Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SC-100 by Microsoft - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.
You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.
What should you include in the recommendation?

A a Microsoft Sentinel data connector
B Azure Event Hubs
C a Microsoft Sentinel workbook
D Azure Data Factory

Question 4

A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the endpoints.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A The client access tokens are refreshed.
B Microsoft Intune reports the endpoints as compliant.
C A new Azure Active Directory (Azure AD) Conditional Access policy is enforced.
D Microsoft Defender for Endpoint reports the endpoints as compliant.

Question 5

HOTSPOT -
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender,
Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question 6

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

A Azure AD Privileged Identity Management (PIM)
B role-based authorization
C resource-based authorization
D Azure AD Multi-Factor Authentication

Question 7

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?

A Microsoft Security Development Lifecycle (SDL)
B Enhanced Security Admin Environment (ESAE)
C Rapid Modernization Plan (RaMP)
D Microsoft Operational Security Assurance (OSA)

Question 8

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend solutions to meet the following requirements:
✑ Ensure that the security operations team can access the security logs and the operation logs.
✑ Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two solutions should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A a custom collector that uses the Log Analytics agent
B the Azure Monitor agent
C resource-based role-based access control (RBAC)
D Azure Active Directory (Azure AD) Conditional Access policies

Question 9

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

Question 10

HOTSPOT

You are planning the security levels for a security access strategy.

You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA).

Which security level should you configure for each job role? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 11

Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment.

You need to recommend the top three modernization areas to prioritize as part of the plan.

Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A data, compliance, and governance
B infrastructure and development
C user access and productivity
D operational technology (OT) and IoT
E modern security operations

Question 12

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort.
What should you include in the recommendation?

A Azure Monitor webhooks
B Azure Event Hubs
C Azure Functions apps
D Azure Logics Apps

Question 13

HOTSPOT -

For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA).

You need to protect against the following external threats of an attack chain:

• An attacker attempts to exfiltrate data to external websites.
• An attacker attempts lateral movement across domain-joined computers.

What should you include in the recommendation for each threat? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 14

For an Azure deployment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.

You need to recommend a best practice for implementing service accounts for Azure API management.

What should you include in the recommendation?

A application registrations in Azure AD
B managed identities in Azure
C Azure service principals with usernames and passwords
D device registrations in Azure AD
E Azure service principals with certificate credentials

Question 15

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD.

You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.

You plan to remove all the domain accounts from the Administrators groups on the Windows computers.

You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.

What should you include in the recommendation?

A Local Administrator Password Solution (LAPS)
B Azure AD Identity Protection
C Azure AD Privileged Identity Management (PIM)
D Privileged Access Workstations (PAWs)

Question 16

29 DRAG DROP

For a Microsoft cloud environment, you need to recommend a security architecture that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

Which security methodologies should you include in the recommendation? To answer, drag the appropriate methodologies to the correct principles. Each methodology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question 17

You have legacy operational technology (OT) devices and IoT devices.

You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.

Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A active scanning
B threat monitoring
C software patching
D passive traffic monitoring

Question 18

You have an on-premises network and a Microsoft 365 subscription.

You are designing a Zero Trust security strategy.

Which two security controls should you include as part of the Zero Trust solution? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

A Always allow connections from the on-premises network.
B Disable passwordless sign-in for sensitive accounts.
C Block sign-in attempts from unknown locations.
D Block sign-in attempts from noncompliant devices.

Question 19

You are designing a ransomware response plan that follows Microsoft Security Best Practices.

You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files.

What should you include in the recommendation?

A Windows Defender Device Guard
B Microsoft Defender for Endpoint
C Azure Files
D BitLocker Drive Encryption (BitLocker)
E protected folders

Question 20

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.

You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.

What should you recommend?

A a managed identity in Azure
B an Azure AD user account that has role assignments in Azure AD Privileged Identity Management (PIM)
C a group managed service account (gMSA)
D an Azure AD user account that has a password stored in Azure Key Vault

Question 21

You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.

You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.

What should you recommend?

A The nodes must restart after the updates are applied.
B The updates must first be applied to the image used to provision the nodes.
C The AKS cluster version must be upgraded.

Question 22

You have the following on-premises servers that run Windows Server:

• Two domain controllers in an Active Directory Domain Services (AD DS) domain
• Two application servers named Server1 and Server2 that run ASP.NET web apps
• A VPN server named Served that authenticates by using RADIUS and AD DS

End users use a VPN to access the web apps over the internet.

You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

What should you include in the recommendation?

A Publish the web apps by using Azure AD Application Proxy.
B Configure the VPN to use Azure AD authentication.
C Configure connectors and rules in Microsoft Defender for Cloud Apps.
D Configure web protection in Microsoft Defender for Endpoint.

Question 23

Your company is moving a big data solution to Azure.
The company plans to use the following storage workloads:
✑ Azure Storage blob containers
✑ Azure Data Lake Storage Gen2

Azure Storage file shares -

✑ Azure Disk Storage
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A Azure Storage file shares
B Azure Disk Storage
C Azure Storage blob containers
D Azure Data Lake Storage Gen2

Question 24

HOTSPOT -

You have a Microsoft 365 E5 subscription that uses Microsoft Purview, SharePoint Online, and OneDrive for Business.

You need to recommend a ransomware protection solution that meets the following requirements:

• Mitigates attacks that make copies of files, encrypt the copies, and then delete the original files
• Mitigates attacks that encrypt files in place
• Minimizes administrative effort

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 25

You are designing a security operations strategy based on the Zero Trust framework.

You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.

What should you do?

A Enable built-in compliance policies in Azure Policy.
B Enable self-healing in Microsoft 365 Defender.
C Automate data classification.
D Create hunting queries in Microsoft 365 Defender.

Page 1 of 10 • Questions 1-25 of 246

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Your company has a Microsoft 365 ES subscription.
The Chief Compliance Officer plans to enhance privacy management in the working environment.
You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:
✑ Identify unused personal data and empower users to make smart data handling decisions.
✑ Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.
✑ Provide users with recommendations to mitigate privacy risks.
What should you include in the recommendation?

A communication compliance in insider risk management
B Microsoft Viva Insights
C Privacy Risk Management in Microsoft Priva
D Advanced eDiscovery

HOTSPOT -
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel.
The company is designing an application that will have the architecture shown in the following exhibit.

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements:
✑ Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
✑ Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

You need to recommend a solution to isolate the compute components on an Azure virtual network.
What should you include in the recommendation?

A Azure Active Directory (Azure AD) enterprise applications
B an Azure App Service Environment (ASE)
C Azure service endpoints
D an Azure Active Directory (Azure AD) application proxy

SC-100Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

HOTSPOT

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25