SC-100 cheat sheet
A one-page reference for the Microsoft Cybersecurity Architect Expert exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
Microsoft
Level
Expert
Questions
60
Time
120 min
Mock pass mark
70%
Domains
4
Practice Qs
158
Code
SC-100
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- Zero Trust
- Zero Trust is a security model that assumes breach and verifies each request explicitly rather than trusting anything inside a perimeter. SC-100 requires designing solutions that follow Zero Trust principles.
- MCRA
- The Microsoft Cybersecurity Reference Architectures (MCRA) are Microsoft's reference diagrams and guidance for designing security capabilities. SC-100 covers designing solutions that align with the MCRA.
- MCSB
- The Microsoft Cloud Security Benchmark (MCSB) is a set of security best-practice controls for cloud workloads. SC-100 covers aligning designs and AI solutions with the MCSB.
- Cloud Adoption Framework
- The Microsoft Cloud Adoption Framework for Azure (CAF) is guidance for strategy, governance, and secure adoption of Azure. SC-100 covers designing security and governance based on the CAF and Well-Architected Framework.
- Azure landing zone
- An Azure landing zone is a pre-configured, governed environment that applies security and governance baselines for workloads. SC-100 covers designing solutions for governing security using landing zones.
- Microsoft Defender for Cloud
- Microsoft Defender for Cloud is a service providing cloud security posture management and workload protection across Azure, hybrid, and multicloud. SC-100 covers evaluating posture and workload protection with it.
- Secure Score
- Microsoft Secure Score is a measurement of an organization's security posture with recommendations to improve it. SC-100 covers evaluating posture using Secure Score.
- Microsoft Sentinel
- Microsoft Sentinel is a cloud-native SIEM and SOAR platform. SC-100 covers designing detection, response, and security orchestration solutions that include Sentinel and Defender XDR.
- Microsoft Defender XDR
- Microsoft Defender XDR is an extended detection and response suite unifying signals across endpoints, identities, email, and cloud apps. SC-100 covers designing XDR-based security operations.
- MITRE ATT&CK
- MITRE ATT&CK is a knowledge base of adversary tactics and techniques used to evaluate detection coverage. SC-100 covers designing and evaluating threat-detection coverage using ATT&CK matrices.
- Privileged Identity Management
- Privileged Identity Management (PIM) provides just-in-time, approval-based access to privileged roles in Microsoft Entra. SC-100 covers evaluating PIM within a privileged-access design.
- Enterprise access model
- The enterprise access model is Microsoft's framework for structuring and tiering privileged access. SC-100 covers designing role assignment and delegation using it.
- Microsoft Purview
- Microsoft Purview is a suite of data governance and compliance solutions covering classification, DLP, and audit. SC-100 covers designing solutions to address compliance requirements with Purview.
- Azure Key Vault
- Azure Key Vault is a service for securely storing and controlling access to secrets, keys, and certificates. SC-100 covers designing data-encryption solutions that include Key Vault.