Design solutions that align with security best practices and priorities
Drill 20 practice questions focused entirely on Design solutions that align with security best practices and priorities for the Microsoft SC-100 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A global manufacturing company is building out its Azure environment following the Cloud Adoption Framework enterprise-scale landing zone architecture. Multiple application teams need to provision their own subscriptions rapidly, but the security architect must ensure every new subscription automatically inherits network topology, Microsoft Defender for Cloud plans, diagnostic logging to a central Log Analytics workspace, and required policy guardrails without manual configuration by the platform team. Which approach best satisfies these requirements while enabling team autonomy?
A financial services company is designing a business continuity and disaster recovery (BCDR) strategy to recover from a destructive ransomware attack that could encrypt both production workloads and the identity infrastructure. The security architect must define the recovery sequence to ensure that restored systems can be trusted and reconnected safely. Which recovery approach should the architect prioritize first in the restoration plan?
A financial services company is adopting the Cloud Adoption Framework (CAF) to govern their Azure migration. Their development teams release code multiple times per day using Azure DevOps pipelines. Leadership wants security embedded into the software delivery lifecycle so that vulnerabilities are caught before deployment, without creating a separate late-stage security gate that slows releases. As the cybersecurity architect, which approach best aligns with CAF's Secure methodology and DevSecOps principles?
A financial services company is deploying Microsoft 365 Copilot to boost employee productivity. During pre-deployment testing, the security architect discovers that Copilot can surface sensitive documents (containing PII and financial records) to users who technically have SharePoint access but should not view them, due to years of accumulated permission sprawl and broad sharing links. Leadership wants to proceed with deployment but demands that Copilot not become a vector for data oversharing. Following Microsoft Cybersecurity Reference Architecture (MCRA) guidance for secure AI adoption, which approach should the architect prioritize FIRST?
A financial services company runs production workloads across Azure, AWS, and Google Cloud. The CISO wants a unified security architecture that aligns with the Microsoft Cybersecurity Reference Architectures (MCRA). The security team needs continuous posture assessment, threat detection for cloud workloads, and a single pane of glass for security findings across all three clouds, while minimizing the deployment of duplicate tooling per cloud. Which design approach best aligns with MCRA guidance for this multicloud requirement?
A financial services company is finalizing its privileged access strategy based on the Microsoft Cybersecurity Reference Architectures (MCRA). Tier 0 administrators (domain admins, Entra ID Global Admins, and cloud subscription owners) currently perform administrative tasks from their standard corporate laptops, which are also used for email and web browsing. Security architects want to eliminate the risk of credential theft and keylogging malware compromising these high-value identities. Which design should they recommend as the primary control for Tier 0 administrative access?
A financial services company has just recovered from a ransomware incident where attackers compromised a domain admin account through credential theft. The CISO wants to follow Microsoft's guidance to systematically reduce privileged access risk. She asks the security architect which framework and initial focus to adopt to prioritize the fastest reduction in privileged access attack surface. Which recommendation best aligns with the Microsoft Cybersecurity Reference Architectures (MCRA)?
A financial services company has deployed Microsoft Defender for Cloud across its Azure and AWS environments. The CISO wants a repeatable, measurable way to prioritize security investments over the next four quarters, aligning technical remediation with the Microsoft Cloud Security Benchmark (MCSB) and demonstrating progressive risk reduction to the board. Security engineers currently chase individual alerts with no consistent prioritization. Which approach should the security architect recommend to establish a data-driven remediation roadmap?
A global manufacturing company is designing its security operations capability based on the Microsoft Cybersecurity Reference Architectures (MCRA). The CISO wants the SOC to consume curated threat intelligence that automatically enriches detections and enables proactive hunting across email, endpoints, identities, and cloud apps. The architecture must minimize custom integration effort and use Microsoft's native, vendor-provided intelligence feeds. Which design approach best aligns with the MCRA for integrating threat intelligence into security operations?
A financial services company is designing its security operations center (SOC) tooling strategy. They already use Microsoft Defender XDR for endpoint, identity, email, and cloud app signals, and they need a centralized platform to correlate these XDR alerts with logs from third-party network firewalls, on-premises Active Directory Federation Services, and custom line-of-business applications for organization-wide threat hunting and long-term retention. Based on the Microsoft Cybersecurity Reference Architecture (MCRA), which design approach best meets these requirements?
