Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsSC-100Flashcards
Free — No Signup RequiredMicrosoft· Updated 2026

SC-100 Flashcards — Free Microsoft Cybersecurity Architect Study Cards

Reinforce SC-100 concepts with active-recall study cards covering all 9 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.

969+ study cards9 domains coveredActive recall methodFull explanations included
Start 30-card session50-card shuffle
Exam OverviewPractice TestMock ExamStudy GuideFlashcards

Study Sessions

SC-100 Flashcards

Pick a session size:

⚡Quick 10📝20 Cards🎯30 Cards📊50 Cards💪100 Cards
969+ cards · All free

Domains

Design solutions that align with security best practices and priorities
Design security operations, identity, and compliance capabilities
Design security solutions for infrastructure
Design a Zero Trust strategy and architecture
Design security solutions for applications and data
Evaluate GRC and security operations strategies

How to use SC-100 flashcards effectively

Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For SC-100 preparation, this means flashcards are one of the highest-return study tools available.

Attempt recall first

Read the SC-100 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.

Review wrong cards again

When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.

Study by domain

Group your SC-100 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real SC-100 exam requires.

Short sessions beat marathon reviews

20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass SC-100.

SC-100 flashcard preview

Sample cards from the SC-100 flashcard bank. Read the question, think of the answer, then read the explanation below.

1

Your organization wants to implement a zero-trust security model for on-premises and cloud resources. As part of this strategy, you need to ensure that all access requests are authenticated and authorized based on dynamic risk signals. Which Microsoft security solution should you use to enforce conditional access policies based on real-time risk?

Design solutions that align with security best practices and priorities

Microsoft Entra ID Conditional Access

Microsoft Entra ID Conditional Access is the correct solution because it enables you to enforce access policies based on real-time risk signals, such as user risk, sign-in risk, and device compliance. It integrates with Identity Protection to evaluate dynamic risk levels and can block or require multi-factor authentication (MFA) accordingly, directly supporting the zero-trust principle of 'never trust, always verify'.

2

Your organization uses Microsoft Sentinel and wants to automatically respond to high-severity incidents. Which feature should you configure?

Design security operations, identity, and compliance capabilities

Configure an automation rule to run a playbook automatically

Automation rules in Microsoft Sentinel allow you to define automated responses that trigger when an incident is created or updated, including running playbooks (Azure Logic Apps workflows) automatically. This is the correct approach for automatically responding to high-severity incidents because it eliminates manual intervention and ensures consistent, immediate action based on incident properties like severity.

3

Your organization uses Microsoft Sentinel to monitor hybrid workloads. You need to design a solution to detect lateral movement attempts from compromised on-premises servers to Azure VMs. Which data connector should you prioritize?

Design security solutions for infrastructure

Windows Security Events via AMA

The correct answer is C: Windows Security Events via AMA. This connector captures security event logs (e.g., Event ID 4624 for logon, 4625 for failed logon) from Azure VMs, which are critical for detecting lateral movement. Option A (Syslog via AMA) is incorrect because it focuses on Linux logs, not Windows. Option B (Office 365 Logs) tracks cloud app activities, not OS-level events. Option D (Azure Activity Log) records resource-level operations, not security events on VMs.

4

A company is designing a Zero Trust network strategy. They want to ensure that all network traffic between on-premises and Azure is inspected and logged, regardless of source or destination. Which Azure service should they use to achieve this?

Design a Zero Trust strategy and architecture

Azure Firewall

Azure Firewall is a managed, cloud-based network security service that provides inbound and outbound traffic inspection and logging for all traffic between on-premises networks and Azure, regardless of source or destination. It supports application and network-level filtering, threat intelligence-based filtering, and integrates with Azure Monitor for comprehensive logging, making it the correct choice for a Zero Trust network strategy that requires full traffic inspection and logging.

5

Your organization is deploying a new line-of-business application on Azure App Service. The app must authenticate users from Microsoft Entra ID and also access a downstream API that requires a client secret. You need to recommend the most secure method for managing the client secret. What should you use?

Design security solutions for applications and data

Store the secret in Azure Key Vault and use a Key Vault reference in App Service.

Option C is correct because Azure Key Vault provides secure storage for secrets and certificates, and App Service can reference them via managed identity or Key Vault references. Option A is wrong because storing the secret in code exposes it to source control and accidental disclosure. Option B is wrong because App Service application settings are less secure and can be accessed through the portal. Option D is wrong because Azure AD app registration is the identity object, not a storage for secrets.

