SC-100 · topic practice

Design a strategy for data and applications practice questions

Practise Microsoft Cybersecurity Architect Design a strategy for data and applications practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Design a strategy for data and applications

What the exam tests

What to know about Design a strategy for data and applications

Design a strategy for data and applications questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Design a strategy for data and applications exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Design a strategy for data and applications questions

20 questions · select your answer, then reveal the explanation

A company is designing a data protection strategy for Azure SQL Database. They need to ensure that backups are retained for 7 years to meet regulatory compliance. Which Azure feature should they use?

A company deploys Azure App Service with a custom domain and SSL certificate. They want to enforce HTTPS only. Which configuration setting should they enable?

A company uses Azure Policy to audit storage accounts for secure transfer (HTTPS) enforcement. The policy is set to 'AuditIfNotExists' but compliance shows 0% non-compliant storage accounts even though some accounts have secure transfer disabled. What is the most likely cause?

A company is designing a microservices architecture on Azure Kubernetes Service (AKS). They need to secure communication between services using mutual TLS (mTLS). Which solution should they implement?

Question 5easymulti select
Read the full VPN explanation →

A company stores sensitive data in Azure Blob Storage. They want to prevent data exfiltration by blocking public access and restricting network access to only their on-premises data center via VPN. Which two features should they use?

A company uses Azure Key Vault to store secrets for their applications. They want to ensure that secrets can be automatically rotated when they are close to expiration. Which solution should they implement?

A company is migrating on-premises applications to Azure. They need to ensure that applications can use their existing Active Directory credentials for authentication. Which Azure service should they use?

A company wants to protect their Azure App Service web application from common web vulnerabilities like SQL injection and XSS. Which Azure service should they enable?

A company is designing a data classification strategy for their Azure environment. They need to identify sensitive data stored in Azure SQL Database. Which TWO solutions should they consider?

A company uses Azure Storage for sensitive data. They need to ensure that data is encrypted at rest and that encryption keys are managed by the customer (Customer-Managed Keys). Which THREE actions are required?

A company is designing a secure DevOps pipeline for deploying Azure App Service applications. They need to ensure that secrets are not exposed in source code. Which TWO practices should they implement?

Question 12hardmultiple choice
Read the full NAT/PAT explanation →

You are the security architect for Contoso Ltd., a company that runs a critical e-commerce application on Azure Kubernetes Service (AKS). The application consists of multiple microservices that communicate over HTTP. The application uses Azure SQL Database for transactional data and Azure Redis Cache for session state. Recently, a security audit revealed that several microservices are vulnerable to SQL injection attacks because they construct SQL queries by concatenating user input. Additionally, the Redis cache is exposed to the internet with no firewall rules, and the connection string is stored in plain text in the application configuration file. The development team is concerned about performance and wants to minimize changes to the codebase. You need to design a strategy to mitigate these vulnerabilities with minimal code changes. Which of the following is the best course of action?

A company uses Azure App Service to host a web application that stores sensitive data in Azure SQL Database. The security team requires that data at rest in the database be encrypted using a customer-managed key stored in Azure Key Vault. The key must be rotated automatically every 90 days. What is the recommended approach to meet these requirements?

Question 14hardmulti select
Read the full NAT/PAT explanation →

A multinational corporation is designing a data classification strategy for Microsoft 365. They have the following requirements: (1) Documents containing financial data must be labeled as 'Confidential' automatically. (2) Labels must be applied based on content patterns, such as credit card numbers. (3) The solution must work across Exchange Online, SharePoint Online, and OneDrive for Business. Which two components are essential?

A security administrator applies the Azure Policy definition shown in the exhibit to a management group containing multiple subscriptions. After the policy is assigned, a development team reports they cannot create a new storage account in their subscription. What is the most likely cause?

Exhibit

Refer to the exhibit.

{
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Storage/storageAccounts"
        },
        {
          "field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
          "equals": "false"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}

A company is designing an application architecture using Azure Kubernetes Service (AKS) and Azure Cosmos DB. The application requires that secrets (database connection strings) be injected into pods securely without storing them in the container image. The solution must minimize management overhead. What is the recommended approach?

A company uses Azure SQL Database and needs to implement column-level encryption for a column containing social security numbers (SSNs). The encryption must use a customer-managed key stored in Azure Key Vault. The application queries this column using parameterized queries. Which technology should be used?

A company is planning to use Azure Logic Apps to integrate multiple SaaS applications. The workflow will process sensitive customer data and must comply with data residency requirements, ensuring that data does not leave a specific Azure region. The solution must minimize latency. What is the recommended deployment strategy?

Order the steps to respond to a Microsoft Defender for Cloud security alert.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Order the steps to perform a disaster recovery failover of an Azure VM to a secondary region using Azure Site Recovery.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Design a strategy for data and applications sessions

Start a Design a strategy for data and applications only practice session

Every question in these sessions is drawn from the Design a strategy for data and applications domain — nothing else.

Related practice questions

Related SC-100 topic practice pages

Move into related areas when this topic feels solid.

Design solutions that align with security best practices and priorities practice questions

Practise SC-100 questions linked to Design solutions that align with security best practices and priorities.

Design security operations, identity, and compliance capabilities practice questions

Practise SC-100 questions linked to Design security operations, identity, and compliance capabilities.

Design security solutions for infrastructure practice questions

Practise SC-100 questions linked to Design security solutions for infrastructure.

Design a Zero Trust strategy and architecture practice questions

Practise SC-100 questions linked to Design a Zero Trust strategy and architecture.

Design security solutions for applications and data practice questions

Practise SC-100 questions linked to Design security solutions for applications and data.

Evaluate GRC and security operations strategies practice questions

Practise SC-100 questions linked to Evaluate GRC and security operations strategies.

Design security for infrastructure practice questions

Practise SC-100 questions linked to Design security for infrastructure.

Design a strategy for data and applications practice questions

Practise SC-100 questions linked to Design a strategy for data and applications.

Recommend security best practices and priorities practice questions

Practise SC-100 questions linked to Recommend security best practices and priorities.

SC-100 fundamentals practice questions

Practise SC-100 questions linked to SC-100 fundamentals.

SC-100 scenario practice questions

Practise SC-100 questions linked to SC-100 scenario.

SC-100 troubleshooting practice questions

Practise SC-100 questions linked to SC-100 troubleshooting.

Frequently asked questions

What does the SC-100 exam test about Design a strategy for data and applications?
Design a strategy for data and applications questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Design a strategy for data and applications questions in a focused session?
Yes — the session launcher on this page draws every question from the Design a strategy for data and applications domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SC-100 topics?
Use the topic links above to move to related areas, or go back to the SC-100 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SC-100 exam covers. They are not copied from any real exam or dump site.