A financial services company is designing a new customer-facing microservices platform on Azure. The security architect wants to ensure the design embodies the three foundational Zero Trust guiding principles as defined in the Microsoft Cybersecurity Reference Architectures. Which combination of design decisions BEST reflects all three core Zero Trust principles (verify explicitly, use least-privilege access, assume breach)?
A financial services company is standardizing its security architecture using the Microsoft Cybersecurity Reference Architectures (MCRA). The CISO wants a single visual model that shows how Microsoft's security capabilities map across identity, endpoints, apps, data, infrastructure, and network — and explicitly demonstrates how Zero Trust user access flows are enforced end-to-end. Which MCRA component should the security architect present to illustrate how signals, policy enforcement, and threat protection integrate to secure user access across all resource types?
A financial services company is standardizing its Azure DevOps CI/CD pipelines across multiple product teams. Security reviews revealed that developers occasionally commit hardcoded credentials and connection strings into source repositories, and that vulnerable open-source dependencies reach production. The chief security architect wants to design a DevSecOps solution aligned with the Microsoft Cloud Security Benchmark (MCSB) DevOps Security control domain that shifts detection as early as possible in the development lifecycle. Which approach best satisfies this requirement?
A financial services organization is building its Azure security program using the Microsoft Cloud Security Benchmark (MCSB) as the control framework. The CISO wants to ensure the organization can respond effectively to security incidents in Azure. She asks the security architect which MCSB Incident Response (IR) preparation activities should be established BEFORE any incident occurs. Which recommendation aligns with the MCSB Incident Response control domain's preparation guidance?
A financial services company is deploying a new set of internet-facing web applications in Azure. The security architect must ensure the design conforms to the Microsoft Cloud Security Benchmark (MCSB) so it can be audited against a recognized control framework. During design review, the compliance team asks which MCSB control domain governs the requirement to enable and centralize security-relevant logs so that threat detection and incident investigation are possible across all Azure resources. Which MCSB control domain should the architect cite to satisfy this requirement?
A financial services company runs workloads across Azure, AWS, and Google Cloud. The CISO wants a single strategy, aligned with the Microsoft Cloud Security Benchmark (MCSB), to continuously measure the security posture of all three clouds against a consistent set of controls, identify misconfigurations, and prioritize remediation using attack-path context. The solution must minimize the number of separate tools the security team must operate. Which approach best meets these requirements?
A financial services company runs workloads across Azure and AWS. The CISO wants a single, consistent set of security controls that can be measured across both clouds, mapped to industry frameworks like CIS and NIST, and continuously assessed for drift. The architect is asked to recommend an approach that aligns with Microsoft's prescriptive guidance for defining and enforcing these controls. Which approach best meets these requirements?
A financial services company is deploying an Azure landing zone using the Cloud Adoption Framework enterprise-scale architecture. During a tabletop ransomware exercise, the security team discovers that domain administrators use the same workstations for email, web browsing, and administering both on-premises Active Directory and Azure privileged roles. The CISO wants to prioritize privileged access hardening as the first control to reduce the blast radius of a credential-theft attack. Following Microsoft's Enterprise Access Model and MCRA guidance, which approach should you recommend?
A financial services company is designing its ransomware resiliency strategy. During a tabletop exercise, the security architect notes that a recent industry breach began with credential theft that let attackers disable backups and encrypt domain controllers before any data was touched. Executive leadership asks the architect to identify which capability should receive the highest priority investment to reduce the likelihood that a future ransomware campaign can achieve organization-wide impact. Which recommendation best aligns with Microsoft's ransomware resiliency guidance in the MCRA?
A financial services company is designing a ransomware resiliency strategy for its Azure workloads and on-premises file servers. Recent threat intelligence shows attackers frequently attempt to delete or encrypt backups before triggering the primary ransomware payload. The security architect must ensure backup data cannot be modified or deleted by an attacker who compromises a privileged administrator account, while still meeting recovery time objectives. Which approach BEST addresses this requirement?
More SC-100 practice
Keep going with the other Microsoft Cybersecurity Architect Expert domains, or take a full timed mock exam.
← Back to SC-100 overview