Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Recommend security best practices and priorities practice sets

SC-100 Recommend security best practices and priorities • Complete Question Bank

SC-100 Recommend security best practices and priorities — All Questions With Answers

Complete SC-100 Recommend security best practices and priorities question bank — all 0 questions with answers and detailed explanations.

24
Questions
Free
No signup
Certifications/SC-100/Practice Test/Recommend security best practices and priorities/All Questions
Question 1mediummultiple choice
Read the full Recommend security best practices and priorities explanation →

A company is designing a defense-in-depth strategy for their Azure environment. They want to ensure that if a virtual machine is compromised, the attacker cannot move laterally to other VMs in the same virtual network. Which security control should they prioritize?

Question 2hardmultiple choice
Read the full Recommend security best practices and priorities explanation →

A company uses Azure Policy to enforce compliance. They have a custom policy that denies creation of storage accounts without encryption enabled. A developer reports that they cannot create a storage account even though they specified encryption. What is the most likely cause?

Question 3easymultiple choice
Read the full Recommend security best practices and priorities explanation →

A company is moving to a zero-trust security model. Which principle is most important for securing network traffic?

Question 4hardmultiple choice
Read the full Recommend security best practices and priorities explanation →

A company uses Azure Security Center and Azure Sentinel. They want to prioritize remediation of vulnerabilities based on risk. Which metric should they use to rank vulnerabilities?

Question 5mediummultiple choice
Read the full Recommend security best practices and priorities explanation →

A company is implementing a cloud security governance strategy. They need to ensure that all Azure resources are compliant with internal security policies before deployment. Which approach should they use?

Question 6easymultiple choice
Read the full Recommend security best practices and priorities explanation →

A company wants to protect sensitive data in their Azure SQL Database from unauthorized access. Which feature should they enable?

Question 7mediummultiple choice
Read the full Recommend security best practices and priorities explanation →

A company is using Azure Active Directory (Azure AD) for identity management. They want to implement a policy that requires all users to use multi-factor authentication (MFA) when accessing Office 365 from outside the corporate network. Which conditional access policy setting should they configure?

Question 8hardmultiple choice
Read the full Recommend security best practices and priorities explanation →

A company is planning a migration to Azure and wants to ensure that their security operations center (SOC) has visibility into all Azure resources. They need to collect security logs from multiple subscriptions into a central workspace. Which Azure service should they use?

Question 9mediummulti select
Read the full Recommend security best practices and priorities explanation →

Which TWO of the following are best practices for securing Azure Kubernetes Service (AKS)?

Question 10mediummulti select
Read the full Recommend security best practices and priorities explanation →

Which THREE of the following are key components of a defense-in-depth strategy?

Question 11hardmulti select
Read the full Recommend security best practices and priorities explanation →

Which TWO of the following are true about Azure Policy initiatives?

Question 12hardmultiple choice
Read the full Recommend security best practices and priorities explanation →

Refer to the exhibit. A company creates this Azure Policy definition and assigns it to a subscription. A developer attempts to create a storage account with blob encryption enabled. The creation fails. What is the most likely reason?

Exhibit

Refer to the exhibit.

```json
{
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Storage/storageAccounts"
        },
        {
          "field": "Microsoft.Storage/storageAccounts/encryption.services.blob.enabled",
          "notEquals": true
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}
```
Question 13easymultiple choice
Read the full Recommend security best practices and priorities explanation →

Refer to the exhibit. The ContosoPlatform management group has an Azure Policy assignment that denies all deployments without encryption. The App1 subscription contains a storage account that was created without encryption. Why is the storage account still non-compliant?

Exhibit

Refer to the exhibit.

```
Name                            Type
----                            ----
ContosoRoot                     Management group
  - ContosoPlatform             Management group
    - ContosoProduction         Subscription
    - ContosoNonProduction      Subscription
  - ContosoApplication          Management group
    - App1                      Subscription
    - App2                      Subscription
```
Question 14hardmultiple choice
Read the full NAT/PAT explanation →

You are the lead security architect for a multinational corporation that recently completed a merger. The new entity, Contoso Ltd., has a complex Azure environment with over 200 subscriptions spread across multiple management groups. The company's security team has identified several critical issues: (1) many subscriptions have Azure Security Center's Secure Score below 30%, (2) there are numerous unmanaged VMs with public IP addresses, (3) there is no centralized logging for security events, and (4) identity management is fragmented with multiple Azure AD tenants. The CEO mandates a 'zero-trust' security posture within 12 months. You have a limited budget and must prioritize the most impactful actions. Which course of action should you take first?

Question 15mediummultiple choice
Read the full Recommend security best practices and priorities explanation →

A company is deploying Microsoft Defender for Cloud to protect a multi-cloud environment that includes Azure and AWS. The security team wants to prioritize the highest-risk recommendations. Which feature should they use to identify and focus on the most critical security issues?

