Practice SC-100 Design solutions that align with security best practices and priorities questions with full explanations on every answer.
Start practicing
Design solutions that align with security best practices and priorities — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Your organization wants to implement a zero-trust security model for on-premises and cloud resources. As part of this strategy, you need to ensure that all access requests are authenticated and authorized based on dynamic risk signals. Which Microsoft security solution should you use to enforce conditional access policies based on real-time risk?
2A company is designing a hybrid identity solution with Microsoft Entra ID. They need to ensure that users can access resources from unmanaged devices while maintaining security. The security team requires that all access from unmanaged devices must be limited to browser-only access to web apps and must block native client apps. Which conditional access grant control should you configure?
3Your organization is using Microsoft Defender for Cloud to assess the security posture of Azure resources. You need to ensure that the highest severity recommendations are addressed first. Which dashboard or feature in Defender for Cloud should you use to view the most critical security issues?
4Refer to the exhibit. You are an Azure security engineer reviewing a custom Azure Policy definition. The policy is intended to audit virtual machines to ensure they have the Azure Security extension installed. However, the policy is not triggering on any resources. What is the most likely reason?
5Your company uses Microsoft Sentinel as a SIEM. You need to create an analytics rule that detects when a user account is created outside of business hours. The rule should trigger an incident for investigation. Which type of analytics rule should you use?
6You are designing a security solution for Azure resources. You need to ensure that any changes to network security groups (NSGs) are automatically logged and sent to a central Log Analytics workspace. Which Azure feature should you use?
7Refer to the exhibit. Your organization is required to comply with PCI DSS. You need to prioritize remediation efforts to meet PCI DSS requirements. Based on the exhibit, which recommendation should you address first?
8Your organization uses Microsoft Intune to manage devices. You need to ensure that devices that are not compliant with your organization's security policies are blocked from accessing corporate resources. Which Intune feature should you configure?
9Your security team needs to receive alerts when a user is assigned a privileged role in Microsoft Entra ID. Which service should you use to create an alert for privileged role assignments?
10Which TWO actions should you take to implement a defense-in-depth strategy for an Azure application? (Choose two.)
11Which THREE Microsoft security solutions can be used to detect and respond to threats across hybrid cloud environments? (Choose three.)
12Which TWO of the following are best practices for securing Microsoft 365 tenants? (Choose two.)
13Which THREE components are part of the Microsoft Zero Trust architecture? (Choose three.)
14You are designing a security solution for an Azure Kubernetes Service (AKS) cluster. You need to ensure that only authorized images from a specific container registry can be deployed. Which Azure Policy definition should you use?
15Refer to the exhibit. You are reviewing an ARM template for a storage account. The security team has mandated that all storage accounts must enforce HTTPS traffic and use TLS 1.2 or higher. Which two changes must be made to the template to comply? (Choose two.)
16Your organization uses Microsoft Entra ID and plans to implement a Zero Trust security model. You need to ensure that all access requests to corporate applications are continuously evaluated based on user risk, device compliance, and location. Which Microsoft Entra ID feature should you configure?
17Your enterprise uses Microsoft Defender for Cloud to secure a hybrid cloud environment spanning Azure and AWS. You need to design a solution that prioritizes remediation of the most critical vulnerabilities across both clouds based on Common Vulnerability Scoring System (CVSS) scores, exploitability, and business impact. Which Defender for Cloud feature should you use?
18Your organization is adopting Microsoft Purview to classify and protect sensitive data in Microsoft 365. You need to ensure that documents containing credit card numbers are automatically detected and encrypted when shared externally. What should you configure?
19Your company is deploying Microsoft Defender XDR and wants to use automated investigation and response (AIR) to remediate confirmed threats. However, you need to ensure that high-impact actions like deleting email messages or isolating devices require manual approval from the security operations team. Which configuration should you set?
20Your organization is migrating on-premises applications to Azure and needs to secure secrets (database connection strings, API keys) used by these applications. You are required to rotate secrets automatically without downtime. Which Azure service should you use?
21Your company uses Microsoft Sentinel for security information and event management (SIEM). You need to design a solution that reduces alert fatigue by correlating low-fidelity alerts from multiple sources into a single high-fidelity incident. Which Microsoft Sentinel feature should you use?
22Your organization uses Microsoft Intune to manage mobile devices. You need to design a policy that ensures corporate data on personally owned devices is protected, but does not allow IT to wipe the entire device if it is lost or stolen. Which Intune policy type should you configure?
23Your company is implementing Microsoft Copilot for Security to assist the security operations team. You need to ensure that prompts and responses from Copilot do not expose sensitive internal information to unauthorized users. Which configuration should you apply?
