Back to Microsoft Cybersecurity Architect questions

Scenario-based practice

Hard Difficulty Questions

Practise Microsoft Cybersecurity Architect practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
SC-100
exam code
Microsoft
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related SC-100 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Design solutions that align with security best practices and priorities practice questions

Practise SC-100 questions linked to Design solutions that align with security best practices and priorities.

Design security operations, identity, and compliance capabilities practice questions

Practise SC-100 questions linked to Design security operations, identity, and compliance capabilities.

Design security solutions for infrastructure practice questions

Practise SC-100 questions linked to Design security solutions for infrastructure.

Design a Zero Trust strategy and architecture practice questions

Practise SC-100 questions linked to Design a Zero Trust strategy and architecture.

Design security solutions for applications and data practice questions

Practise SC-100 questions linked to Design security solutions for applications and data.

Evaluate GRC and security operations strategies practice questions

Practise SC-100 questions linked to Evaluate GRC and security operations strategies.

Design security for infrastructure practice questions

Practise SC-100 questions linked to Design security for infrastructure.

Design a strategy for data and applications practice questions

Practise SC-100 questions linked to Design a strategy for data and applications.

Recommend security best practices and priorities practice questions

Practise SC-100 questions linked to Recommend security best practices and priorities.

SC-100 fundamentals practice questions

Practise SC-100 questions linked to SC-100 fundamentals.

SC-100 scenario practice questions

Practise SC-100 questions linked to SC-100 scenario.

SC-100 troubleshooting practice questions

Practise SC-100 questions linked to SC-100 troubleshooting.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

Refer to the exhibit. You are reviewing a Conditional Access policy in Azure AD. The policy requires MFA and a compliant device for all users and all cloud apps. Some users report that they are able to access apps without being prompted for MFA even though their devices are compliant. What is the most likely reason?

Exhibit

{
  "policy": {
    "tenantId": "contoso.onmicrosoft.com",
    "displayName": "Require MFA for all users",
    "state": "enabled",
    "conditions": {
      "applications": {
        "includeApplications": ["All"]
      },
      "users": {
        "includeUsers": ["All"]
      }
    },
    "grantControls": {
      "builtInControls": ["mfa", "compliantDevice"]
    }
  }
}
Question 2hardmultiple choice
Full question →

An organization is implementing a Zero Trust identity strategy. They have a mix of on-premises Active Directory and Azure AD. They want to enforce conditional access policies that require device compliance for accessing sensitive apps. However, some users report that their devices are not being evaluated for compliance even though they are enrolled in Microsoft Intune. What should the organization check first?

Question 3hardmulti select
Full question →

A company is designing a Zero Trust security posture for their Azure environment. They need to assess and improve their security posture. Which TWO actions should they take? (Choose two.)

Question 4hardmulti select
Full question →

A company has a Microsoft Sentinel workspace that ingests data from multiple sources. The SOC team wants to improve the efficiency of investigating incidents by using UEBA capabilities. Which two actions should the team take to enable and configure UEBA in Sentinel?

Question 5hardmultiple choice
Full question →

A company uses Azure Policy to audit storage accounts for secure transfer (HTTPS) enforcement. The policy is set to 'AuditIfNotExists' but compliance shows 0% non-compliant storage accounts even though some accounts have secure transfer disabled. What is the most likely cause?

Question 6hardmultiple choice
Read the full Ansible explanation →

A global organization uses Microsoft Sentinel for SIEM and Microsoft Defender for Cloud for cloud security posture management. The security team notices that critical alerts from Azure Active Directory Identity Protection are not triggering automated response playbooks in Sentinel. The team needs to ensure that all high-severity Identity Protection risk detections automatically create incidents in Sentinel and trigger a playbook to block the user. What should the team configure?

Question 7hardmultiple choice
Full question →

A company has a hybrid identity infrastructure with on-premises Active Directory synchronized to Azure AD using Azure AD Connect. The security team wants to use Microsoft Defender for Identity (MDI) to detect on-premises attacks. They have installed the MDI sensor on all domain controllers. However, they notice that some alerts are missing. What is the most likely cause?

Question 8hardmultiple choice
Full question →

A company deploys Azure Bastion in a VNet. They want to allow a security engineer to connect to a Windows VM in a peered VNet using Azure Bastion. The engineer can see the VM in the portal but cannot connect. Which configuration is most likely missing?

Question 9hardmultiple choice
Read the full VPN explanation →

A company is designing a secure hybrid network architecture. They have an on-premises network connected to Azure via ExpressRoute and a site-to-site VPN as backup. They want to ensure that traffic from Azure to on-premises always uses ExpressRoute when available, but automatically fails over to VPN if ExpressRoute goes down. Which configuration should they implement?

Question 10hardmulti select
Read the full VPN explanation →

Which THREE components are required to implement a secure hybrid network with Azure using a site-to-site VPN?

Question 11hardmulti select
Full question →

A company is designing a data classification strategy for their Azure environment. They need to identify sensitive data stored in Azure SQL Database. Which TWO solutions should they consider?

Question 12hardmultiple choice
Full question →

A company uses Azure Policy to enforce compliance. They have a custom policy that denies creation of storage accounts without encryption enabled. A developer reports that they cannot create a storage account even though they specified encryption. What is the most likely cause?

Question 13hardmultiple choice
Full question →

A company uses Azure Key Vault to store secrets for their applications. They want to ensure that secrets can be automatically rotated when they are close to expiration. Which solution should they implement?

Question 14hardmultiple choice
Full question →

A company is planning a migration to Azure and wants to ensure that their security operations center (SOC) has visibility into all Azure resources. They need to collect security logs from multiple subscriptions into a central workspace. Which Azure service should they use?

Question 15hardmultiple choice
Full question →

A company uses Azure Security Center and Azure Sentinel. They want to prioritize remediation of vulnerabilities based on risk. Which metric should they use to rank vulnerabilities?

Question 16hardmultiple choice
Full question →

A company is planning their cloud governance strategy. They have multiple business units with varying compliance requirements. They need to enforce policies consistently across subscriptions while allowing some flexibility. Which Azure governance structure should they recommend?

Question 17hardmulti select
Full question →

A company is implementing a Zero Trust security model using Microsoft 365 Defender. Which THREE of the following are key principles they should follow?

Question 18hardmulti select
Full question →

Which THREE of the following are best practices for securing Azure Kubernetes Service (AKS)?

Question 19hardmulti select
Full question →

Which TWO of the following are true about Azure Policy initiatives?

Question 20hardmultiple choice
Full question →

A company is designing a security operations strategy. They want to use Microsoft Sentinel to detect and respond to threats across their hybrid environment. They need to ensure that logs from all sources are collected cost-effectively and that analysts can easily query data. Which data ingestion strategy should they recommend?

These SC-100 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style SC-100 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.