Back to Microsoft Cybersecurity Architect questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Microsoft Cybersecurity Architect practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
SC-100
exam code
Microsoft
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related SC-100 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Design solutions that align with security best practices and priorities practice questions

Practise SC-100 questions linked to Design solutions that align with security best practices and priorities.

Design security operations, identity, and compliance capabilities practice questions

Practise SC-100 questions linked to Design security operations, identity, and compliance capabilities.

Design security solutions for infrastructure practice questions

Practise SC-100 questions linked to Design security solutions for infrastructure.

Design a Zero Trust strategy and architecture practice questions

Practise SC-100 questions linked to Design a Zero Trust strategy and architecture.

Design security solutions for applications and data practice questions

Practise SC-100 questions linked to Design security solutions for applications and data.

Evaluate GRC and security operations strategies practice questions

Practise SC-100 questions linked to Evaluate GRC and security operations strategies.

Design security for infrastructure practice questions

Practise SC-100 questions linked to Design security for infrastructure.

Design a strategy for data and applications practice questions

Practise SC-100 questions linked to Design a strategy for data and applications.

Recommend security best practices and priorities practice questions

Practise SC-100 questions linked to Recommend security best practices and priorities.

SC-100 fundamentals practice questions

Practise SC-100 questions linked to SC-100 fundamentals.

SC-100 scenario practice questions

Practise SC-100 questions linked to SC-100 scenario.

SC-100 troubleshooting practice questions

Practise SC-100 questions linked to SC-100 troubleshooting.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each Azure network security feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Stateful packet filtering at subnet or NIC

Managed, cloud-native firewall with threat intelligence

Protects web apps from common exploits

Always-on traffic monitoring and mitigation

Access PaaS services over private endpoint

Question 2mediummatching
Full question →

Match each Azure security benchmark control to its category.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Control category for authentication and authorization

Control category for network segmentation and filtering

Control category for encryption and data classification

Control category for audit logs and alerts

Control category for detection and response processes

Question 3mediummatching
Full question →

Match each Zero Trust principle to its implementation in Azure.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Use Conditional Access and MFA

Implement Just-In-Time (JIT) and PIM

Segment networks and use micro-perimeters

Monitor with Azure Sentinel and Defender

Use playbooks and automated remediation

Question 4mediummatching
Full question →

Match each compliance framework to its focus area.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Information security management system

Controls for service organizations

Payment card data security

Protected health information privacy and security

Cloud security for US federal agencies

Question 5mediummatching
Full question →

Match each Microsoft 365 Defender workload to its protection domain.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Endpoint protection

Email and collaboration protection

On-premises identity protection

SaaS application protection

Unified XDR

Question 6mediummatching
Full question →

Match each encryption type to its use case in Azure.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

At-rest encryption for blobs and files

BitLocker-based encryption for VMs

Real-time encryption for SQL databases

Centralized key management service

Encryption in use via TEEs

Question 7mediummatching
Full question →

Match each Azure policy effect to its behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Prevents resource creation or update

Creates a warning event in activity log

Adds fields to resource during creation

Changes existing resource properties

Deploys a resource if it does not exist

Question 8mediummatching
Full question →

Match each identity security concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Policy engine to enforce access controls

Just-in-time privileged role activation

Detect and remediate identity risks

Azure AD identity for Azure resources

Identity for applications in Azure AD

Question 9mediummatching
Full question →

Match each security operations tool to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Security information and event management

Extended detection and response (XDR)

Cloud security posture management

Identity risk detection and remediation

Data governance and compliance

Question 10mediummatching
Full question →

Match each Azure security capability to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SIEM and SOAR

Cloud security posture management

Risk-based conditional access

Manage secrets, keys, and certificates

Mitigate distributed denial-of-service attacks

These SC-100 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style SC-100 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.