Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Design a Zero Trust strategy and architecture practice sets

SC-100 Design a Zero Trust strategy and architecture • Complete Question Bank

SC-100 Design a Zero Trust strategy and architecture — All Questions With Answers

Complete SC-100 Design a Zero Trust strategy and architecture question bank — all 0 questions with answers and detailed explanations.

12
Questions
Free
No signup
Certifications/SC-100/Practice Test/Design a Zero Trust strategy and architecture/All Questions
Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a Zero Trust network strategy. They want to ensure that all network traffic between on-premises and Azure is inspected and logged, regardless of source or destination. Which Azure service should they use to achieve this?

Question 2hardmultiple choice
Read the full Design a Zero Trust strategy and architecture explanation →

An organization is implementing a Zero Trust identity strategy. They have a mix of on-premises Active Directory and Azure AD. They want to enforce conditional access policies that require device compliance for accessing sensitive apps. However, some users report that their devices are not being evaluated for compliance even though they are enrolled in Microsoft Intune. What should the organization check first?

Question 3easymultiple choice
Read the full Design a Zero Trust strategy and architecture explanation →

A company is planning their Zero Trust data protection strategy. They want to classify and protect sensitive data stored in SharePoint Online. Which Microsoft tool should they use?

Question 4mediummultiple choice
Read the full Design a Zero Trust strategy and architecture explanation →

A company is implementing a Zero Trust network strategy using Azure Virtual Network Manager (AVNM). They need to ensure that all traffic between virtual networks is encrypted and inspected by a firewall. Which configuration should they use?

Question 5hardmulti select
Read the full Design a Zero Trust strategy and architecture explanation →

A company is designing a Zero Trust security posture for their Azure environment. They need to assess and improve their security posture. Which TWO actions should they take? (Choose two.)

Question 6mediummulti select
Read the full Design a Zero Trust strategy and architecture explanation →

A company is implementing a Zero Trust identity strategy. They want to ensure that only compliant and managed devices can access corporate resources. Which THREE components should they include in their solution? (Choose three.)

Question 7hardmultiple choice
Read the full Design a Zero Trust strategy and architecture explanation →

Refer to the exhibit. You are reviewing a Conditional Access policy in Azure AD. The policy requires MFA and a compliant device for all users and all cloud apps. Some users report that they are able to access apps without being prompted for MFA even though their devices are compliant. What is the most likely reason?

Exhibit

{
  "policy": {
    "tenantId": "contoso.onmicrosoft.com",
    "displayName": "Require MFA for all users",
    "state": "enabled",
    "conditions": {
      "applications": {
        "includeApplications": ["All"]
      },
      "users": {
        "includeUsers": ["All"]
      }
    },
    "grantControls": {
      "builtInControls": ["mfa", "compliantDevice"]
    }
  }
}
Question 8mediummultiple choice
Read the full Design a Zero Trust strategy and architecture explanation →

A company, Fabrikam, has a hybrid identity environment with on-premises Active Directory synchronized to Azure AD using Azure AD Connect. They have implemented a Zero Trust strategy that includes requiring multi-factor authentication (MFA) for all users accessing cloud applications. They use Conditional Access policies to enforce MFA. Recently, they noticed that users who authenticate from the on-premises network are not being prompted for MFA when accessing cloud apps, even though the Conditional Access policy is configured to require MFA for all users. The network location is not excluded in the policy. The Conditional Access policy is enabled and in 'Enforce' mode. The users' devices are not domain-joined. What is the most likely reason for this behavior?

Question 9mediumdrag order
Read the full Design a Zero Trust strategy and architecture explanation →

Order the steps to implement a Microsoft Sentinel data connector for Azure Active Directory logs.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 10mediumdrag order
Study the full multicast explanation →

Order the steps to implement Azure AD Privileged Identity Management (PIM) for a role.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 11mediummatching
Read the full Design a Zero Trust strategy and architecture explanation →

Match each Azure security capability to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SIEM and SOAR

Cloud security posture management

Risk-based conditional access

Manage secrets, keys, and certificates

Mitigate distributed denial-of-service attacks

Question 12mediummatching
Read the full Design a Zero Trust strategy and architecture explanation →

Match each Azure security benchmark control to its category.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Control category for authentication and authorization

Control category for network segmentation and filtering

Control category for encryption and data classification

Control category for audit logs and alerts

Control category for detection and response processes

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-100 Practice Test 1 — 10 Questions→SC-100 Practice Test 2 — 10 Questions→SC-100 Practice Test 3 — 10 Questions→SC-100 Practice Test 4 — 10 Questions→SC-100 Practice Test 5 — 10 Questions→SC-100 Practice Exam 1 — 20 Questions→SC-100 Practice Exam 2 — 20 Questions→SC-100 Practice Exam 3 — 20 Questions→SC-100 Practice Exam 4 — 20 Questions→Free SC-100 Practice Test 1 — 30 Questions→Free SC-100 Practice Test 2 — 30 Questions→Free SC-100 Practice Test 3 — 30 Questions→SC-100 Practice Questions 1 — 50 Questions→SC-100 Practice Questions 2 — 50 Questions→SC-100 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design solutions that align with security best practices and prioritiesDesign security operations, identity, and compliance capabilitiesDesign security solutions for infrastructureDesign a Zero Trust strategy and architectureDesign security solutions for applications and dataEvaluate GRC and security operations strategiesDesign security for infrastructureDesign a strategy for data and applicationsRecommend security best practices and priorities

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Design a Zero Trust strategy and architecture setsAll Design a Zero Trust strategy and architecture questionsSC-100 Practice Hub