24Your organization needs to audit all changes to Azure resources, including who made the change and what was changed. Which Azure service should you use to collect and analyze this audit data?
25Your organization is designing a security strategy for Microsoft 365 Copilot. You need to ensure that Copilot does not generate responses based on sensitive data that users are not authorized to access. Which TWO configurations should you implement?
26Your organization uses Microsoft Defender for Cloud to protect a multi-cloud environment (Azure, AWS, GCP). You need to ensure that security configurations are assessed against industry benchmarks like CIS and PCI DSS. Which THREE actions should you take?
27Your company is using Microsoft Entra ID and wants to implement passwordless authentication to improve security. Which THREE authentication methods should you consider?
28Refer to the exhibit. You are evaluating an Azure Policy definition that checks whether a web app redirects HTTP to HTTPS. The policy uses 'auditIfNotExists' effect. After assigning this policy to a subscription, you notice that a web app that does not redirect HTTP to HTTPS is marked as 'Healthy'. What is the most likely cause?
29Refer to the exhibit. You are analyzing a KQL query in Microsoft Sentinel that detects machines with more than two malware alerts in a day. The query returns no results even though you know there are machines with multiple malware alerts. What is the most likely reason?
30Refer to the exhibit. You are reviewing an ARM template that deploys a network security group (NSG) for a web application. The NSG allows inbound HTTP traffic from any source and then denies all other inbound traffic. However, after deployment, you find that HTTP traffic is being blocked. What is the most likely cause?
31A company plans to implement a Zero Trust security model. Which of the following is the primary principle that should guide their strategy?
32Your organization uses Microsoft Defender for Cloud Apps. You need to detect anomalous behavior such as impossible travel. What should you configure?
33A company uses Microsoft Sentinel and wants to implement a security orchestration, automation, and response (SOAR) solution. They need a playbook that automatically blocks a user in Microsoft Entra ID when a high-severity incident is created. What should they use?
34Your organization is implementing Microsoft Entra ID Conditional Access. You need to require multi-factor authentication (MFA) for all users accessing financial applications, but only when the sign-in risk is medium or higher. What is the most efficient way to achieve this?
35A company uses Microsoft Defender for Endpoint (MDE) and needs to ensure that all devices report their security configuration to Microsoft Defender XDR. Which setting should they verify?
36Your organization is adopting Microsoft Copilot for Security. You need to ensure that the AI model does not expose sensitive data during interactions. What is the primary security control you should implement?
37A company uses Microsoft Purview to manage data governance. They need to classify sensitive data automatically in Azure SQL Database. What should they configure?
38Your organization uses Microsoft Intune for mobile device management. You need to ensure that only devices compliant with security policies can access corporate email. What should you implement?
39A company needs to design a secure DevOps pipeline using GitHub Actions and Microsoft Defender for Cloud. They want to scan infrastructure-as-code (IaC) templates for misconfigurations before deployment. What should they integrate?
40Which TWO of the following are key components of a Zero Trust architecture according to Microsoft? (Choose two.)
41Which THREE of the following are valid ways to protect sensitive data in Microsoft 365 using Microsoft Purview? (Choose three.)
42Which TWO of the following are benefits of using Microsoft Defender XDR (Extended Detection and Response)? (Choose two.)
43Your organization is implementing a Zero Trust security model. Which Microsoft security solution should you use to enforce conditional access policies based on user, device, location, and real-time risk signals?
44Your company uses Microsoft Defender XDR to protect endpoints. The security team wants to implement automated response actions when a malicious file is detected on a device. Which Microsoft security feature should you configure to automatically isolate the affected device from the network?
45Your organization plans to use Microsoft Purview to protect sensitive data in Microsoft 365. The compliance team needs to detect when users share credit card numbers via email and automatically apply encryption. Which solution should you implement?
46Your organization uses Microsoft Sentinel as its SIEM. The security team needs to detect brute-force attacks against Azure VMs by analyzing Windows Security Event logs. Which data connector should you enable?
47Your company is migrating on-premises Active Directory to Microsoft Entra ID. The security team requires that users must use passwordless authentication methods for all sign-ins. Which Microsoft Entra ID feature should you enable to support passwordless authentication?
48Your organization uses Microsoft Defender for Cloud to assess the security posture of Azure resources. The compliance team wants to ensure that all storage accounts have secure transfer required enabled. Which action should you take in Defender for Cloud?
49Your organization is adopting a Zero Trust network strategy. Which Microsoft solution should you use to implement micro-segmentation and enforce identity-based access controls for on-premises and cloud resources?
