SC-100 · topic practice

Design security solutions for applications and data practice questions

Practise Microsoft Cybersecurity Architect Design security solutions for applications and data practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Design security solutions for applications and data

What the exam tests

What to know about Design security solutions for applications and data

Design security solutions for applications and data questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Design security solutions for applications and data exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Design security solutions for applications and data questions

20 questions · select your answer, then reveal the explanation

Your organization is deploying a new line-of-business application on Azure App Service. The app must authenticate users from Microsoft Entra ID and also access a downstream API that requires a client secret. You need to recommend the most secure method for managing the client secret. What should you use?

Your company uses Microsoft Defender for Cloud to protect Azure resources. A critical application uses an Azure SQL Database. You need to ensure that all queries to the database are encrypted in transit and that the encryption protocol is the most secure version available. Which configuration should you enforce?

Your organization stores sensitive customer data in Azure Blob Storage. You need to implement data classification and labeling using Microsoft Purview. Which resource should you use to automatically scan and classify the data?

A company uses Microsoft Entra ID to authenticate users for a web application. They want to enable self-service password reset (SSPR) for users. What is the minimum licensing requirement?

Your organization uses Microsoft Defender for Cloud to protect Azure SQL databases. You notice that a particular database is flagged with a high-severity recommendation to enable 'Advanced Data Security'. What does enabling Advanced Data Security provide?

Your company is designing a solution to store sensitive documents in Azure Files. The files must be encrypted at rest and in transit. Which two configurations are required? (Each correct answer presents part of the solution.)

Your organization uses Microsoft Purview Information Protection to label and protect sensitive emails and documents. You need to ensure that when a user applies a 'Highly Confidential' label, the content is automatically encrypted and a watermark is added. Which configuration should you use?

A company uses Azure API Management to expose backend APIs. They need to implement OAuth 2.0 authorization with Microsoft Entra ID. The APIs are called by a SPA application. Which OAuth 2.0 grant type should be used?

Your organization is planning to use Microsoft Sentinel for security information and event management (SIEM). You need to ingest security logs from on-premises Active Directory. What should you deploy?

Your company is developing a microservices application that will run on Azure Kubernetes Service (AKS). The application must authenticate to Azure SQL Database using managed identities. Which type of managed identity should you assign to the AKS cluster?

Your organization uses Azure Cosmos DB with SQL API. You need to implement data encryption at rest and control access to the encryption keys. Which two actions should you take? (Choose two.)

Your company uses Microsoft Intune to manage mobile devices. You need to protect corporate data on mobile devices by ensuring that work files are encrypted and not accessible by personal apps. What three configurations should you implement? (Choose three.)

Question 13mediummulti select
Study the full ACL explanation →

Your organization uses Azure Data Lake Storage Gen2 for big data analytics. You need to secure access to the data using Azure RBAC and ACLs. Which two methods can you use to authorize access? (Choose two.)

Refer to the exhibit. You are reviewing an Azure Policy definition that uses a 'modify' effect. The policy is intended to automatically enable transparent data encryption (TDE) on Azure SQL databases after they are created. Which condition must be met for the modify effect to work?

Exhibit

{
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Sql/servers/databases"
        },
        {
          "field": "Microsoft.Sql/servers/databases/transparentDataEncryption.status",
          "equals": "Disabled"
        }
      ]
    },
    "then": {
      "effect": "modify",
      "details": {
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/..."
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "Microsoft.Sql/servers/databases/transparentDataEncryption.status",
            "value": "Enabled"
          }
        ]
      }
    }
  }
}

Refer to the exhibit. You are analyzing sign-in failures in Microsoft Sentinel using a KQL query. What does this query identify?

Exhibit

KQL query:
SecurityEvent
| where TimeGenerated > ago(7d)
| where EventID == 4625
| summarize FailedLogons = count() by Account, Computer
| where FailedLogons > 10

Your organization uses Microsoft Defender for Cloud to protect Azure resources. You need to ensure that only authorized applications can access Azure Key Vault secrets. The solution must use managed identities and least privilege. What should you configure?

You are designing a data classification strategy for Microsoft Purview. The compliance team requires that documents containing personally identifiable information (PII) like credit card numbers are automatically labeled and encrypted when stored in Microsoft SharePoint Online. The solution must use built-in sensitive information types. What should you include in the design?

Your company uses Microsoft Defender for Cloud Apps to discover and control shadow IT. You need to block the use of a newly discovered unsanctioned cloud storage app that poses a high risk. What should you configure?

You are designing an API management solution using Azure API Management. The security team requires that all API calls must be authenticated using OAuth 2.0 and that only specific Azure AD applications can access the APIs. Additionally, the solution must support rate limiting and IP filtering. What should you configure?

Your organization uses Microsoft Defender for Endpoint (MDE) for endpoint detection and response. You need to protect sensitive data on Windows 10 devices from being exfiltrated via USB drives. The solution must be able to audit file copy operations to USB and block them for high-risk users. What should you configure?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Design security solutions for applications and data sessions

Start a Design security solutions for applications and data only practice session

Every question in these sessions is drawn from the Design security solutions for applications and data domain — nothing else.

Related practice questions

Related SC-100 topic practice pages

Move into related areas when this topic feels solid.

Design solutions that align with security best practices and priorities practice questions

Practise SC-100 questions linked to Design solutions that align with security best practices and priorities.

Design security operations, identity, and compliance capabilities practice questions

Practise SC-100 questions linked to Design security operations, identity, and compliance capabilities.

Design security solutions for infrastructure practice questions

Practise SC-100 questions linked to Design security solutions for infrastructure.

Design a Zero Trust strategy and architecture practice questions

Practise SC-100 questions linked to Design a Zero Trust strategy and architecture.

Design security solutions for applications and data practice questions

Practise SC-100 questions linked to Design security solutions for applications and data.

Evaluate GRC and security operations strategies practice questions

Practise SC-100 questions linked to Evaluate GRC and security operations strategies.

Design security for infrastructure practice questions

Practise SC-100 questions linked to Design security for infrastructure.

Design a strategy for data and applications practice questions

Practise SC-100 questions linked to Design a strategy for data and applications.

Recommend security best practices and priorities practice questions

Practise SC-100 questions linked to Recommend security best practices and priorities.

SC-100 fundamentals practice questions

Practise SC-100 questions linked to SC-100 fundamentals.

SC-100 scenario practice questions

Practise SC-100 questions linked to SC-100 scenario.

SC-100 troubleshooting practice questions

Practise SC-100 questions linked to SC-100 troubleshooting.

Frequently asked questions

What does the SC-100 exam test about Design security solutions for applications and data?
Design security solutions for applications and data questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Design security solutions for applications and data questions in a focused session?
Yes — the session launcher on this page draws every question from the Design security solutions for applications and data domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SC-100 topics?
Use the topic links above to move to related areas, or go back to the SC-100 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SC-100 exam covers. They are not copied from any real exam or dump site.