6

A multinational company is implementing a Zero Trust security model. The security team needs to ensure that all access requests to critical applications are evaluated based on user identity, device health, and real-time risk signals. Which Microsoft solution should they use to centralize policy enforcement?

Evaluate GRC and security operations strategies

Microsoft Entra Conditional Access

Correct answer is B: Microsoft Entra Conditional Access. It evaluates user identity, device health, and real-time risk signals to enforce access policies. Option A (Microsoft Defender for Cloud Apps) is a CASB for app access control, not a direct authentication policy engine. Option C (Azure AD Identity Protection) identifies risks but does not enforce policies directly. Option D (Microsoft Purview Compliance Manager) is for compliance assessments, not real-time policy enforcement.

7

A company is designing a hybrid network architecture using Azure ExpressRoute. They need to ensure that all traffic between on-premises and Azure is encrypted and authenticated. Which configuration should they implement?

Design security for infrastructure

Use ExpressRoute with MACsec

Option C is correct because MACsec (IEEE 802.1AE) provides Layer 2 encryption and authentication for traffic traversing ExpressRoute Direct ports, ensuring that all data between on-premises and Azure is encrypted at the physical link level. This meets the requirement for both encryption and authentication without relying on higher-layer protocols like IPsec, which would add overhead and complexity.

8

A company is designing a data protection strategy for Azure SQL Database. They need to ensure that backups are retained for 7 years to meet regulatory compliance. Which Azure feature should they use?

Design a strategy for data and applications

Long-Term Retention (LTR)

Long-Term Retention (LTR) for Azure SQL Database allows you to retain full database backups for up to 10 years, which meets the 7-year regulatory compliance requirement. LTR is specifically designed for archival and compliance scenarios, storing backups in separate containers with configurable retention policies based on weekly, monthly, or yearly intervals.

9

A company is designing a defense-in-depth strategy for their Azure environment. They want to ensure that if a virtual machine is compromised, the attacker cannot move laterally to other VMs in the same virtual network. Which security control should they prioritize?

Recommend security best practices and priorities

Implement network segmentation using NSGs and application security groups

Network segmentation using NSGs and application security groups is the correct priority because it directly controls east-west traffic between VMs within the same virtual network. By defining explicit inbound and outbound rules that restrict communication to only necessary ports and protocols (e.g., TCP 443 for HTTPS), an attacker who compromises one VM cannot initiate lateral movement to other VMs, as the NSG will drop unauthorized traffic at the subnet or NIC level.

Study all 969+ SC-100 cards

SC-100 flashcards by domain

The SC-100 flashcard bank covers all 9 official blueprint domains published by Microsoft. Cards are distributed proportionally, so domains with higher exam weight have more cards.

Domain Coverage

Design solutions that align with security best practices and priorities

~1 cards

Design security operations, identity, and compliance capabilities

~1 cards

Design security solutions for infrastructure

~1 cards

Design a Zero Trust strategy and architecture

~1 cards

Design security solutions for applications and data

~1 cards

Evaluate GRC and security operations strategies

~1 cards

Design security for infrastructure

~1 cards

Design a strategy for data and applications

~1 cards

Recommend security best practices and priorities

~1 cards

Flashcards vs practice tests: which is better for SC-100?

Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:

Flashcards — concept retention

Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that SC-100 questions assume you know.

Best in: weeks 1–3

Practice tests — application

Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.SC-100 questions test scenario reasoning — not just recall — so practice tests are essential.

Best in: weeks 3–6

The most effective SC-100 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.

SC-100 flashcards — frequently asked questions

Are the SC-100 flashcards free?

Yes. Courseiva provides free SC-100 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.

How many SC-100 flashcards are on Courseiva?

Courseiva has 969+ original SC-100 flashcards across all 9 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Microsoft exam objectives.

How are Courseiva flashcards different from Anki or Quizlet?

Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official SC-100 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.

Can I use SC-100 flashcards offline?

Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.

Free forever · No credit card required

Track your SC-100 flashcard progress

Save your results, see which domains need more work, and get spaced repetition recommendations — all free.

Sign Up Free

Free forever · Every certification included

Start Studying

⚡Quick 10 cards📝20-card session🎯30-card session📊50-card shuffle💪100-card marathon

Also Study With

Practice TestMock ExamStudy GuideExam Domains