50Your company uses Microsoft Purview to classify and label sensitive data. The data protection team needs to automatically apply a 'Confidential' label to documents that contain a custom sensitive info type for employee IDs. Which should you create?
51Your organization uses Microsoft Sentinel for security operations. The SOC team wants to automatically disable a compromised user account in Microsoft Entra ID when a high-severity alert is generated. Which automation method should you use?
52Which TWO Microsoft security solutions can help enforce Zero Trust principles by verifying identity and device health before granting access to resources?
53Which THREE components are essential for implementing a successful SIEM strategy using Microsoft Sentinel?
54Which TWO Microsoft Purview solutions are used to discover and protect sensitive data across Microsoft 365, Azure, and on-premises environments?
55Refer to the exhibit. You are reviewing a conditional access policy JSON in Microsoft Entra ID. The policy is enabled but users with the Global Administrator role are not being prompted for MFA. What is the most likely reason?
56Refer to the exhibit. You are analyzing an Azure PowerShell script that checks a blob property. The output of the last command returns 'False'. What does this indicate about the blob storage configuration?
57Refer to the exhibit. You are reviewing a KQL query in Microsoft Sentinel. What is the primary purpose of this query?
58A company is implementing a Zero Trust security model. Which principle requires verifying every access request as if it originates from an uncontrolled network?
59A company uses Microsoft Entra ID for identity management. They want to ensure that only managed devices can access corporate email. Which Conditional Access policy setting should be configured?
60A security team is designing a Microsoft Sentinel deployment. They need to minimize costs while ensuring critical alerts are always processed. Which data retention and ingestion strategy should they use?
61A company deploys Microsoft Defender for Cloud Apps. They need to detect anomalous behavior in user activities across multiple cloud apps. Which feature should they enable?
62An organization uses Microsoft Purview Information Protection. They want to automatically apply a sensitivity label to documents containing credit card numbers. Which policy should they configure?
63A company is using Microsoft Intune to manage devices. They need to ensure that only devices with a specific operating system version can access corporate resources. Which Intune policy should they use?
64A company wants to use Microsoft Defender XDR to correlate alerts across endpoints, email, and identities. Which component enables this correlation?
65A company uses Microsoft Sentinel with a workspace in the East US region. They want to ingest logs from Azure resources in West Europe. To minimize data transfer costs, what should they do?
66A company uses Microsoft Entra ID Governance. They need to automate the process of granting access to a SaaS application based on the user's department attribute. Which feature should they use?
67Which TWO actions are part of the Microsoft Cybersecurity Reference Architecture (MCRA) for a Zero Trust implementation?
68Which THREE components are included in Microsoft Defender XDR?
69Which TWO are best practices for securing Microsoft Entra ID?
70Refer to the exhibit. You are reviewing a Conditional Access policy JSON. What is the effect of this policy?
71Refer to the exhibit. You are analyzing a KQL query in Microsoft Sentinel. What is the purpose of this query?
72Refer to the exhibit. You are reviewing an ARM template for an Azure storage account. Which security best practice is implemented?
73Your organization uses Microsoft Defender for Cloud to assess the security posture of Azure resources. The security team wants to prioritize remediation of high-severity findings based on the greatest potential business impact. Which security policy or framework should you configure to align remediation with business priorities?
74A company is designing a Zero Trust architecture for their hybrid identity environment. They plan to require multifactor authentication (MFA) for all users accessing sensitive applications. Which Microsoft Entra ID capability should they use to enforce MFA based on risk level?
75Your organization is deploying Microsoft Copilot for Security and wants to ensure that the AI model does not expose sensitive data in its responses. You need to configure data loss prevention (DLP) policies that apply to Copilot interactions. Which Microsoft Purview capability should you use?
76Your company uses Microsoft Sentinel as its SIEM. You need to design a solution that automatically responds to high-severity incidents by creating a ticket in ServiceNow and notifying the security team via Teams. Which Sentinel feature should you configure?
77A manufacturing company wants to secure its IoT devices that run on Azure IoT Hub. They need to ensure that only authorized devices can connect and that firmware updates are signed. Which combination of Azure services should they use?
78Your organization is implementing a privileged access strategy using Microsoft Entra Privileged Identity Management (PIM). The compliance team requires that all privileged role activations be approved by a manager and that an audit trail is maintained for at least one year. Which configuration should you recommend?
79Your company uses Microsoft Intune to manage corporate devices. The security team wants to prevent users from copying sensitive data from corporate apps to personal apps on mobile devices. Which Intune policy should you configure?
80Your organization is migrating to Microsoft 365 and wants to implement a data classification strategy. The compliance team needs to automatically detect and label documents containing personal data (e.g., Social Security numbers) in SharePoint Online. Which Microsoft Purview solution should you use?
