microsoft Purview data loss prevention (DLP) policies are
applied to Microsoft Exchange Online email and SharePoint Online sites. You plan to monitor the
usage of third-party generative Al apps by using Microsoft Purview Data Security Posture
Management for Al (DSPM for Al). What should you do first?
-
Question 4
-
You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need
to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts.
Which two configurations should you include in the recommendation? Each correct answer presents
part of the solution. NOTE: Each correct selection is worth one point.
Answer: B,C
-
You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need
to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts.
Which two configurations should you include in the recommendation? Each correct answer presents
part of the solution. NOTE: Each correct selection is worth one point.
-
Question 5
-
Your company has a main office and 10 branch offices. Each branch office contains an on-premisesfile server that runs Windows Server and multiple devices that run either Windows 11 or macOS. Thedevices are enrolled in Microsoft Intune.You have a Microsoft Entra tenant.You need to deploy Global Secure Access to implement web filtering for device traffic to the internetThe solution must ensure that all the web traffic from the devices in the branch offices is controlledby using Global Secure Access.What should you do first in each branch office?
Answer: B
-
Your company has a main office and 10 branch offices. Each branch office contains an on-premisesfile server that runs Windows Server and multiple devices that run either Windows 11 or macOS. Thedevices are enrolled in Microsoft Intune.You have a Microsoft Entra tenant.You need to deploy Global Secure Access to implement web filtering for device traffic to the internetThe solution must ensure that all the web traffic from the devices in the branch offices is controlledby using Global Secure Access.What should you do first in each branch office?