Practice SC-100 Design a strategy for data and applications questions with full explanations on every answer.
Start practicing
Design a strategy for data and applications — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company is designing a data protection strategy for Azure SQL Database. They need to ensure that backups are retained for 7 years to meet regulatory compliance. Which Azure feature should they use?
2A company deploys Azure App Service with a custom domain and SSL certificate. They want to enforce HTTPS only. Which configuration setting should they enable?
3A company uses Azure Policy to audit storage accounts for secure transfer (HTTPS) enforcement. The policy is set to 'AuditIfNotExists' but compliance shows 0% non-compliant storage accounts even though some accounts have secure transfer disabled. What is the most likely cause?
4A company is designing a microservices architecture on Azure Kubernetes Service (AKS). They need to secure communication between services using mutual TLS (mTLS). Which solution should they implement?
5A company stores sensitive data in Azure Blob Storage. They want to prevent data exfiltration by blocking public access and restricting network access to only their on-premises data center via VPN. Which two features should they use?
6A company uses Azure Key Vault to store secrets for their applications. They want to ensure that secrets can be automatically rotated when they are close to expiration. Which solution should they implement?
7A company is migrating on-premises applications to Azure. They need to ensure that applications can use their existing Active Directory credentials for authentication. Which Azure service should they use?
8A company wants to protect their Azure App Service web application from common web vulnerabilities like SQL injection and XSS. Which Azure service should they enable?
9A company is designing a data classification strategy for their Azure environment. They need to identify sensitive data stored in Azure SQL Database. Which TWO solutions should they consider?
10A company uses Azure Storage for sensitive data. They need to ensure that data is encrypted at rest and that encryption keys are managed by the customer (Customer-Managed Keys). Which THREE actions are required?
11A company is designing a secure DevOps pipeline for deploying Azure App Service applications. They need to ensure that secrets are not exposed in source code. Which TWO practices should they implement?
12You are the security architect for Contoso Ltd., a company that runs a critical e-commerce application on Azure Kubernetes Service (AKS). The application consists of multiple microservices that communicate over HTTP. The application uses Azure SQL Database for transactional data and Azure Redis Cache for session state. Recently, a security audit revealed that several microservices are vulnerable to SQL injection attacks because they construct SQL queries by concatenating user input. Additionally, the Redis cache is exposed to the internet with no firewall rules, and the connection string is stored in plain text in the application configuration file. The development team is concerned about performance and wants to minimize changes to the codebase. You need to design a strategy to mitigate these vulnerabilities with minimal code changes. Which of the following is the best course of action?
13A company uses Azure App Service to host a web application that stores sensitive data in Azure SQL Database. The security team requires that data at rest in the database be encrypted using a customer-managed key stored in Azure Key Vault. The key must be rotated automatically every 90 days. What is the recommended approach to meet these requirements?
14A multinational corporation is designing a data classification strategy for Microsoft 365. They have the following requirements: (1) Documents containing financial data must be labeled as 'Confidential' automatically. (2) Labels must be applied based on content patterns, such as credit card numbers. (3) The solution must work across Exchange Online, SharePoint Online, and OneDrive for Business. Which two components are essential?
15A security administrator applies the Azure Policy definition shown in the exhibit to a management group containing multiple subscriptions. After the policy is assigned, a development team reports they cannot create a new storage account in their subscription. What is the most likely cause?
16A company is designing an application architecture using Azure Kubernetes Service (AKS) and Azure Cosmos DB. The application requires that secrets (database connection strings) be injected into pods securely without storing them in the container image. The solution must minimize management overhead. What is the recommended approach?
17A company uses Azure SQL Database and needs to implement column-level encryption for a column containing social security numbers (SSNs). The encryption must use a customer-managed key stored in Azure Key Vault. The application queries this column using parameterized queries. Which technology should be used?
18A company is planning to use Azure Logic Apps to integrate multiple SaaS applications. The workflow will process sensitive customer data and must comply with data residency requirements, ensuring that data does not leave a specific Azure region. The solution must minimize latency. What is the recommended deployment strategy?
19Order the steps to respond to a Microsoft Defender for Cloud security alert.
20Order the steps to perform a disaster recovery failover of an Azure VM to a secondary region using Azure Site Recovery.
21Match each identity security concept to its definition.
22Match each Zero Trust principle to its implementation in Azure.
The Design a strategy for data and applications domain covers the key concepts tested in this area of the SC-100 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SC-100 domains — no account required.
The Courseiva SC-100 question bank contains 22 questions in the Design a strategy for data and applications domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Design a strategy for data and applications domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included