81Your company uses Microsoft Defender for Endpoint (MDE) and wants to integrate threat intelligence from an external source to improve detection. The security team needs to ingest custom indicators of compromise (IOCs) into MDE. Which feature should they use?
82Your organization is designing a Microsoft Sentinel solution to detect and respond to threats across multi-cloud environments (Azure, AWS, GCP). Which TWO components are essential for this design?
83Your company is implementing Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data in Microsoft 365. The compliance team needs to monitor and block the sharing of credit card numbers in emails. Which THREE actions should they configure in a DLP policy?
84Your organization is implementing a Zero Trust network architecture in Azure. Which TWO principles are foundational to Zero Trust?
85A company is migrating its on-premises Active Directory to Microsoft Entra ID. They need to ensure that all user authentication for cloud apps uses passwordless methods. Which security best practice should they implement?
86A security architect is designing a solution to detect and respond to advanced threats across email, endpoints, and identities. Which Microsoft security solution should they use?
87A company uses Microsoft Sentinel and wants to prioritize incidents using user risk scores from Microsoft Entra ID Protection. Which configuration should they use to automatically assign a Sentinel severity based on the user's risk level?
88A company wants to enforce that all administrators use just-in-time (JIT) access to privileged roles in Microsoft Entra ID. Which feature should they enable?
89A company uses Microsoft Defender for Cloud to assess the security posture of their Azure subscriptions. They need to ensure that all resources are compliant with the Payment Card Industry Data Security Standard (PCI DSS). What should they do?
90A security architect is designing a solution to protect sensitive data stored in SharePoint Online from being shared with unauthorized users. The solution must block sharing of files containing credit card numbers when shared externally. What should they use?
91A company uses Microsoft Intune to manage devices. They want to ensure that only devices that have passed health attestation can access corporate email. Which method should they use?
92A security architect needs to design a solution that provides a unified view of security alerts from multiple clouds (Azure, AWS, GCP) and on-premises systems. The solution must also support automated response using playbooks. Which Microsoft service should they use?
93A company uses Azure DevOps and wants to implement a DevSecOps practice by scanning code for secrets and vulnerabilities before deployment. Which tool should they integrate into their pipeline?
94Which TWO actions align with the Zero Trust principle of 'verify explicitly'? (Select two.)
95Which THREE are security best practices for Microsoft Entra ID? (Select three.)
96Which TWO are recommended practices for securing Microsoft 365 workloads? (Select two.)
97Refer to the exhibit. You are reviewing a conditional access policy. What is the effect of this policy?
98Refer to the exhibit. A security analyst runs this KQL query in Microsoft Sentinel. What is the purpose of this query?
99Refer to the exhibit. You are reviewing an ARM template snippet for an Azure Storage container. Which security best practice does this configuration enforce?
100Your organization is adopting a Zero Trust security model. You need to design a solution that ensures continuous verification of user identity and device health before granting access to resources. Which Microsoft Entra ID feature should you prioritize?
101Your organization wants to implement a security baseline for Azure resources using built-in policies. Which Azure service should you use to assign policies that enforce compliance with security best practices?
102Your organization uses Microsoft Defender XDR for incident response. You need to design a process to automatically isolate a compromised device when a high-severity incident is triggered. Which automation approach should you use?
103Your organization is planning to deploy Microsoft Purview Information Protection to classify and protect sensitive data. You need to design a solution that automatically applies sensitivity labels to documents containing personally identifiable information (PII) when they are uploaded to SharePoint Online. Which configuration should you use?
104Your organization has a hybrid identity environment with Microsoft Entra ID and on-premises Active Directory. You need to design a solution that ensures all user authentication requests are evaluated by Conditional Access policies before granting access to cloud apps. However, some legacy apps still require basic authentication. What should you recommend?
105Your organization uses Microsoft Sentinel for security operations. You need to design a solution to automatically respond to a DDoS attack detected by Azure DDoS Protection. The response should include blocking the attacker's IP address in Azure Firewall and sending an alert to the security team. Which approach should you use?
106Your organization is implementing a secure DevOps pipeline for a critical application. You need to design a solution that scans container images for vulnerabilities before they are deployed to production. Which Azure service should you integrate into the pipeline?
107Your organization is deploying Microsoft Copilot for Security (Microsoft 365 Copilot). You need to design a solution that ensures Copilot queries are audited and that access to Copilot is restricted to authorized users based on their role. Which Microsoft Purview capabilities should you use together?
108Your organization wants to implement a security information and event management (SIEM) solution that can ingest logs from multiple sources, including on-premises servers, Azure resources, and third-party SaaS applications. Which Microsoft service should you choose?
