SC-100 cheat sheet

A one-page reference for the Microsoft Cybersecurity Architect Expert exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
Microsoft
Level
Expert
Questions
60
Time
120 min
Mock pass mark
70%
Domains
4
Practice Qs
158
Code
SC-100

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

Zero Trust
Zero Trust is a security model that assumes breach and verifies each request explicitly rather than trusting anything inside a perimeter. SC-100 requires designing solutions that follow Zero Trust principles.
MCRA
The Microsoft Cybersecurity Reference Architectures (MCRA) are Microsoft's reference diagrams and guidance for designing security capabilities. SC-100 covers designing solutions that align with the MCRA.
MCSB
The Microsoft Cloud Security Benchmark (MCSB) is a set of security best-practice controls for cloud workloads. SC-100 covers aligning designs and AI solutions with the MCSB.
Cloud Adoption Framework
The Microsoft Cloud Adoption Framework for Azure (CAF) is guidance for strategy, governance, and secure adoption of Azure. SC-100 covers designing security and governance based on the CAF and Well-Architected Framework.
Azure landing zone
An Azure landing zone is a pre-configured, governed environment that applies security and governance baselines for workloads. SC-100 covers designing solutions for governing security using landing zones.
Microsoft Defender for Cloud
Microsoft Defender for Cloud is a service providing cloud security posture management and workload protection across Azure, hybrid, and multicloud. SC-100 covers evaluating posture and workload protection with it.
Secure Score
Microsoft Secure Score is a measurement of an organization's security posture with recommendations to improve it. SC-100 covers evaluating posture using Secure Score.
Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM and SOAR platform. SC-100 covers designing detection, response, and security orchestration solutions that include Sentinel and Defender XDR.
Microsoft Defender XDR
Microsoft Defender XDR is an extended detection and response suite unifying signals across endpoints, identities, email, and cloud apps. SC-100 covers designing XDR-based security operations.
MITRE ATT&CK
MITRE ATT&CK is a knowledge base of adversary tactics and techniques used to evaluate detection coverage. SC-100 covers designing and evaluating threat-detection coverage using ATT&CK matrices.
Privileged Identity Management
Privileged Identity Management (PIM) provides just-in-time, approval-based access to privileged roles in Microsoft Entra. SC-100 covers evaluating PIM within a privileged-access design.
Enterprise access model
The enterprise access model is Microsoft's framework for structuring and tiering privileged access. SC-100 covers designing role assignment and delegation using it.
Microsoft Purview
Microsoft Purview is a suite of data governance and compliance solutions covering classification, DLP, and audit. SC-100 covers designing solutions to address compliance requirements with Purview.
Azure Key Vault
Azure Key Vault is a service for securely storing and controlling access to secrets, keys, and certificates. SC-100 covers designing data-encryption solutions that include Key Vault.