Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Evaluate GRC and security operations strategies practice sets

SC-100 Evaluate GRC and security operations strategies • Complete Question Bank

SC-100 Evaluate GRC and security operations strategies — All Questions With Answers

Complete SC-100 Evaluate GRC and security operations strategies question bank — all 0 questions with answers and detailed explanations.

30
Questions
Free
No signup
Certifications/SC-100/Practice Test/Evaluate GRC and security operations strategies/All Questions
Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A multinational company is implementing a Zero Trust security model. The security team needs to ensure that all access requests to critical applications are evaluated based on user identity, device health, and real-time risk signals. Which Microsoft solution should they use to centralize policy enforcement?

Question 2hardmultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company is designing a security operations strategy. They want to use Microsoft Sentinel to detect and respond to threats across their hybrid environment. They need to ensure that logs from all sources are collected cost-effectively and that analysts can easily query data. Which data ingestion strategy should they recommend?

Question 3easymultiple choice
Read the full Ansible explanation →

A company's security team wants to automate response to common incidents like malware detected on endpoints. They have Microsoft 365 Defender and Microsoft Sentinel. Which feature should they use to create automated playbooks?

Question 4mediummultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company uses Microsoft Defender for Cloud to assess the security posture of their Azure subscriptions. They want to ensure that critical recommendations are automatically remediated. They create a workflow automation that triggers a Logic App for specific recommendations. However, the Logic App fails to run. What is the most likely cause?

Question 5hardmultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company is evaluating their incident response (IR) process. They use Microsoft Sentinel as their SIEM. During a security incident, the IR team struggles to quickly find related alerts and entities. Which improvement should they implement to enhance investigation efficiency?

Question 6easymultiple choice
Read the full NAT/PAT explanation →

A company wants to implement a governance strategy for their Azure environment. They need to enforce tagging standards and restrict deployment to approved regions. Which combination of Azure services should they use?

Question 7mediummultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company uses Microsoft 365 Defender to protect their endpoints, email, and identities. They want to create a custom detection for a specific behavior that is not covered by built-in detections. Which tool should they use?

Question 8hardmultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company is planning their cloud governance strategy. They have multiple business units with varying compliance requirements. They need to enforce policies consistently across subscriptions while allowing some flexibility. Which Azure governance structure should they recommend?

Question 9mediummulti select
Read the full Evaluate GRC and security operations strategies explanation →

A company is designing a security operations center (SOC) using Microsoft Sentinel. Which TWO of the following are best practices for managing incident response in Sentinel?

Question 10hardmulti select
Read the full Evaluate GRC and security operations strategies explanation →

A company is implementing a Zero Trust security model using Microsoft 365 Defender. Which THREE of the following are key principles they should follow?

Question 11easymulti select
Read the full Evaluate GRC and security operations strategies explanation →

A company wants to improve their security posture by using Microsoft Defender for Cloud. Which TWO of the following are features of Defender for Cloud that help with governance and compliance?

Question 12mediummulti select
Read the full Evaluate GRC and security operations strategies explanation →

A company uses Microsoft Sentinel for threat detection. They want to use User and Entity Behavior Analytics (UEBA) to detect anomalies. Which THREE of the following are key components of UEBA in Sentinel?

Question 13hardmultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

You are the security architect for a large financial services company. The company has a hybrid environment with on-premises Active Directory, Azure AD, and multiple Azure subscriptions. They use Microsoft Sentinel as their SIEM and have deployed Microsoft Defender for Cloud to assess their cloud security posture. Recently, the security team discovered that a critical Azure SQL database was exposed to the internet with a firewall rule allowing 'AllowAllWindowsAzureIps'. This misconfiguration was not flagged by Defender for Cloud because the corresponding recommendation was disabled in the security policy. The company wants to prevent such misconfigurations in the future and ensure that all critical resources are covered by security recommendations. They also need to ensure that any changes to security policies are reviewed and approved. Which of the following actions should you recommend as the most comprehensive solution?

Question 14hardmultiple choice
Read the full Ansible explanation →

A global organization uses Microsoft Sentinel for SIEM and Microsoft Defender for Cloud for cloud security posture management. The security team notices that critical alerts from Azure Active Directory Identity Protection are not triggering automated response playbooks in Sentinel. The team needs to ensure that all high-severity Identity Protection risk detections automatically create incidents in Sentinel and trigger a playbook to block the user. What should the team configure?

Question 15easymultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company is designing a security operations strategy using Microsoft Sentinel. They want to prioritize triage of incidents that involve critical assets. The SOC manager suggests using the entity behavior analytics feature. Which capability of entity behavior analytics helps achieve this goal?

Question 16mediummultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A SOC team uses Microsoft Sentinel for incident management. They need to ensure that when a high-severity incident is created, a Teams message is sent to the security team and an email is sent to the IT manager. What is the most efficient way to achieve this?

Question 17hardmultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company has a hybrid identity infrastructure with on-premises Active Directory synchronized to Azure AD using Azure AD Connect. The security team wants to use Microsoft Defender for Identity (MDI) to detect on-premises attacks. They have installed the MDI sensor on all domain controllers. However, they notice that some alerts are missing. What is the most likely cause?

Question 18easymultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A SOC analyst needs to investigate a potential privilege escalation using Azure AD roles. Which Microsoft 365 Defender data source would be most useful to review?

Question 19mediummultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

An organization is planning to use Microsoft Defender for Cloud's regulatory compliance dashboard to track adherence to PCI DSS. The security team wants to ensure that all Azure resources are covered by the compliance assessment. What is the first step?

Question 20hardmulti select
Read the full Evaluate GRC and security operations strategies explanation →

A company has a Microsoft Sentinel workspace that ingests data from multiple sources. The SOC team wants to improve the efficiency of investigating incidents by using UEBA capabilities. Which two actions should the team take to enable and configure UEBA in Sentinel?