109Your organization is implementing Microsoft Intune for mobile device management. You need to design a solution that ensures corporate data on mobile devices is protected if the device is lost or stolen. Which TWO actions should you configure?
110Your organization is designing a secure access solution for a partner company that needs to access specific SharePoint Online sites. You need to implement Microsoft Entra ID B2B collaboration. Which THREE configurations are essential for a secure B2B collaboration setup?
111Your organization is implementing Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. You need to design a policy that prevents users from sharing credit card numbers via email. Which THREE components are required to build this DLP policy?
112You are designing a Zero Trust architecture for a company that uses Microsoft Entra ID and Microsoft Intune. The security team wants to enforce device compliance before granting access to cloud apps. Which policy should you implement?
113Your organization is migrating on-premises workloads to Azure and wants to use Microsoft Defender for Cloud to secure the environment. The compliance team requires that all critical vulnerabilities be remediated within 30 days. What is the most efficient way to track and enforce this?
114A company is adopting Microsoft Purview for data security. They need to prevent users from sharing sensitive data like credit card numbers via email. Which feature should you configure?
115Your organization uses Microsoft Sentinel for SIEM. You need to ensure that security incidents are automatically responded to without human intervention for known false positives. What should you implement?
116A company wants to use Microsoft Defender XDR to detect and respond to advanced persistent threats (APTs). They have deployed Defender for Endpoint, Defender for Office 365, and Defender for Identity. What additional step is critical to correlate signals across these products?
117Your organization uses Microsoft Intune to manage devices. You need to ensure that only devices with a specific minimum OS version can access corporate resources. Which configuration should you use?
118A company uses Microsoft Entra ID with P2 licenses. They want to implement a Zero Trust approach that requires step-up authentication for accessing high-value data in SharePoint. The solution must use risk-based policies and minimize user friction. Which combination should you recommend?
119Your organization plans to use Microsoft Defender for Cloud to secure Azure resources. The security team wants to continuously assess compliance against the CIS Azure Foundations Benchmark. What should you do?
120A company uses Microsoft Entra ID and wants to enable passwordless authentication for all users to reduce phishing risks. Users are already using Microsoft Authenticator for MFA. Which passwordless method should you prioritize?
121Which TWO are best practices for designing a Microsoft 365 Defender (XDR) deployment to ensure optimal detection and response?
122Which THREE are components of Microsoft's Zero Trust model?
123Which TWO should you implement to protect privileged accounts in Microsoft Entra ID?
124A company is designing a Zero Trust security strategy. They want to ensure that all access requests are authenticated, authorized, and encrypted before granting access. Which Microsoft security solution should they use as the central policy engine?
125A company uses Microsoft Defender for Cloud to manage security across hybrid workloads. They need to ensure that all Azure VMs have guest-level threat detection enabled. Which security policy should they assign?
126A multinational corporation is implementing a privileged access strategy. They need to ensure that all users with permanent administrative roles sign in using phishing-resistant authentication methods. Which Microsoft Entra ID feature should they enforce?
127A company wants to protect sensitive email data from being exfiltrated by malicious insiders. They need a solution that can detect and block anomalous outbound email traffic in real time. Which Microsoft solution should they use?
128A company is designing a security operations center (SOC). They want to use Microsoft Sentinel as their SIEM. They need to ensure that all security events from on-premises servers are collected. Which data connector should they configure?
129A company uses Microsoft Defender for Endpoint to protect endpoints. They want to configure attack surface reduction rules to block executable files from running unless they meet a specific prevalence, age, or trust level. Which ASR rule should they enable?
130A company is implementing Microsoft Purview to protect sensitive data in SharePoint Online. They need to automatically apply a 'Highly Confidential' label to documents that contain credit card numbers. What should they create?
131A company uses Microsoft Intune to manage devices. They want to ensure that all devices accessing corporate email are compliant with security policies before they can connect. Which feature should they enable?
132A company is designing a security strategy for their AI-powered applications using Microsoft Azure OpenAI Service. They need to ensure that the AI models are not used to generate harmful content and that the data sent to the models is protected. Which Microsoft Purview feature should they use?
133A company is implementing Microsoft Defender for Cloud to protect their Azure environment. Which TWO of the following are security best practices that should be enabled? (Choose two.)
134A company is designing a data security strategy using Microsoft Purview. They need to identify sensitive data across their data estate, including on-premises SQL Server, Azure SQL Database, and Amazon S3. Which THREE components should they use? (Choose three.)
135A company is deploying Microsoft Entra ID Governance. They need to implement a least privilege access model for their Azure resources. Which TWO features should they use? (Choose two.)
