Back to Microsoft Cybersecurity Architect questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise Microsoft Cybersecurity Architect practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

11
scenario questions
SC-100
exam code
Microsoft
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related SC-100 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Design solutions that align with security best practices and priorities practice questions

Practise SC-100 questions linked to Design solutions that align with security best practices and priorities.

Design security operations, identity, and compliance capabilities practice questions

Practise SC-100 questions linked to Design security operations, identity, and compliance capabilities.

Design security solutions for infrastructure practice questions

Practise SC-100 questions linked to Design security solutions for infrastructure.

Design a Zero Trust strategy and architecture practice questions

Practise SC-100 questions linked to Design a Zero Trust strategy and architecture.

Design security solutions for applications and data practice questions

Practise SC-100 questions linked to Design security solutions for applications and data.

Evaluate GRC and security operations strategies practice questions

Practise SC-100 questions linked to Evaluate GRC and security operations strategies.

Design security for infrastructure practice questions

Practise SC-100 questions linked to Design security for infrastructure.

Design a strategy for data and applications practice questions

Practise SC-100 questions linked to Design a strategy for data and applications.

Recommend security best practices and priorities practice questions

Practise SC-100 questions linked to Recommend security best practices and priorities.

SC-100 fundamentals practice questions

Practise SC-100 questions linked to SC-100 fundamentals.

SC-100 scenario practice questions

Practise SC-100 questions linked to SC-100 scenario.

SC-100 troubleshooting practice questions

Practise SC-100 questions linked to SC-100 troubleshooting.

Practice set

Practice scenarios

Question 1easymultiple choice
Full question →

A company uses Azure Front Door to load balance traffic across two origin servers in different Azure regions. They notice that failover is not working when one origin becomes unhealthy. What is the most likely cause?

Question 2mediumdrag order
Read the full VPN explanation →

Order the steps to troubleshoot an Azure VPN gateway connection failure.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 3mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud to assess the security posture of their Azure subscriptions. They want to ensure that critical recommendations are automatically remediated. They create a workflow automation that triggers a Logic App for specific recommendations. However, the Logic App fails to run. What is the most likely cause?

Question 4easymultiple choice
Full question →

Refer to the exhibit. A security administrator created this Azure Policy definition to prevent unauthorized role assignments. However, SOC analysts are unable to assign the Security Operations Contributor role to new team members. What is the most likely cause?

Exhibit

Refer to the exhibit.
```json
{
  "properties": {
    "displayName": "SecurityOperationsPolicy",
    "description": "Policy to assign Security Operations Contributor role to SOC team.",
    "metadata": {
      "category": "Security Center"
    },
    "parameters": {
      "principalId": {
        "type": "String",
        "metadata": {
          "displayName": "Principal ID"
        }
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Authorization/roleAssignments"
      },
      "then": {
        "effect": "deny",
        "details": {
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/5cbe2b2a-1c3b-4b4d-9b4e-2b5e6f7a8c9d"
          ],
          "exemption": "deny"
        }
      }
    }
  }
}
```
Question 5mediummultiple choice
Full question →

Refer to the exhibit. You are troubleshooting a KQL query in Microsoft Sentinel that is supposed to return alerts for ransomware detections in the last day. The query returns no results, but you know there were ransomware alerts. What is the most likely cause?

Exhibit

Refer to the exhibit.
```kusto
SecurityAlert
| where AlertName == "Malware detected"
| where TimeGenerated > ago(1d)
| extend ThreatFamily = tostring(parse_json(ExtendedProperties).ThreatFamily)
| where ThreatFamily == "Ransomware"
| project TimeGenerated, AlertName, Computer, ThreatFamily
```
Question 6mediummultiple choice
Full question →

A company uses Microsoft Defender XDR and wants to ensure that all devices are reporting to the service. They notice that some devices are not appearing in the device inventory. Which log source should they check first to troubleshoot?

Question 7easymultiple choice
Full question →

Your organization wants to use Microsoft Defender XDR to automatically investigate and respond to alerts. You need to ensure that the solution can autonomously remediate confirmed threats on endpoints, such as quarantining files and isolating devices. What should you enable?

Question 8hardmulti select
Full question →

Your organization uses Microsoft Sentinel and Microsoft Defender XDR. You need to design a solution that investigates and responds to a ransomware incident. Which three actions should you take? (Choose THREE.)

Question 9easymultiple choice
Full question →

Your organization uses Microsoft Purview to manage data governance. The compliance team needs to be able to search for and investigate whether any sensitive data (e.g., credit card numbers) is stored in Microsoft Teams messages. They also need to place a legal hold on specific user's Teams messages for eDiscovery. You need to design the solution. What should you configure?

Question 10mediummultiple choice
Full question →

Refer to the exhibit. You receive an alert from Microsoft Defender for Cloud Apps. You need to investigate this alert in Microsoft Sentinel. Which Microsoft Sentinel feature should you use to visualize the relationship between the user account and the IP address?

Exhibit

{
  "alert": {
    "title": "Suspicious sign-in activity",
    "severity": "Medium",
    "description": "User 'jdoe@contoso.com' signed in from an anonymous IP address (111.222.333.444) using a new browser.",
    "source": "Microsoft Defender for Cloud Apps",
    "entities": [
      {"type": "account", "name": "jdoe@contoso.com"},
      {"type": "ip", "address": "111.222.333.444"}
    ]
  }
}
Question 11hardmultiple choice
Read the full Ansible explanation →

Your company is migrating to a cloud-native security operations center (SOC) using Microsoft Sentinel. You need to design a solution that automatically investigates and remediates common incidents like brute-force attacks on Azure VMs. The solution should use playbooks triggered by analytics rules. Which Microsoft service should you use to create the playbooks, and what is the recommended authentication method?

These SC-100 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style SC-100 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.