Microsoft Practice Test SC-100: Microsoft Cybersecurity Architect

The SC-100 practice test contains 148 questions and covers the following objectives:

• Design solutions that align with best practices for cybersecurity capabilities and controls
• Design solutions that align with best practices for protecting against insider, external, and supply chain attacks
• Design solutions that align with best practices for Zero Trust security, including the Zero Trust Rapid Modernization Plan (RaMP)

• Design a new or evaluate an existing strategy for security and governance based on the Microsoft Cloud Adoption Framework (CAF) for Azure and the Microsoft Azure Well-Architected Framework (WAF)
• Recommend solutions for security and governance based on the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework (WAF)
• Design solutions for implementing and governing security by using Azure landing zones
• Design a DevSecOps process that aligns with best practices in the Microsoft Cloud Adoption Framework (CAF)

• Design a solution for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)
• Design a solution for centralized logging and auditing, including Microsoft Purview Audit
• Design monitoring to support hybrid and multicloud environments
• Design a solution for security orchestration automated response (SOAR), including Microsoft Sentinel and Microsoft Defender XDR
• Design and evaluate security workflows, including incident response, threat hunting, and incident management
• Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and industrial control systems (ICS)

• Design a solution for access to software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), hybrid/on-premises, and multicloud resources, including identity, networking, and application controls
• Design a solution for Microsoft Entra ID, including hybrid and multi-cloud environments
• Design a solution for external identities, including business-to-business (B2B), business-to-customer (B2C), and decentralized identity
• Design a modern authentication and authorization strategy, including Conditional Access, continuous access evaluation, risk scoring, and protected actions
• Validate the alignment of Conditional Access policies with a Zero Trust strategy
• Specify requirements to harden Active Directory Domain Services (AD DS)
• Design a solution to manage secrets, keys, and certificates

• Design a solution for assigning and delegating privileged roles by using the enterprise access model
• Evaluate the security and governance of Microsoft Entra ID, including Microsoft Entra Privileged Identity Management (PIM), entitlement management, and access reviews
• Evaluate the security and governance of Active Directory Domain Services (AD DS), including resilience to common attacks
• Design a solution for securing the administration of cloud tenants, including SaaS and multicloud infrastructure and platforms
• Design a solution for cloud infrastructure entitlement management
• Evaluate an access review management solution
• Design a solution for Privileged Access Workstation (PAW), including remote access

• Translate compliance requirements into security controls
• Design a solution to address compliance requirements by using Microsoft Purview
• Design a solution to address privacy requirements, including Microsoft Priva
• Design Azure Policy solutions to address security and compliance requirements
• Evaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for Cloud

• Evaluate security posture by using Microsoft Defender for Cloud, including the Microsoft cloud security benchmark (MCSB)
• Evaluate security posture by using Microsoft Secure Score
• Design integrated security posture management solutions that include Microsoft Defender for Cloud in hybrid and multi-cloud environments
• Select cloud workload protection solutions in Microsoft Defender for Cloud
• Design a solution for integrating hybrid and multicloud environments by using Azure Arc
• Design a solution for Microsoft Defender External Attack Surface Management (Defender EASM)
• Specify requirements and priorities for a posture management process that uses Microsoft Security Exposure Management attack paths, attack surface reduction, security insights, and initiatives

• Specify security requirements for servers, including multiple platforms and operating systems
• Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration
• Specify security requirements for IoT devices and embedded systems
• Evaluate solutions for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoT
• Specify security baselines for server and client endpoints
• Evaluate Windows Local Admin Password Solution (LAPS) solutions

• Specify security baselines for SaaS, PaaS, and IaaS services
• Specify security requirements for IoT workloads
• Specify security requirements for web workloads
• Specify security requirements for containers
• Specify security requirements for container orchestration
• Evaluate solutions that include Azure AI services security

• Evaluate network designs to align with security requirements and best practices
• Evaluate solutions that use Microsoft Entra Internet Access as a secure web gateway
• Evaluate solutions that use Microsoft Entra Internet Access to access Microsoft Services, including cross-tenant configurations
• Evaluate solutions that use Microsoft Entra Private Access

• Evaluate security posture for productivity and collaboration workloads by using metrics, including Microsoft Secure Score
• Evaluate solutions that include Microsoft Defender for Office and Microsoft Defender for Cloud Apps
• Evaluate device management solutions that include Microsoft Intune
• Evaluate solutions for securing data in Microsoft 365 by using Microsoft Purview
• Evaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 services

• Evaluate the security posture of existing application portfolios
• Evaluate threats to business-critical applications by using threat modeling
• Design and implement a full lifecycle strategy for application security
• Design and implement standards and practices for securing the application development process
• Map technologies to application security requirements
• Design a solution for workload identity to authenticate and access Azure cloud resources
• Design a solution for API management and security
• Design solutions that secure applications by using Azure Web Application Firewall (WAF)

• Evaluate solutions for data discovery and classification
• Specify priorities for mitigating threats to data
• Evaluate solutions for encryption of data at rest and in transit, including Azure KeyVault and infrastructure encryption
• Design a security solution for data in Azure workloads, including Azure SQL, Azure Synapse Analytics, and Azure Cosmos DB
• Design a security solution for data in Azure Storage
• Design a security solution that includes Microsoft Defender for Storage and Microsoft Defender for Databases

Notes:

• The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
• Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.