136You are a security architect for a large financial services company. The company has a hybrid identity environment with on-premises Active Directory synchronized to Microsoft Entra ID using Microsoft Entra Connect. They use Microsoft 365 E5 licenses and have deployed Microsoft Defender for Cloud, Microsoft Defender for Identity, Microsoft Sentinel, and Microsoft Purview. The company has recently suffered a ransomware attack where an attacker gained access via a compromised service account that had permanent Global Administrator privileges. The attacker then used the account to create a backdoor user and exfiltrate sensitive data from SharePoint Online. After the incident, the CISO mandates a Zero Trust security transformation with the following requirements: 1. Eliminate standing privileged access for all cloud admins. 2. Require phishing-resistant authentication for all privileged roles. 3. Ensure that all sensitive data in SharePoint Online is automatically classified and protected. 4. Enable detection of lateral movement using anomalous behavior analytics. Which combination of actions should you recommend?
137Your organization is adopting Microsoft Entra ID as the identity provider for all SaaS applications. The security team wants to enforce multifactor authentication (MFA) for all users accessing these applications. Which approach aligns with security best practices and minimizes user friction?
138A company uses Microsoft Defender for Cloud to assess the security posture of their Azure subscriptions. They want to ensure that all virtual machines have the Log Analytics agent installed and that missing system updates are remediated automatically. Which two recommendations should be enabled in a single policy initiative?
139Your organization uses Microsoft Sentinel and has deployed the Analytics rule 'TI map IP entity to AzureActivity' to detect suspicious activities based on threat intelligence. The SOC team reports that the rule has a high false positive rate because it matches benign IP addresses used by legitimate services. What design change should you recommend to reduce false positives while maintaining detection coverage?
140A company plans to implement a Zero Trust architecture using Microsoft security solutions. They want to ensure that all access to corporate resources is verified explicitly, uses least privilege, and assumes breach. Which Microsoft service should be the central policy engine for enforcing conditional access decisions?
141Your organization uses Microsoft Purview Information Protection to classify and protect sensitive data. The compliance team wants to automatically apply a 'Highly Confidential' sensitivity label to emails that contain credit card numbers. Which solution should you configure?
142An organization wants to ensure that all Windows 10 devices are compliant with security policies before they can access corporate email. Microsoft Intune is used for device management. Which component should be used to enforce compliance and block non-compliant devices?
143Your organization uses Microsoft Sentinel to centralize security logs from multiple clouds. They need to ensure that logs from Amazon Web Services (AWS) are ingested and analyzed for threats. Which connector should you implement?
144You are designing a security solution for a multinational organization that uses Microsoft Entra ID. They have a hybrid identity environment with Active Directory on-premises. The security team requires that all administrative actions in Microsoft Entra ID are logged and monitored in real-time with alerts for critical changes. Which two data sources should you stream to Microsoft Sentinel?
145A company wants to implement a secure web application gateway to protect their public-facing web apps from common exploits like SQL injection and cross-site scripting. Which Azure service should they use?
146Your organization uses Microsoft Defender for Office 365 to protect against phishing attacks. The security team wants to implement a custom advanced phishing threshold policy that blocks suspicious emails more aggressively. Which policy type should they modify?
147A company plans to use Microsoft Purview to manage data governance across their on-premises SQL Server databases and Azure SQL databases. They need to classify sensitive data and create a unified data map. Which resource should they deploy?
148Which TWO Microsoft security solutions should be integrated to provide a comprehensive Zero Trust architecture that includes identity protection, endpoint detection, and response? (Select exactly two correct options.)
149Which THREE components should be part of a secure DevOps pipeline using Microsoft security tools? (Select exactly three correct options.)
150Which TWO Microsoft services can be used to implement a cloud security posture management (CSPM) solution? (Select exactly two correct options.)
151You are a security architect for a large enterprise that is migrating to Microsoft 365. The organization has 50,000 users across multiple regions. They have recently experienced a ransomware attack that encrypted files on SharePoint Online and OneDrive for Business. The security team wants to implement a comprehensive protection strategy. Requirements: 1. Automatically detect and block ransomware-like behavior in real-time. 2. Provide users with self-service recovery of files encrypted by ransomware. 3. Ensure that all files in SharePoint and OneDrive are scanned for malware upon upload. 4. Minimize administrative overhead. Which combination of Microsoft 365 security features should you recommend?
152Your organization is migrating on-premises Active Directory to Microsoft Entra ID. You need to design a solution that aligns with the Zero Trust principle of 'verify explicitly'. Which approach should you recommend for user authentication?