Question 21mediummulti select
Read the full Evaluate GRC and security operations strategies explanation →

A company uses Microsoft Defender for Cloud to assess compliance with Azure Security Benchmark (ASB). The security team wants to ensure that all recommendations are being followed. Which three actions should the team take to manage and remediate recommendations effectively?

Question 22hardmultiple choice
Read the full Ansible explanation →

You are the security architect for a multinational corporation that uses Microsoft 365 E5 licenses. The company has deployed Microsoft Sentinel in a central Azure subscription, and all subsidiaries stream their logs to this workspace. The SOC team uses Microsoft 365 Defender to investigate incidents. Recently, the company experienced a sophisticated phishing campaign that bypassed Exchange Online Protection (EOP) and resulted in credential theft for several users. The SOC team manually created incidents in Sentinel for each compromised user. However, they want to automate the creation of Sentinel incidents from Microsoft 365 Defender alerts. Additionally, they want to ensure that when a user is confirmed compromised, a playbook automatically disables the user's account in Azure AD and resets their password. The SOC team has already deployed the Microsoft 365 Defender data connector in Sentinel and enabled streaming of alerts. However, no incidents are being created automatically from Defender alerts. You need to recommend a solution to automate incident creation and response. What should you do?

Question 23mediummultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

A company is deploying Microsoft Defender for Cloud to secure their hybrid cloud environment. They need to ensure that regulatory compliance with PCI DSS is continuously monitored and reported. Which solution should they use to automatically assess and report compliance posture?

Question 24hardmulti select
Read the full Evaluate GRC and security operations strategies explanation →

Which THREE of the following are key components of a security operations strategy according to Microsoft's best practices?

Question 25easymultiple choice
Read the full Evaluate GRC and security operations strategies explanation →

Refer to the exhibit. A security administrator created this Azure Policy definition to prevent unauthorized role assignments. However, SOC analysts are unable to assign the Security Operations Contributor role to new team members. What is the most likely cause?

Exhibit

Refer to the exhibit.
```json
{
  "properties": {
    "displayName": "SecurityOperationsPolicy",
    "description": "Policy to assign Security Operations Contributor role to SOC team.",
    "metadata": {
      "category": "Security Center"
    },
    "parameters": {
      "principalId": {
        "type": "String",
        "metadata": {
          "displayName": "Principal ID"
        }
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Authorization/roleAssignments"
      },
      "then": {
        "effect": "deny",
        "details": {
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/5cbe2b2a-1c3b-4b4d-9b4e-2b5e6f7a8c9d"
          ],
          "exemption": "deny"
        }
      }
    }
  }
}
```
Question 26hardmultiple choice
Read the full NAT/PAT explanation →

Contoso Ltd. is a multinational organization with a hybrid environment consisting of on-premises Active Directory and Azure AD (now Microsoft Entra ID). They use Microsoft Defender for Cloud Apps, Microsoft Sentinel, and Microsoft 365 Defender. The security operations team has noticed that several high-severity alerts from Microsoft 365 Defender are not being forwarded to Microsoft Sentinel, causing delayed response. The team has confirmed that the data connector between Microsoft 365 Defender and Sentinel is enabled and appears healthy. However, only low-severity alerts appear in Sentinel. Further investigation reveals that the Microsoft 365 Defender portal has a configured rule set that suppresses high-severity alerts for certain users deemed low risk. The security operations manager wants to ensure all high-severity alerts are sent to Sentinel without changing the suppression rules in Microsoft 365 Defender, as those rules are required for operational efficiency. What should the team do to ensure high-severity alerts are ingested into Sentinel?

Question 27mediumdrag order
Read the full Evaluate GRC and security operations strategies explanation →

Order the steps to configure a Conditional Access policy requiring MFA for all users.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 28mediumdrag order
Read the full VPN explanation →

Order the steps to troubleshoot an Azure VPN gateway connection failure.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 29mediummatching
Read the full Evaluate GRC and security operations strategies explanation →

Match each Microsoft 365 Defender workload to its protection domain.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Endpoint protection

Email and collaboration protection

On-premises identity protection

SaaS application protection

Unified XDR

Question 30mediummatching
Read the full Evaluate GRC and security operations strategies explanation →

Match each encryption type to its use case in Azure.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

At-rest encryption for blobs and files

BitLocker-based encryption for VMs

Real-time encryption for SQL databases

Centralized key management service

Encryption in use via TEEs

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-100 Practice Test 1 — 10 Questions→SC-100 Practice Test 2 — 10 Questions→SC-100 Practice Test 3 — 10 Questions→SC-100 Practice Test 4 — 10 Questions→SC-100 Practice Test 5 — 10 Questions→SC-100 Practice Exam 1 — 20 Questions→SC-100 Practice Exam 2 — 20 Questions→SC-100 Practice Exam 3 — 20 Questions→SC-100 Practice Exam 4 — 20 Questions→Free SC-100 Practice Test 1 — 30 Questions→Free SC-100 Practice Test 2 — 30 Questions→Free SC-100 Practice Test 3 — 30 Questions→SC-100 Practice Questions 1 — 50 Questions→SC-100 Practice Questions 2 — 50 Questions→SC-100 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design solutions that align with security best practices and prioritiesDesign security operations, identity, and compliance capabilitiesDesign security solutions for infrastructureDesign a Zero Trust strategy and architectureDesign security solutions for applications and dataEvaluate GRC and security operations strategiesDesign security for infrastructureDesign a strategy for data and applicationsRecommend security best practices and priorities

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Evaluate GRC and security operations strategies setsAll Evaluate GRC and security operations strategies questionsSC-100 Practice Hub