Question 16hardmultiple choice
Read the full NAT/PAT explanation →

A financial services organization is designing a zero-trust architecture for its Azure environment. They need to ensure that all administrative access to critical systems uses just-in-time (JIT) access and that privileged role assignments are time-bound. Which combination of Microsoft security best practices should they implement?

Question 17easymultiple choice
Read the full Recommend security best practices and priorities explanation →

A company uses Azure DevOps for CI/CD. The security team wants to ensure that secrets like API keys and connection strings are never stored in code repositories. Which best practice should they recommend?

Question 18mediummulti select
Read the full Recommend security best practices and priorities explanation →

A large enterprise is implementing Microsoft Defender for Cloud to improve their security posture. Which TWO actions should they take to prioritize and remediate security recommendations effectively? (Choose two.)

Question 19hardmultiple choice
Read the full Recommend security best practices and priorities explanation →

Refer to the exhibit. A security architect reviews the Azure AD Conditional Access policy JSON. The policy is intended to require MFA for all users accessing Azure management (Microsoft Azure Management app ID 797f4846-ba77-4853-9e6f-4433c3e1d1c5), except for the BreakGlassAdmin account and from trusted locations. However, some users report being prompted for MFA even when connecting from the corporate office (which is marked as a trusted location). What is the most likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "displayName": "Require MFA for Azure management",
    "state": "Enabled",
    "conditions": {
      "userRiskLevels": [],
      "signInRiskLevels": [],
      "clientAppTypes": ["all"],
      "applications": {
        "includeApplications": ["797f4846-ba77-4853-9e6f-4433c3e1d1c5"],
        "excludeApplications": []
      },
      "users": {
        "includeUsers": ["All"],
        "excludeUsers": ["BreakGlassAdmin@contoso.com"]
      },
      "locations": {
        "includeLocations": ["All"],
        "excludeLocations": ["AllTrusted"]
      }
    },
    "grantControls": {
      "builtInControls": ["mfa"],
      "termsOfUse": [],
      "operator": "OR"
    }
  }
}
```
Question 20hardmultiple choice
Read the full NAT/PAT explanation →

You are the security architect for a multinational corporation that uses Azure Active Directory (Azure AD) and Microsoft 365. The company has recently experienced a security incident where a compromised user account was used to access sensitive data from a legacy application that does not support modern authentication. To mitigate this risk, you have been asked to recommend a set of security best practices and priorities. The environment includes 50,000 users, 200 applications (many legacy), and a hybrid identity setup with Active Directory Domain Services (AD DS) synchronized to Azure AD via Azure AD Connect. The security team wants to reduce the attack surface, enforce least privilege, and improve identity protection. Current issues include: (1) many users have standing admin privileges on workstations, (2) legacy apps use shared service accounts with weak passwords, (3) Conditional Access policies are not applied consistently, and (4) there is no process for reviewing privileged role assignments. Which course of action should you recommend as the highest priority?

Question 21mediumdrag order
Read the full Recommend security best practices and priorities explanation →

Order the steps to configure Azure DDoS Protection Standard for a virtual network.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 22mediumdrag order
Read the full Recommend security best practices and priorities explanation →

Order the steps to configure Azure Policy to enforce tagging on resources.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 23mediummatching
Read the full Recommend security best practices and priorities explanation →

Match each compliance framework to its focus area.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Information security management system

Controls for service organizations

Payment card data security

Protected health information privacy and security

Cloud security for US federal agencies

Question 24mediummatching
Read the full Recommend security best practices and priorities explanation →

Match each Azure policy effect to its behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Prevents resource creation or update

Creates a warning event in activity log

Adds fields to resource during creation

Changes existing resource properties

Deploys a resource if it does not exist

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-100 Practice Test 1 — 10 Questions→SC-100 Practice Test 2 — 10 Questions→SC-100 Practice Test 3 — 10 Questions→SC-100 Practice Test 4 — 10 Questions→SC-100 Practice Test 5 — 10 Questions→SC-100 Practice Exam 1 — 20 Questions→SC-100 Practice Exam 2 — 20 Questions→SC-100 Practice Exam 3 — 20 Questions→SC-100 Practice Exam 4 — 20 Questions→Free SC-100 Practice Test 1 — 30 Questions→Free SC-100 Practice Test 2 — 30 Questions→Free SC-100 Practice Test 3 — 30 Questions→SC-100 Practice Questions 1 — 50 Questions→SC-100 Practice Questions 2 — 50 Questions→SC-100 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design solutions that align with security best practices and prioritiesDesign security operations, identity, and compliance capabilitiesDesign security solutions for infrastructureDesign a Zero Trust strategy and architectureDesign security solutions for applications and dataEvaluate GRC and security operations strategiesDesign security for infrastructureDesign a strategy for data and applicationsRecommend security best practices and priorities

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Recommend security best practices and priorities setsAll Recommend security best practices and priorities questionsSC-100 Practice Hub