153You are designing a security baseline for Azure resources that host a critical application. The application uses Azure SQL Database, Azure Storage, and Azure Key Vault. You need to ensure that all resources use managed identities for authentication and that no secrets are stored in code or configuration files. Which combination of controls should you include in the baseline?
154You are designing a security operations strategy for Microsoft 365. You need to prioritize alerts from Microsoft Defender XDR based on their impact on business operations. Which security best practice should you follow?
155Your company is implementing Microsoft Purview Information Protection to protect sensitive data. The compliance team requires that when a user applies a 'Highly Confidential' sensitivity label to a document, the document is automatically encrypted and watermarked. Which configuration should you use?
156You are designing a secure DevOps pipeline in GitHub that deploys to Azure Kubernetes Service (AKS). The security team requires that no secrets are stored in the pipeline variables and that all container images are scanned for vulnerabilities before deployment. Which approach aligns with security best practices?
157Your organization is migrating to Microsoft 365 and wants to implement a defense-in-depth strategy for email security. Which combination of Microsoft services should you use?
158You are designing a security solution for a hybrid identity environment that uses Microsoft Entra ID and on-premises Active Directory. The company wants to enforce Zero Trust principles by continuously verifying user access. Which feature should you implement?
159Your organization uses Microsoft Sentinel as its SIEM. You need to design a solution to automatically respond to detected threats in Azure resources. The response must include isolating the affected virtual machine and creating a support ticket. Which approach should you use?
160Your organization is implementing a Zero Trust architecture for access to cloud applications. Which TWO of the following are core components of the Microsoft Zero Trust model?
161Your company is designing a secure access strategy for a SaaS application that supports SAML 2.0. You need to enforce phishing-resistant authentication. Which THREE of the following methods meet the requirement?
162Your organization wants to implement a defense-in-depth strategy for Azure virtual machines. Which THREE of the following should you include?
163You are designing a solution to protect Microsoft 365 data from insider threats. Which TWO Microsoft Purview features should you use?
164You are a security architect for a large multinational organization that uses Microsoft 365, Azure, and third-party SaaS applications. The organization has recently experienced a breach where an attacker compromised a user account via a phishing email and then used that account to access sensitive data in SharePoint Online and exfiltrate it via email. The security team wants to implement a comprehensive solution that aligns with the Zero Trust principles of 'verify explicitly', 'use least privilege', and 'assume breach'. You need to design a solution that includes identity protection, conditional access, data protection, and continuous monitoring. You have the following requirements: 1. Block phishing attacks in real time. 2. Enforce least privilege access to sensitive data. 3. Detect and respond to anomalous user behavior. 4. Protect data at rest and in transit. 5. Enable automated response to incidents. Which combination of Microsoft security services and configurations should you recommend?
165Your organization is deploying a new application on Azure that will process personal data for European Union residents. The compliance team requires that the application encrypts all data at rest and in transit, that access to the data is logged and auditable, and that the data is not stored outside the EU. You need to design a solution that meets these requirements while following security best practices. The solution must also minimize operational overhead. You have decided to use Azure SQL Database, Azure Storage, and Azure Key Vault. Which design should you recommend?
166Your organization is a small business with 50 employees that uses Microsoft 365 Business Premium. You need to design a security baseline that protects against common threats like phishing, ransomware, and data leakage. The solution must be easy to manage and require minimal ongoing effort. You have the following requirements: 1. Block malicious emails and links. 2. Protect sensitive data from being shared externally. 3. Require multi-factor authentication for all users. 4. Keep devices healthy. Which combination of policies should you implement?
167Your organization is designing a security strategy for Microsoft 365. You need to align with Microsoft's Zero Trust best practices. Which TWO principles should be included?
168You are planning a security baseline for Azure resources using Microsoft Defender for Cloud. Which THREE recommendations are part of the Azure Security Benchmark?
169You are designing a Microsoft Purview data security solution for a multinational organization subject to GDPR and CCPA. Which THREE Purview capabilities should you include to meet regulatory requirements?
170Contoso is a financial services company migrating critical workloads to Azure. They must comply with PCI DSS and have a Security Operations Center (SOC) team that uses Microsoft Sentinel. The CISO wants to ensure that the security posture aligns with Microsoft's cybersecurity reference architecture (MCRA). You need to design a solution that includes the following requirements: 1) All Azure subscriptions must be managed under a single management group hierarchy with consistent policies. 2) The SOC must have a centralized view of security alerts across all resources, including on-premises servers and multi-cloud environments. 3) Privileged access to Azure resources must be protected using just-in-time (JIT) access and Privileged Identity Management (PIM). 4) Compliance with PCI DSS must be continuously monitored and reported. 5) The solution must minimize operational overhead. What should you include in the design?
