Free · No account needed · No credit card

Microsoft Cybersecurity Architect Practice Test

969 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.

Instant feedback after each answer
Full explanations included
Domain score breakdown
Real exam: 120 min
Pass mark: 700%

Sample questions with explanations

This is exactly what you see during practice — question, options, and a full explanation after you answer.

Q1Evaluate GRC and security operations strategiesmedium
Full explanation →

A multinational company is implementing a Zero Trust security model. The security team needs to ensure that all access requests to critical applications are evaluated based on user identity, device health, and real-time risk signals. Which Microsoft solution should they use to centralize policy enforcement?

AMicrosoft Defender for Cloud Apps
Microsoft Entra Conditional AccessCorrect
CAzure AD Identity Protection
DMicrosoft Purview Compliance Manager

Correct answer is C: Microsoft Entra Conditional Access. It evaluates signals like user, device, and location to enforce access policies. Option A (Microsoft Defender for Cloud Apps) is a CASB, not a policy enforcement point for authentication. Option B (Microsoft Purview Complia…Read full explanation

Q2Evaluate GRC and security operations strategieshard
Full explanation →

A company is designing a security operations strategy. They want to use Microsoft Sentinel to detect and respond to threats across their hybrid environment. They need to ensure that logs from all sources are collected cost-effectively and that analysts can easily query data. Which data ingestion strategy should they recommend?

ASend all logs to the Basic logs table to reduce costs.
BSend only Windows Security Events to Sentinel.
CSend all logs to the Analytics logs table for full query capabilities.
Use Analytics logs for high-value security logs and Basic logs for verbose logs with low security value.Correct

Option D is correct because it balances cost and query performance by routing high-value security logs (e.g., Windows Security Events, network logs) to the Analytics logs table for full KQL query capabilities and retention, while sending verbose, low-security-value logs (e.g., DN…Read full explanation

Q3Evaluate GRC and security operations strategieseasy
Full explanation →

A company's security team wants to automate response to common incidents like malware detected on endpoints. They have Microsoft 365 Defender and Microsoft Sentinel. Which feature should they use to create automated playbooks?

AMicrosoft Purview's data loss prevention policies
Microsoft Sentinel automation rules and playbooksCorrect
CAzure Policy
DMicrosoft Defender for Cloud's workflow automation

Microsoft Sentinel's automation rules and playbooks are the correct choice because they are specifically designed to automate incident response by triggering predefined actions (e.g., running a Logic App) when a detection event, such as malware on an endpoint, is ingested from Mi…Read full explanation

Untimed Practice

Answer at your own pace. Explanation and domain tag shown immediately after each answer.

Timed Practice

Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.

Why practice here?

Full explanations on every question

Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.

Domain score breakdown

After each session see your score by exam domain so you know exactly where to focus study time.

100% free, forever

No subscription, no trial, no email wall. Start a session in under 10 seconds.

Exam-style questions

Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.

← All SC-100 questionsSC-100 exam guideStudy guidePractice by domain