Practice SC-100 Design a Zero Trust strategy and architecture questions with full explanations on every answer.
Start practicing
Design a Zero Trust strategy and architecture — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company is designing a Zero Trust network strategy. They want to ensure that all network traffic between on-premises and Azure is inspected and logged, regardless of source or destination. Which Azure service should they use to achieve this?
2An organization is implementing a Zero Trust identity strategy. They have a mix of on-premises Active Directory and Azure AD. They want to enforce conditional access policies that require device compliance for accessing sensitive apps. However, some users report that their devices are not being evaluated for compliance even though they are enrolled in Microsoft Intune. What should the organization check first?
3A company is planning their Zero Trust data protection strategy. They want to classify and protect sensitive data stored in SharePoint Online. Which Microsoft tool should they use?
4A company is implementing a Zero Trust network strategy using Azure Virtual Network Manager (AVNM). They need to ensure that all traffic between virtual networks is encrypted and inspected by a firewall. Which configuration should they use?
5A company is designing a Zero Trust security posture for their Azure environment. They need to assess and improve their security posture. Which TWO actions should they take? (Choose two.)
6A company is implementing a Zero Trust identity strategy. They want to ensure that only compliant and managed devices can access corporate resources. Which THREE components should they include in their solution? (Choose three.)
7Refer to the exhibit. You are reviewing a Conditional Access policy in Azure AD. The policy requires MFA and a compliant device for all users and all cloud apps. Some users report that they are able to access apps without being prompted for MFA even though their devices are compliant. What is the most likely reason?
8A company, Fabrikam, has a hybrid identity environment with on-premises Active Directory synchronized to Azure AD using Azure AD Connect. They have implemented a Zero Trust strategy that includes requiring multi-factor authentication (MFA) for all users accessing cloud applications. They use Conditional Access policies to enforce MFA. Recently, they noticed that users who authenticate from the on-premises network are not being prompted for MFA when accessing cloud apps, even though the Conditional Access policy is configured to require MFA for all users. The network location is not excluded in the policy. The Conditional Access policy is enabled and in 'Enforce' mode. The users' devices are not domain-joined. What is the most likely reason for this behavior?
9Order the steps to implement a Microsoft Sentinel data connector for Azure Active Directory logs.
10Order the steps to implement Azure AD Privileged Identity Management (PIM) for a role.
11Match each Azure security capability to its primary purpose.
12Match each Azure security benchmark control to its category.
The Design a Zero Trust strategy and architecture domain covers the key concepts tested in this area of the SC-100 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SC-100 domains — no account required.
The Courseiva SC-100 question bank contains 12 questions in the Design a Zero Trust strategy and architecture domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Design a Zero Trust strategy and architecture domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included