171Fabrikam is a healthcare organization that uses Microsoft 365 E5 and Azure. They have a hybrid identity environment with Active Directory on-premises synced to Microsoft Entra ID. The security team wants to implement a Zero Trust strategy following the 'verify explicitly' principle. They need to ensure that all access to Microsoft 365 services and Azure applications is conditionally enforced based on real-time risk signals. Additionally, they want to block legacy authentication protocols that do not support modern authentication. The solution must integrate with Microsoft Defender XDR and Microsoft Sentinel for threat intelligence. Which combination of technologies should you recommend?
172A global retail company, Northwind Traders, is adopting a cloud-first strategy using Azure and Microsoft 365. They have a large number of temporary seasonal workers who need access to specific applications and data for limited periods. The security team wants to minimize the risk of standing privileges and ensure that access is granted only when needed and for a limited duration. They also need to audit all privileged access actions. The environment includes Microsoft Entra ID, Azure resources, and Microsoft 365 services. You need to design a privileged access strategy that follows the principle of least privilege and aligns with Microsoft's best practices for privileged identity management. What should you recommend?
173Litware, a software development company, has adopted a DevOps culture and uses Azure DevOps for CI/CD pipelines. They deploy applications to Azure Kubernetes Service (AKS) and Azure App Services. The security team wants to ensure that secrets (API keys, connection strings) are not exposed in source code or pipeline logs. They also need to scan container images for vulnerabilities before deployment and ensure that only approved images are used in production. The solution must integrate with Microsoft Defender for Cloud and follow security best practices. What should you include in the design?
174Tailwind Traders is a small business that uses Microsoft 365 Business Premium. They have no dedicated IT staff. The owner wants to implement basic security measures to protect against common threats like phishing, ransomware, and unauthorized access. They need a simple, cost-effective solution that aligns with Microsoft's security best practices for small businesses. Which set of actions should you recommend?
175Proseware, a pharmaceutical company, is deploying a new AI-powered application using Azure OpenAI Service. The application will process sensitive research data and must comply with HIPAA. The security team wants to ensure that the data sent to the Azure OpenAI endpoint is not logged or stored by Microsoft, and that access to the service is restricted to authorized users with appropriate data classification. They also need to monitor for potential data exfiltration and prompt injection attacks. What should you recommend?
176A multinational corporation, Contoso Ltd., is implementing Microsoft Purview to manage data governance across their Azure and Microsoft 365 environments. They need to discover sensitive data (e.g., credit card numbers, passport numbers) in Azure Blob Storage, Azure SQL Database, and SharePoint Online. The data must be classified and labeled automatically. Additionally, they want to prevent sensitive data from being shared externally via email and Teams. The solution should align with Microsoft's data security best practices. What should you recommend?
177South Ridge School District uses Microsoft 365 Education and Azure for administrative systems. They have a large number of students and staff. The district wants to implement a security solution that protects against phishing attacks, ransomware, and inappropriate content. They also need to comply with the Children's Online Privacy Protection Act (COPPA) and other educational regulations. The solution should be cost-effective and easy to manage. What should you recommend?
178Adventure Works is a startup that uses Microsoft 365 Business Premium. They have 20 employees and no cloud expertise. The CEO has been hearing about ransomware attacks on small businesses. They want to implement basic protection against ransomware using built-in Microsoft 365 features. They also want to ensure they can recover from an attack quickly. What should you recommend?
179Wide World Importers uses Azure Active Directory (now Microsoft Entra ID) and Microsoft 365. They have a hybrid identity with password hash sync. They want to implement a passwordless authentication strategy to improve security and user experience. They have a mix of Windows 10/11 devices and mobile devices (iOS/Android). They also have some shared computers in kiosk mode. The solution must support all user scenarios and align with Microsoft's authentication best practices. What should you recommend?
180Contoso is a large enterprise with a complex Azure environment. They have multiple management groups, subscriptions, and a hub-spoke network topology. The security team wants to implement a consistent security baseline across all subscriptions using Azure Policy. They need to ensure that: 1) All resources must be deployed in approved regions only. 2) Network security groups must have specific rules to block high-risk ports. 3) All storage accounts must enforce HTTPS traffic. 4) The policies must be applied at the management group level to ensure inheritance. 5) Non-compliant resources must be automatically remediated where possible. What should you do?
The Design solutions that align with security best practices and priorities domain covers the key concepts tested in this area of the SC-100 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SC-100 domains — no account required.
The Courseiva SC-100 question bank contains 180 questions in the Design solutions that align with security best practices and priorities domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Design solutions that align with security best practices and priorities domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included